Security

Hello together,

in our company we do have the problem that some (i think about 5) MacBooks cant authenticate in our company WLAN via Remote Access Point. This problem only occurs in Home Office and RAPs in the Head Quarter and normal Access Points all is fine.

We tried this with different RAPs and different Home Offices everywhere the same problem. Our Windows Clients all are fine.

In the Controller Log i can see some Authentication Timeouts from the radius server. But i dont see a issue in my radius or WLAN Controller because in the HQ evrything is fine. We use 802.1X authentication in both situations. 

This Problem is only on some MacBooks we have also MacBooks that are fine.

Controller:

Aruba7210

6.5.3.6

RAPs:

RAP-3WNP and AP-203-RP-RW

Radius:

Windows NPS

Server 2008 R2

I attached some Logs from the Controller and the MAC Client.

Hope you have an idea.

Thank you. 

Best regards

Attachment(s)

controller_log.txt   19 KB 1 version

macboox_log.txt   4 KB 1 version

1. Have you tried swapping out the RAP at (1) location and still see the same results?
2. Have you tried taking a working Macbook to that same location and does it continue to work or stop working? 
3. Have you tried taking the non-working Macbook to another location and does it do the same thing? 
4. Are all the non-working RAPs the same AP group? 
5. Are there other RAP/Macbook's working that are in the same AP group as non-working ones?

I think we need to positively identify what is working and not working in this equation before diving in any further. Could be a number of things at this point, not enough testing/info to say for sure what it could be. Some of those questions will help narrow down if it's RAP, Controller, Macbook, Site, etc. that is the problem and can go from there.

Hi Michael,

thanks for your answer.

1. Have you tried swapping out the RAP at (1) location and still see the same results? Yes, we swapped the rap and tried also another rap module at location 1
2. Have you tried taking a working Macbook to that same location and does it continue to work or stop working? We doesnt tried this because this is not so easy to go to our users in the home office.
3. Have you tried taking the non-working Macbook to another location and does it do the same thing?  Yes, we took a non-working Macbook to a working (2)Location with the rap that didnt work in the other (1)location and a rap that is always at that (2)location and work with MacBooks. The Working MacBook can connect to both Raps the non-working MacBook cant connect to any RAP.
4. Are all the non-working RAPs the same AP group? Yes they have all the same Profile. But we tried different RAP types (3WNP and AP-203-RP-RW) both dont work.
5. Are there other RAP/Macbook's working that are in the same AP group as non-working ones? Yes all the same.

Sorry for the delay, but reading through your answers, it sounds like the issue is with the Macbook itself, not the Aruba gear. 

Hi michael,

i thought the same. But the most Macbooks are working. And first it was only one macbook after some time there came other macbooks with the same issue. And befor the macbook dont have any problems. 

On the macbook is still the same os version.

Thats why i have trouble to say its a problem on the macbook. And in our HQ all Macbooks are working fine with the aruba WLAN.

At the moment i cant find any issue. Even on the aruba also on the macbook.

Not sure if this will help you, but in the past, I have seen issues with 802.1x when using WAN links. The problem was if the device was using certificate-based authentication and the MTU of the WAN link does not allow to send the certificate at one packet through the line you might be in trouble, depending on how the certificated was fragmented. 

Your description sounds like this problem.

---

@Johannes wrote:

Hi michael,

 

i thought the same. But the most Macbooks are working. And first it was only one macbook after some time there came other macbooks with the same issue. And befor the macbook dont have any problems. 

On the macbook is still the same os version.

Thats why i have trouble to say its a problem on the macbook. And in our HQ all Macbooks are working fine with the aruba WLAN.

 

At the moment i cant find any issue. Even on the aruba also on the macbook.

---

Is this EAP-PEAP or EAP-TLS?

Don´t know if that makes sense but all profile are nothing of these two. Even when we do 802.1X

You can see this in my screenshot.

Hello together,

does anyone has an idea?

Best regards

Johannes

What is configured on the macbook client?  username and password, or certificates?  We don't have enough information to guess what could be wrong.

The clients are using a certificates. 

In our Head Quarter the WLAN is working fine with all MacBooks. In our Headquarter we have normals APs. The problem with the MacBooks are only in the home office with RAP (3WNP or AP-203-RP)

Ive made a screenshot of the config from a macbook. Hear you can see that the client is configured with certificates and is connected over EAP-TLS.

Hope that helps. If you need more informations please inform me. Thank you.

Best regards

Johannes Six