Wireless Access

Reply
Highlighted
Occasional Contributor II

Connection Issue Without a Solution

For the past month I have been dealing with an issue where clients cannot connect to certain APs. 

 

I am in a school with 136 APs most of them are 225s with 30 new 515s. We have a cluster of two 7210s managed by a pair of virtual Mobility Masters. All of our switches are Aruba either S3500 or newer 2930M. We also use ClearPass for authentication. So everything is Aruba/HPE.

 

The issue is random across the network. Users will connect without any problem in one room then move to another room and will not connect. It does not affect everyone. In one room I will have 10 people connected and 2 that are not or vice versa. I have walked around the building with 4 devices (an iPad, Windows 10 computer, MacBook Pro, and Android phone). In some rooms they all connect. In some rooms I will have one or two or three connect. 

 

The logs show there is an issue with the AP and eap-id from the client. What I see is that the user attempts to connect, they can see the network, but then they get rejected. In the MM and on the controllers you can see the client attempt to connect. It draws the logon role then gets dropped. The client never gets to ClearPass. It is dropped right here at the AP or controller.

 

It doesn't seem to matter which model AP we use, though it seems to be happening more with the 515s. I have noticed in rooms with multiple APs that one AP with the issue can make it harder for clients to connect in the space. Turning off that AP allows users to connect to the working APs. This goes the same for if there is one AP in a single room. I can disconnect it and clients will connect to nearby APs that are working. I have also disconnected an AP for a period of days. After reconnecting it will take some time, get the configuration, and then work. In some cases it will go back to not working after a day or two.

 

I've had an escalated case with TAC for the past month and they have been very helpful but yet no solution. I have reached out to my sales rep and engineers and I am told to talk to TAC which I have done. Yesterday I did another 2+ hour session with TAC where they took more logs for the engineers to look over. 

 

A few weeks ago they sent me some new OS updates based on what they found, but that didn't solve the issue. Some APs will work that didn't before and others will fail, sometimes in places where we didn't have an issue before.

 

What's strange is that I can look at the MM and see over 800 clients attached. The number of users affected is quite small, yet there are enough that it has become a major concern. One that appears to have no solution. This is something that we can't live with.

 

I am wondering if anyone else had seen something like this and might have come across a solution.

 

Thanks

Highlighted
Guru Elite

Re: Connection Issue Without a Solution

Please PM me your case#


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted

Re: Connection Issue Without a Solution

MMMM...

Your MD's cluster is L2 or L3?

 

Please run show lc-cluster vlan probe. ( CLI on one of the controllers )

It sounds like L3 cluster.

What are u using for auth ? Make sure both MD's using their VRRP address has nas-ip.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Highlighted

Re: Connection Issue Without a Solution

Make sure in your cluster profile to exclude VLAN's your MD's cant see each other - and than Be sure your cluster is L2 - and your issue will be solved ( at least to me , Its sounds like L3 Cluster issues. )
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Highlighted
Occasional Contributor II

Re: Connection Issue Without a Solution

It says L2 Conn when I run the command.

We use ClearPass for auth.

As for this: 

Make sure both MD's using their VRRP address has nas-ip.

I'm not sure where I would check that.

 

Thanks for responding.

Highlighted
Occasional Contributor II

Re: Connection Issue Without a Solution

I had the TAC engineer take a look at the solution posted on here and he said everything is set up properly with L2 and that isn't the issue.

 

The problem persists and is growing. More locations on our network will not allow users to connect. The network is slowly becoming useless and I don't have any solution from anywhere. I really am unsure what I can do going forward. We have invested a lot of money into Aruba/HPE to get a working network and it feels like money flushed down the drain right now.

Highlighted
Occasional Contributor II

Re: Connection Issue Without a Solution

After another marathon session with TAC and a group of engineers here is what they discovered as to what maybe the problem:

 

Root cause: The DHCP takes 47s, but Aruba code DHCP timeout is 40s, this causes the GRE tunnel src IP to be selected as the Default one (192.168.x.x). A new debug image with increased DHCP timeout was loaded to one AP 

The AP was able to build GRE tunnel with its DHCP assigned IP , Clients were able to connect 

Further the AP would be deployed in an area which has reported the issues all the time

Logs were collected which will be analyzed by the team 

We need to know why the DHCP was taking this much time, is the delay in the intermediate Devices/Relay agent/Network 

Also, to note , apart from the Controller image upgrade there was no change in the Network , hence DEV will investigate the code as well 

 

So it looks like we are closer to a solution but not quite there yet.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: