What do I do if I experience slow connection times or cannot connect on a 802.1x-enabled SSID?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
We have all seen "weird" behaviors with client devices, and it is often difficult to determine if what we are experiencing is a known issue with the client, driver, supplicant, OS, or even AP.
MAC WLAN "Apple Menu Extra" (AME): That little WLAN icon in your menu bar currently causes some issues with 802.1x authentication, specifically during a key exchange. To build its list of "available networks," a MacBook performs an off-channel scan in the middle of its own dot1x exchange. When this happens, some key exchange packets are missed. In some cases, this issue results in taking a long time to finish the key negotiation and thus get an IP address. In many other cases, the key negotiation fails to complete and the connection is never made. This problem happens in versions up to 10.5.6. To verify this issue, issue this command on the Aruba: "show auth-tracebuf mac <macaddr>", with the MAC address of the client. Do you notice any key message that retries and never completes?
To work around this issue, try these steps:
1) Disable the AME by holding "command," "left-mouse button," and grab the icon and drag it onto desktop. Or disable the AME in Network Preferences.
2) Increase the "key message retry" count in 802.1x-profile on Aruba (try 3).
3) Increase the "delay between Unicast and Group key" in the 802.1x-profile on Aruba (100 ms works).