04-03-2013 04:23 AM - edited 07-03-2021 11:49 PM
I have a user (presumably the first of many) who says his chromebook is unable to connect to our Cisco Wi-Fi. We use WPA2-AES and 802.1x.
This tends to happen when the chromebook goes to sleep and then it returned to a waking state. All the forums and articles appear to suggest that this is a known issue with the chromebook. However, our users are not going to see it like that and will just think it is the network.
The chromebook connects fine to a test Apple Wi-Fi network we are running on WPA2-Personal.
Has anyone come across this? I just want to make sure it's not our Cisco Wi-Fi that has the issue (no evidence of this so far). We use a mix of 1142, 1252, 3500 and 3600 series APs.
Thanks is advance
04-03-2013 04:26 AM
I have done a rollout with many chromebooks with no issues. Can you post your show WLAN
Sent from Cisco Technical Support iPhone App
04-03-2013 04:31 AM
Show wlan here
WLAN Identifier.................................. 11
Profile Name..................................... ssid-name
Network Name (SSID).............................. ssid-name
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 198
Exclusionlist Timeout............................ 11 seconds
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
--More-- or (q)uit
Webauth DHCP exclusion........................... Disabled
Interface........................................ location-ssid-name
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
--More-- or (q)uit
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.11.1.1 1812
Authentication................................ 10.11.1.2 1812
Accounting.................................... 10.11.1.1 1813
Accounting.................................... 10.11.1.2 1813
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
--More-- or (q)uit
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
--More-- or (q)uit
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Multicast Buffer................................. Disabled
--More-- or (q)uit
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
04-03-2013 04:34 AM
You need to only use one type of encryption. Either use WPA/TKIP or WPA2/AES. Currently you have both and that is most likely why. My installs only uses WPA2/AES.
Sent from Cisco Technical Support iPhone App
04-03-2013 04:35 AM
Will give it a try but so far this is the only device complaining and the system has been in for 4 years.
04-03-2013 04:40 AM
Many new devices will be flaky especially Apple devices. It's a best practice we use. If you want to have both, create a new WLAN with a different profile name but the same SSID. One WLAN will have WPA and the other WPA2. This also affects when you are running new code as back in the days I too had no issues having both.
Sent from Cisco Technical Support iPhone App
07-03-2014 10:18 PM
Never posted before so not sure what the protocol is here for old threads.
Just came across this post and we have identical issue and have been trying to work it out for pushing 6 months.
WPA2-AES using 802.1x against Windows Radius. Using 3602i APs, 5508 WLC.
We have 700 Chromebooks and were seeing this issue approx. 20x a day. Recently had 1 of our 5508s die and had a replacement under warranty. I upgraded software and firmware on both 5508s and we have reduced the instances of this dramatically to 2-3x a day. Still looking for a complete solution so if anybody has any suggestions or fixes would love to hear, but thought I would at least post what has reduced the instance of this problem for us to help others. Cheers.
07-04-2014 03:58 AM
Chromebooks are not the most stable from my experience, but have gotten better. One thing you need to make sure of is that they only have one wireless profile. What I mean here, is that, make sure the Chronebooks don't have another SSID that is on your network that was manually added by the user, or else the issue might be that these devices are trying to join the other network. Also, make sure you don't have client load balancing enabled on the WLAN and you only have WPA2/AES set as the encryption and not WPA/TKIP also enabled or a mix of both. Last but not least, make sure that you have the latest firmware for the Chromebooks. There are many different flavors if Chromebooks, and each has it's pros and cons.
07-07-2014 10:15 PM
I have just added a second WLAN for Guest access, but students wont have the PSK so this shouldnt cause an issue with multiple SSID?
Can I ask why you say not to use Load Balancing? It was something I was looking to test in the near future.
09-13-2016 02:05 PM
I am having a similar issue and wondering why you state to not use load balancing. Thanks.
09-16-2015 04:55 PM
This is a known UAPSD wireless power saving protocol issue that affects Chromebooks with the Intel 7260AC card in them. Google and Intel have thus far not addressed the issue which was brought to their attention over a year ago. See the links below. If you turn off UAPSD on your wireless network you should see this issue go away. It's not a problem with Chromebooks in general as there is a driver setting on Windows machines with this same Intel card that allows you to turn off UAPSD because they too experience this issue with the Intel 7260AC card. Intel blames wireless vendors yet it seems to me that since this issue happens with this model card on not only Cisco but also Meraki, Aruba, UniFi and the list goes on. Intel also has a help article on their site about the cards this issue affects but they pass blame on wireless vendors even though the common denominator here is their cards.
https://code.google.com/p/chromium/issues/detail?id=406510
http://www.intel.com/support/wireless/wlan/sb/CS-034875.htm
09-17-2015 08:15 AM
Following this post.
09-24-2015 07:55 PM
Good to know as I am having this issue with the acer 11's (cb3-111). Seemed to have happened after the chromebook updated to a newer version. I will be following this post as well. Thank you for the info.
05-20-2018 11:23 PM
I have a 2016-2017 Chromebook Samsung. Had similar issue as the original poster. After several re-tries and failures, here is the setting that worked for me.
PEAP
MSCHAPv2
Certificate: Set to none
username
password
05-20-2018 11:23 PM
I have a 2016-2017 Chromebook Samsung. Had similar issue as the original poster. After several re-tries and failures, here is the setting that worked for me.
PEAP
MSCHAPv2
Certificate: Set to none
username
password
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide