Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Client Drops on 802.1X - AP225 but not AP125

This thread has been viewed 0 times

  • 1.  Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 14, 2017 11:50 AM

    Clients are experiencing connectivity drops while using an 802.1X network on AP225's. If they switch to PSK network, they have no issues. They also had no issues when on AP125's, which are in other areas, but they were replaced in the problem area and the issues started. The 802.1X is setup for WPA2-PSK, and the PSK is WPA-TKIP, but that is the same across the board. The 225's and 125's are in different AP groups, but they are mirror copies, even down to the RF profiles (i know that's not good, but I can't change it for now). We had to disable client match for these devices because they were bouncing between APs while stationary, causing issues with latency sensitive applications.

     

    I'm struggling to find the issue, as authentications themselves to clearpass are all successful, and the logs in the controller shows successful auths and assoc attempts. Getting correct VLAN, IP, and user-role, and they will be connected for a while then randomly dropped and sometimes have trouble reconnecting, but no failed auths in clearpass logs.



  • 2.  RE: Client Drops on 802.1X - AP225 but not AP125

    Posted Aug 14, 2017 12:27 PM
    Do you see issues when the devices roam or it also happens while the devices are stationary ?


  • 3.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 14, 2017 12:46 PM

    Both, stationary and while roaming, but in our last few tests they were stationary.



  • 4.  RE: Client Drops on 802.1X - AP225 but not AP125

    EMPLOYEE
    Posted Aug 14, 2017 01:00 PM
    TKIP does not allow for 802.11n or 802.11ac speeds. It could be that your 802.11n/ac network is not designed properly. Your power might be too high if devices are bouncing between access points.


  • 5.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 14, 2017 01:36 PM
    Is there any way to disable the 802.11ac standard on 225? Basically to simulate as if it were a 125.


  • 6.  RE: Client Drops on 802.1X - AP225 but not AP125

    EMPLOYEE
    Posted Aug 14, 2017 03:52 PM

    You would have to uncheck VHT from the ARM profile.



  • 7.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 14, 2017 03:56 PM
    I will give that a try. We are testing AES vs. TKIP encryption, it seems like the devices connect and stay connected better on TKIP, but maybe that still has to due with 802.11ac vs. 802.11a/b/g. Some of these devices are older, but not too old - 1 laptop had a driver from 2013. I"ll update once we do more testing.


  • 8.  RE: Client Drops on 802.1X - AP225 but not AP125

    EMPLOYEE
    Posted Aug 14, 2017 04:07 PM

    Uh, I would update the driver first.  If the driver has not been tested with 802.11ac, it probably won't work well with it.  You would then lose the benefit of even deploying 802.11n or 802.11ac access points.  4 years is an eternity in Wireless LAN...



  • 9.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 14, 2017 04:18 PM
    Ok I will look into that as well, I will see if we can update the driver on a device and test.


  • 10.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 15, 2017 03:13 PM

    More details about the issue: The client device doesn't drop connection, but the network is no longer reachable. Cannot even ping the controller and SSID is set to tunnel.

     

    So we updated the drivers on all laptops in the area, from 2011-2012 date to a driver from 2017 and unfortunately the network connection issues are still happening. We also enabled mixed mode (WPA2-AES and WPA2-TKIP) on the 802.1X SSID in a small area and reconfigured one of them to have TKIP on the wireless profile. Since that change, that device has not experienced any network issues. Still at a loss for what is causing this issue, but it seems to be something with newer standards, either wireless 802.11 or encryption. Anyone else ever experience this?



  • 11.  RE: Client Drops on 802.1X - AP225 but not AP125

    EMPLOYEE
    Posted Aug 15, 2017 03:17 PM

    What client adapter is it?  Do you have anything exotic like 802.11k, 802.11r, 802.11v or mfp enabled?

     

    UPDATE 6/2018 -  The updated RF and Roaming Optimization Validated Reference Design Guide (VRD) has been published and has updated recommendations about enabling 802.11v, k and r in user networks.  The VRD can be found here: http://community.arubanetworks.com/t5/Validated-Reference-Design/RF-and-Roaming-Optimization-for-Aruba-802-11ac-Networks/ta-p/432994



  • 12.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 15, 2017 03:30 PM

    Intel Centrino Wireless-N 7260 (I think it's 7260) was one of the common one. They were all Intel Wireless N.

     

    802.11k is default (Not advertised)

    802.11r is N/A

    802.11v is N/A

    MFP - disabled



  • 13.  RE: Client Drops on 802.1X - AP225 but not AP125

    MVP
    Posted Aug 21, 2017 02:48 PM

    Ended up opening a TAC case and the engineer suggested I move the APs back into the group they used to be in when they were 125's. We have (2) copies of the same AP group - one for 802.11ac and one for 802.11n. The intention was to have different radio profiles for the respective standard, but they are currently the same. 

     

    I moved some of the AP-225's into the group with the 125's and the issues seem to have stopped. Does having older model APs (802.11n) possibly disable some 802.11ac functionality?

     

    Thanks.