Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.

Re: Regular complaints of getting disconnected coming in from students

Here is an update on the latest from TAC.  They looked at the user debug for one of the few students reporting the problem in detail and are attributing the disconnect to "User Idle Timeout".  This was already on our list of suspects and it was interesting to get the same from them.  It does explain some, but not all, of the disconnects.

 

Last week we changed the timeout from default 300 seconds to 600 seconds.  This morning I have doubled it again to 1200 seconds.  Really hoping it does not cause problems in other areas but very curious to see how it goes.

 

I just sent them a user debug of another student from last night that was definitely using his computer to visit different web sites (they included a screen shot of their browser log!) when it (Windows 7 Pro SP1) was disconnected.  The logs showed the reauth but there was nothing leading up to it.  Waiting to hear back.

Super Contributor I

Re: Regular complaints of getting disconnected coming in from students

Make certain that your new user-idle-timeout does not exceed your DHCP max lease time. Otherwise, you could run into issues when the next client attempts to claim that same IP address (assuming you have Prohibit IP spoofing enabled).
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
New Contributor

Re: Regular complaints of getting disconnected coming in from students

Hi All,

I just searched throuh my archive and discovered this .....

 

Description: Macbooks client intermittently getting disconnected

 

Latest Status changed to:
It was found that the client was changing channels (moving to a to g radio) due to radar detected on DFS channel. The AP did not change channels..

Next Action changed to:
Recommendation to mitigate this is to remove DFS channels from regulatory domain profile. TAC is investigating to see if this is a known Apple issue..

 

I also reviewed my Client Match settings and they don't look that different from the defaults.

 

I might not have remembered all the events that surrounded our upgrade to 6.3 correctly. Apologies if I conveyed misleading information.

 

 

Occasional Contributor I

Re: Regular complaints of getting disconnected coming in from students

Taking Ryan's advice one step further, you should coordinate your idle time-out, DHCP lease time, and 802.1X reauth intervals so tha they don't occur at the same time very often.  For example, If your idle timeout is 5 minutes, your reath interval is 10 minutes, and your DHPC time is 20 minutes, two of those will coincide every 10 minutes and all three every 20 minutes.  If you set them to 6 minutes, 11 minutes and 19 minutes, it will be an hour before 2 of them coincide, and a very long time before all three do.

Occasional Contributor II

Re: Regular complaints of getting disconnected coming in from students

I am having the same issues here.  I am running a single 7210 with around 500 AP's.  The complaints started out as gaming consoles and Apple TV's being disconnected every 10 minutes after upgrading from 6.4.1.0 to 6.4.2.2 because of the security flaw. 

 

However, it is not apparent its much more than the gaming consoles and apple TV's.  I have windows machines and OSX devices. 

 

I have noticed on a couple clients through AirWave that they have been moved frequenty due to client match. 

 

Curious if anyone has had any tweaks (not twerks :-) ) that have made a difference.

 

Thanks,
Chris

 

Lee University

Occasional Contributor II

Re: Regular complaints of getting disconnected coming in from students


@cgolden07 wrote:

I am having the same issues here.  I am running a single 7210 with around 500 AP's.  The complaints started out as gaming consoles and Apple TV's being disconnected every 10 minutes after upgrading from 6.4.1.0 to 6.4.2.2 because of the security flaw. 

 

However, it is not apparent its much more than the gaming consoles and apple TV's.  I have windows machines and OSX devices. 

 

I have noticed on a couple clients through AirWave that they have been moved frequenty due to client match. 

 

Curious if anyone has had any tweaks (not twerks :-) ) that have made a difference.

 

Thanks,
Chris

 

Lee University


 

We had noticed the same thing on windows, OSx, and iOS devices.  We worked with TAC on some client match tweaks and even more with a third-party vendor but it did not make much difference at all unfortunately.

Frequent Contributor II

Re: Regular complaints of getting disconnected coming in from students

I'm wondering if you're also facing issues with channel-changes either due to radar-detection (DFS) or ARM doing channel switches due to interference, high-noise or high error-rate. Please note all of these ARM-events and radar-detection are *NOT* client-aware. Channel switches will happen even if clients are connected.

 

At the CLI at the relevant local/master controller:

 

show log wireless all | include Radar

 

show log wireless all | include Noise

 

show log wireless all | include Interference

 

To see channel-switch history for a specific AP: 

 

show ap arm history ap-name <AP>

 

 

Also, we have seen issues with (especially MacOS) clients that do not handle the (background) scanning feature of ARM too well. In a default configuration AP's will be performing background scanning even if clients are connected. In a default configuration scanning will not happen if a voice-call exists on that radio or if 10Mbit/s of bandwidth is being used on that radio.

 

You can either disable ARM-scanning on the ARM-profile, but this is not advised unless you have dedicated AirMonitors in place. You can make a firewall-policy which will disable scanning if certain traffic exists on the radio. For example:

 

ip access-list session allowall
any any any permit disable-scanning
ipv6 any any any permit disable-scanning
!


ACMX#255 | ACDX#742 | ACCX#746 | AMFX#25 | ACMP | ACCP | AWMP
www.securelink.nl
Guru Elite

Re: Regular complaints of getting disconnected coming in from students


@pgemme wrote:

Aaron,

 

I had to double-check the post because I thought I wrote it.  We have roughly the same AP's, same complaints, almost the same controllers (was actually hoping the 7200's were better since we're just M3's still), the same reason for upgrading (chromecast) and running the same ArubaOS.  6.3 didn't seem any better for us and we also have some new AP-104's that we loan out for students in their dorms.

 

This year has been brutal for us.  The prior 7 were great. People want to know what's up with wifi. My best guess at this point:

 

wifi-complaints.png

 

I think there is only so much I can 'fix'.  


pgemme,

 

You are missing a slice for "the real problem" (excellent graph, by the way).  

 

For everyone on this thread who is having issues and it is mission critical; if you are over your head with dealing with a problem, and TAC cannot help you, please consider having a trained professional take a look at it.  Basic troubleshooting and even TAC can only go so far.  Old and incorrect assumptions often cloud and delay defining a problem and getting to a resolution.  Unhelpful user feedback can also sway a situation in the wrong direction.  A trained professional can look at all the facts and narrow things down to something of substance, so that your issues can be defined and systematically dealt with.

 

Every environment is different and many times specific deployments require specific approaches.  That advice normally can only be given by someone who is onsite and gets a full picture of what could be happening.  Basic principles and even best practices can only go so far; those principles and practices need to be modified to suit your specific deployment.

 

Your Aruba Sales team would normally be aware of a go-to professional in your region who would be able to give you the help you need.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor I

Re: Regular complaints of getting disconnected coming in from students

This thread just popped up this morning and it almost describes what we have been seeing now since the start of the semester. I have been working with the TAC & Sales Engineer on this issue and we have adjusted max-retries and max-tx-fail... no change from user perspective. We then removed higher data rates and first reports were things seemed better. Then after a weekend reports that nothing is different.  We are running 6.3.1.13  and we have two  controller setups. 

A Master (3600) with two Local's (6000's), the other is a Master on a 7220 running the same OS. Now we just re-installed all new AP's in two buildings one with AP-225's and the other with AP-115's. These are on the newer controller. Users in these two buildings are not reporting the problem but all the users on the other are and they have been in place for a long time without problems. We are running client match on setups. So far this has peaked my interest and I'm just adding my voice and environment to maybe help figure it out.

 

Ronald R. Gilmore,

 

SUNY

ONEONTA

ITS NETWORKING &

TELECOMMUNICATIONS

 

Occasional Contributor II

Re: Regular complaints of getting disconnected coming in from students

I'm seeing some similar issues to this.

 

One thing I've done different than what I've read here is look at 

 

show ap client trail-info <client MAC>

 

I've been seeing "Ptk Challenge Failed" without "STA has roamed to another AP", :Unspecified Failure", and "Internal Deauth".

 

From what I've seen, Internal Deauth is client match trying to kick the station to another AP, but some clients don't seem to get it (MBP running Yosemite), especially when the kicking AP is .11ac (225) and the next available AP is .11n (135). In this case, I usually see Internal Deauth like 5 or 6 times in a row, every 10 seconds.

 

Generally, you always get a "Ptk Challenge Failed" on a roam, so  you'll see that along with a "STA has roamed to antoher AP". I see it sometimes without, several times in a row. I'm not sure what this means.

 

And, of course, "Unspecified failure" could mean anything.

 

 

 

Hope this helps.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: