Wireless Access

We have a few users that are allowed to have Macs. I am not very familiar with Macs, but I am getting complaints that some days for Mac users they get disconnected multiple times a day, and have to reconnect to the network. (Using wireless)

Are there certain Mac specific settings I should set up? Are there any white papers or KB articles that would walk me through that? I didn't turn up much that seemed useful when searching. 

We have a 7210 Controller (Running 6.4.0.3, we had the issue before upgrading to 6.4) that uses our Clearpass (6.3.1) as Radius authentication and we use AP 105s. 

I do not see anything in the logs that indicate an issue on the Network side, but I assume it is a Mac issue playing nice with the network. 

Do you have "Validate PMKID" enabled in your 802.1x profile?

No I do not have that enabled. Does this make a big impact on Mac's connecting to the network? 

This didn't scream Apple to me, does this have an impact on the rest of the network as well? We only have maybe 600 clients active on a busy day, so I assume we could handle the added load, but I would hate to see issues come up with other computers because of this. 

Here is the description of the setting for anyone who may also be looking to figure this out:

Validate PMKID: This parameter instructs the controller to check the pairwise master key (PMK) ID
sent by the client. When you enable this option, the client must send a PMKID in the
associate or reassociate frame to indicate that it supports OKC or PMK caching;
otherwise, full 802.1x authentication takes place.
NOTE: This feature is optional, since most clients that support OKC and PMK
caching do not send the PMKID in their association request.

It has an impact on roaming.  Macs do not support OKC.  Validate PMKID allows Macs to work without having to turn off OKC for all other clients.

Thanks for the help! That did the trick. 

ereader22,

Awesome.  I wish everything was this simple.

We would probably all be out of jobs if it was though. :smileywink: