Wireless Access

We just replaced a bunch of AP-125's with AP-325's in a hospital and now a handful of devices can no longer connect to the APs - primarily handheld scanners trying to connect on their 2.4GHz radio. 

The logs in the controller continuously show the following:

Sep 27 09:05:44 :501093:  <NOTI> |AP AP325-01@192.168.56.192 stm|  Auth success: 01:19:28:b0:d0:e8: AP 192.168.56.192-44:48:c1:b0:3d:04-AP325-01
Sep 27 09:05:44 :501065:  <DBUG> |AP AP325-01@192.168.56.192 stm|  remove_stale_sta 2874: client 01:19:28:b0:d0:e8 not in stale hash table

This only started when the 325's were instaled.

We are running 6.4.4.16 controller code.

Clients are connecting to our WPA2-AES 802.1X network. 

In the association logs, I can see the devices authenticating to the AP successfully (AP not RADIUS) , but no association.

I did a packet capture of the traffic and at times I see probe requests with bad FCS for a ton of devices, all showing antenna signal above -85dBm and data rates of 1 and/or 5.5.

I was able to connect my Galaxy S8 with no issues and my association frames were signal of -30dBm and successful.

Any ideas what could be happening?

As this is an active customer cutover to new hardware, best response comes from opening a TAC case to ensure resources to investigate your packet captures, etc.

Were there any configuration changes made with the introduction of AP-325s into the environment? Was the environment stable with 125s on 6.4.4.16 before the AP cutover, or was the environment upgraded to 6.4.4.16 in order to support the 325s for this change?

On 2.4, expect to see management traffic at a 1Mb data rate regardless of SNR/RSSI, particularly with probe requests sent by the client devices. What data rate(s) are the APs using for beacons, and have the default data rates been trimmed?

Where was the packet capture taken? From the AP, or from near where the problem client type is located (or somewhere else)?

Solved.

This was an unusual situation. We performed some over the air packet captures of working and non-working devices and found that in the authentication frame sent to the AP and received from the AP, the Authentication Algorithm was mismatched. The device sent with "Network EAP" and the AP responded with "Open System". Open System is correct, and we found the setting on the device, which we updated to Open and the 802.1X authentications started processing properly. I haven't come across a device before that you can set the authentication to the AP, as well as the SSID authentication. Nonetheless, we updated the device configuration and issue was resolved.

What I don't know, is that the AP-125 would respond with Network EAP as well, and it was successful. The AP-325 does not, it only responds with Open System, which it should. Don't know why the AP-125 accepted the wrong setting. TAC Case opened and working with them to try and identify if something changed on the AP that made it no longer support the Network EAP option.

Thanks for the follow-up on the conclusion!