Mobile (android/iOS) clients suddenly lose connection
10-12-2017 12:48 AM
Dear all experts and friends,
Our wlan has serious trouble with all mobile devices ( Android/iOS)
Controller : 7205 version 126.96.36.199 ( Master-local)
IAP 325: converted to campus AP mode
Radius: Cisco ACS 4.5 (802.1x) ( staff)
Internal database: for Guest access
MAC authentication: for deverloper
03 SSID: staff,dev,guest
1. All laptop user now have good connection to wlan ( all SSID)
2. Mobile user (android) cannot access staff's wlan (802.x1), if they can, they will be disconnected after a few seconds
3. Mobile user can normally access wlan dev and guest without disconnecting (non-802.1x)
4. i've already removed 802.1x authentication (staff) and use preshared key.after that, mobile client can normally access it.
5. Mobile user can normally access wlan ( staff dot.1x) with Ruckus system.
6. i've already removed cisco ACS and use NPS ( radius microsft) but mobile client disconnected after few seconds or mintues or they cannot access. ( same cisco ACS)
I dont think this is error on mobile devices, because mobile user can normaly with other WLAN ( ruckus, free wifi, home, cafe...)
In attached file :
Log mobile client when access my Aruba WLAN ( failse)
Log mobile client when access my Aruba WLAN ( success)
Log laptop client when access my Aruba WLAN ( Always success)
In log failse, i saw after send authentication, controller provided vlan for client, but client cannot got IP address.
I was spend alot of time (two week and more), but i cannot detect the root cause.
Dear all experts and friend , please help me to investigate the proplem, Please review my configuration and give me some ideas or recommend for me.
Thank you so much
Best and regards,
Re: Mobile (android/iOS) clients suddenly lose connection
10-16-2017 06:35 AM
Reproduce the issue then collect "show auth-tracebuf" shortly thereafter. Then, connect with the working laptop and run "show auth-tracebuf" again. (you may wish to enter "no paging" first to make it easier to collect, also ensure that "show running-config | include user-debug" returns no output first, e.g. there should be no user-debug configured)
Double check that you have the correct forwarding mode on the dot1x enabled virtual-ap profile.
what is the configuration of role wlan_high_priority-role ?