Wireless Access

Reply
Frequent Contributor II

single device not connecting to wifi

Hi,

 

i'm having something really strange here.  In six years this is the first time i'm having this reported...

 

Head office : 2 x 7250 controllers running 6.5.4.3

Remote office : IAP config (AP 315 running 6.5.2.0)

 

An enduser device (Windows 10 laptop) tries to connect to an ssid on the head office and fails.  It does not even get an ip address.  This is the only device where it fails (500 other's do connect).  It's not related to the specific ssid (there are several ones, even one with a simple wpa2 key and they all fail).  Strangely enough the connection works on an identical setup at the remote office.  But the difference is that at the remote office iap's are used (so different controller in other words).

 

The problem seems to be tied to the mac address of the wifi card.  If i change the mac address the connection succeeds.  And if i attribute the original mac address to an OSX device, i can reproduce the issue. 

 

We've also tried different locations (so different ap's are used) but same issue.

 

I've set the mac to debugging but nothing really interesting comes up :

 

Jan 9 14:07:22 localdb[4146]: <133006> <4146> <ERRS> |localdb| User fc:f8:ae:43:a7:8d Failed Authentication
Jan 9 14:07:22 localdb[4146]: <133006> <4146> <ERRS> |localdb| User fc:f8:ae:43:a7:8d Failed Authentication
Jan 9 14:07:22 localdb[4146]: <133019> <4146> <ERRS> |localdb| User fc:f8:ae:43:a7:8d was not found in the database
Jan 9 14:07:22 localdb[4146]: <133019> <4146> <ERRS> |localdb| User fc:f8:ae:43:a7:8d was not found in the database

 

One would expect that the mac address shows up in the blacklist but that's not the case.  I've ran a 'show running config | include fc:f8' and nothing pops up either.  

 

I receated the wireless config on the enduser device (removed wifi adapter in device manager) just to be sure but issue remains...

 

As i had no further options (and out of curiosity) i rebooted both controllers this weekend but problem ofcourse remains.

 

I'm currently out of options.  Anyone encountered something similar?

Guru Elite

Re: single device not connecting to wifi

It looks like you are have Enforce Machine authentication enabled in your 802.1x profile.  Macs cannot pass machine authentication, so they are probably stuck in the 802.1x-user role in the 802.1x profile.  Uncheck "Enforce Machine Authentication" in the 802.1x profile and see if you still have the problem.  Devices that have never passed machine authentication (non-domain devices) will also have this issue.  You need to speak to whoever configured the system  to ensure that you are not violating a security policy and creating a security hole.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Frequent Contributor II

Re: single device not connecting to wifi

Hi, the problem is not uniquely related to 802.1x authentication.  We have the same problem with a simple wpa2 key ssid.  And the (Apple) mac was only an example here as it's apparently the only host where we could simply change the mac address to something else to test with.  Our production environment is entirely Windows based.    Please remind we have at least 1000 (Windows) hosts where this problem does not show up...

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: