Wireless Access

Reply
Contributor I

AOS 8.4.0.3 Roaming disconnects

We have recently set up 2 controllers on AOS 8.4.0.3 in a cluster and our users are reporting intermittent disconnects when they roam around our office. Looking in our FreeRADIUS logs we see the following message that coincides with the issues:

 

Login incorrect (eap: EAP requires the State attribute to work, but no State exists in the Access-Request packet.): [USERNAME] (from client MC port 0 cli MACADDR)

 

Have googled but not found any help so far.

 

When the issue occurs users get prompted to enter their credentials again and even if they enter the correct credentials it rejects their login. It seems they have to forget the network entirely to reconnect or if they wait a period of time it will eventually be able to reconnect by itself. This is happening on all devices regardless of make or OS etc.

 

Currently the only thing we have noticed is that even though we have L2 connectivity between our controller cluster and same VLANs present for each (they are in two different data centres) Mobile IP has been enabled on our VAPs (think this is default setting) and VLAN Mobility is not enabled. Could this be causing these issues?

 

Thanks.

Guru Elite

Re: AOS 8.4.0.3 Roaming disconnects

On either MD commandline, type "show lc-cluster vlan-probe status" to see if all your user VLANs can see each other or if probes are failing.  If not, it will consider your cluster layer 3 connected and deauth your clients when they roam between APs that are on different controllers.

 

EDIT:  rereading your post above, I have no clue why you are having issues.  Try to see if it operates with a single controller.  Mobileip and VLAN mobility have nothing to do with clustering.

 

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Contributor I

Re: AOS 8.4.0.3 Roaming disconnects

Thanks for reply. They are showing as L2 connected when I check on CLI.

 

Reading some Aruba documentation it says should not have L2 and L3 enabled on the VAP at same time. By these settings I presume it means Mobile IP and VLAN mobility. Currently we have Mobile IP ticked and VLAN mobility unticked. This seems to be default but is it correct for L2?

 

Thanks.

 

2e45d26b-82c5-43d6-88b0-a1b18bcf0c83.jpeg

Guru Elite

Re: AOS 8.4.0.3 Roaming disconnects

Those knobs are not used for clustering.  Have you excluded any VLANs from your cluster?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Regular Contributor I

Re: AOS 8.4.0.3 Roaming disconnects

What do you see in the authentication buffer for the specific user?

(When you know you have entered the correct credentials but the user is unable to login)

 

Command : show auth-tracebuf mac <user mac>

 

Note: Use this command as the client tries to login

 

At which point is the authentication process failing?

 

What happens when you do a AAA test server from the diagnostics with the credentials you know are correct?

 

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.

Ajay Kumar Ravipati
ACMA (V8) | ACMP (V8) | CCENT | CCNA (R&S) | PAN-OS 8.0 ACE
Contributor I

Re: AOS 8.4.0.3 Roaming disconnects

3 VLANs are excluded for some reason even though there is layer 2 connectivity between them and two controllers (config was done by someone else). 2 of these VLANs might get used by clients but not by those who are currently reporting the issue.

Contributor I

Re: AOS 8.4.0.3 Roaming disconnects

We can't reproduce the issue currently so very difficult to debug. It seems to happen maybe once every few days but users aren't reporting it to us when it does and we hear about it days later.

 

Interestingly running a AAA test from any of our controllers or mobility master and our old controllers on AOS 6.5 to our FreeRADIUS server we get authentication failed response even though users can successfully auth on the live wireless network. Not sure why this is the case. We have some MS NPS servers that are also in use that the AAA test comes back fine for.

 

Thanks.

Guru Elite

Re: AOS 8.4.0.3 Roaming disconnects

Ok.

 

Just to ask:

 

- How frequently does the issue you mentioned with the radius server happen?

- Does it happen to a specific client more than another?

 

I am asking this question, because we need to zero in on why this is happening.  If you have the person who configured/designed this network handy, that would be helpful.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: AOS 8.4.0.3 Roaming disconnects


@kuairhead wrote:

We can't reproduce the issue currently so very difficult to debug. It seems to happen maybe once every few days but users aren't reporting it to us when it does and we hear about it days later.

 

Interestingly running a AAA test from any of our controllers or mobility master and our old controllers on AOS 6.5 to our FreeRADIUS server we get authentication failed response even though users can successfully auth on the live wireless network. Not sure why this is the case. We have some MS NPS servers that are also in use that the AAA test comes back fine for.

 

Thanks.


If it is something that happens rarely, it will be difficult to figure out, because you would have to wait until it happens to capture the state of the user.

 

AAA test server has a raw authentication that might not have all the attributes your freeradius server is looking for, so it might fail.  The NPS server might not be looking for any more attributes and maybe you should switch back to that to see if your issue continues. The fact that AAA test server is failing at least means that authentication is making it to your radius server(s).

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: AOS 8.4.0.3 Roaming disconnects

I have logged a ticket with the company who configured and am awaiting reply. Most of the config is default settings and the rest was replicating our old 6.5 environment which does not experience the same issue.

 

Currently it seems to be affecting random set of users with nothing that links them together. Different devices and OSes at different times in the day in different locations around our office. Only thing that seems to be consistent is it is triggered by them moving through the office and roaming from one AP to another. A very technical colleague from another team experienced the issue recently so we know it is not user error or something like that.

 

We have tested roaming with a variety of devices and could not reproduce after many hours of walking around our office which is rather frustrating but reports keep coming through with the same symptoms.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: