Chromebook not able to connect

codflanglers · ‎04-03-2013

I have a user (presumably the first of many) who says his chromebook is unable to connect to our Cisco Wi-Fi. We use WPA2-AES and 802.1x.

This tends to happen when the chromebook goes to sleep and then it returned to a waking state. All the forums and articles appear to suggest that this is a known issue with the chromebook. However, our users are not going to see it like that and will just think it is the network.

The chromebook connects fine to a test Apple Wi-Fi network we are running on WPA2-Personal.

Has anyone come across this? I just want to make sure it's not our Cisco Wi-Fi that has the issue (no evidence of this so far). We use a mix of 1142, 1252, 3500 and 3600 series APs.

Thanks is advance

Scott Fella · ‎04-03-2013

I have done a rollout with many chromebooks with no issues. Can you post your show WLAN

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

codflanglers · ‎04-03-2013

Show wlan here

WLAN Identifier.................................. 11

Profile Name..................................... ssid-name

Network Name (SSID).............................. ssid-name

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Client Profiling Status ....................... Disabled

DHCP ......................................... Disabled

HTTP ......................................... Disabled

Radius-NAC State............................... Disabled

SNMP-NAC State................................. Disabled

Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 198

Exclusionlist Timeout............................ 11 seconds

Session Timeout.................................. Infinity

CHD per WLAN..................................... Enabled

--More-- or (q)uit

Webauth DHCP exclusion........................... Disabled

Interface........................................ location-ssid-name

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

PMIPv6 Mobility Type............................. none

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream Downstream

Average Data Rate................................ 0 0

Average Realtime Data Rate....................... 0 0

Burst Data Rate.................................. 0 0

Burst Realtime Data Rate......................... 0 0

Per-Client Rate Limits........................... Upstream Downstream

Average Data Rate................................ 0 0

Average Realtime Data Rate....................... 0 0

Burst Data Rate.................................. 0 0

Burst Realtime Data Rate......................... 0 0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

--More-- or (q)uit

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ 10.11.1.1 1812

Authentication................................ 10.11.1.2 1812

Accounting.................................... 10.11.1.1 1813

Accounting.................................... 10.11.1.2 1813

Interim Update............................. Disabled

Dynamic Interface............................. Disabled

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

--More-- or (q)uit

FT Support.................................... Disabled

Static WEP Keys............................... Disabled

802.1X........................................ Disabled

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Enabled

TKIP Cipher............................. Enabled

AES Cipher.............................. Disabled

WPA2 (RSN IE).............................. Enabled

TKIP Cipher............................. Disabled

AES Cipher.............................. Enabled

Auth Key Management

802.1x.................................. Enabled

PSK..................................... Disabled

CCKM.................................... Disabled

FT-1X(802.11r).......................... Disabled

FT-PSK(802.11r)......................... Disabled

FT Reassociation Timeout................... 20

FT Over-The-DS mode........................ Disabled

GTK Randomization.......................... Disabled

SKC Cache Support.......................... Disabled

CCKM TSF Tolerance......................... 1000

Wi-Fi Direct policy configured................ Disabled

EAP-Passthrough............................... Disabled

--More-- or (q)uit

CKIP ......................................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

FlexConnect Local Switching................... Disabled

flexconnect Central Dhcp Flag................. Disabled

flexconnect nat-pat Flag...................... Disabled

flexconnect Dns Override Flag................. Disabled

FlexConnect Vlan based Central Switching ..... Disabled

FlexConnect Local Authentication.............. Disabled

FlexConnect Learn IP Address.................. Enabled

Client MFP.................................... Optional

Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Band Select...................................... Enabled

Load Balancing................................... Enabled

Multicast Buffer................................. Disabled

--More-- or (q)uit

Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Scott Fella · ‎04-03-2013

You need to only use one type of encryption. Either use WPA/TKIP or WPA2/AES. Currently you have both and that is most likely why. My installs only uses WPA2/AES.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

codflanglers · ‎04-03-2013

Will give it a try but so far this is the only device complaining and the system has been in for 4 years.

Scott Fella · ‎04-03-2013

Many new devices will be flaky especially Apple devices. It's a best practice we use. If you want to have both, create a new WLAN with a different profile name but the same SSID. One WLAN will have WPA and the other WPA2. This also affects when you are running new code as back in the days I too had no issues having both.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

shcms.ict · ‎07-03-2014

Never posted before so not sure what the protocol is here for old threads.

Just came across this post and we have identical issue and have been trying to work it out for pushing 6 months.

WPA2-AES using 802.1x against Windows Radius. Using 3602i APs, 5508 WLC.

We have 700 Chromebooks and were seeing this issue approx. 20x a day. Recently had 1 of our 5508s die and had a replacement under warranty. I upgraded software and firmware on both 5508s and we have reduced the instances of this dramatically to 2-3x a day. Still looking for a complete solution so if anybody has any suggestions or fixes would love to hear, but thought I would at least post what has reduced the instance of this problem for us to help others. Cheers.

Scott Fella · ‎07-04-2014

Chromebooks are not the most stable from my experience, but have gotten better. One thing you need to make sure of is that they only have one wireless profile. What I mean here, is that, make sure the Chronebooks don't have another SSID that is on your network that was manually added by the user, or else the issue might be that these devices are trying to join the other network. Also, make sure you don't have client load balancing enabled on the WLAN and you only have WPA2/AES set as the encryption and not WPA/TKIP also enabled or a mix of both. Last but not least, make sure that you have the latest firmware for the Chromebooks. There are many different flavors if Chromebooks, and each has it's pros and cons.

-Scott
*** Please rate helpful posts ***

shcms.ict · ‎07-07-2014

I have just added a second WLAN for Guest access, but students wont have the PSK so this shouldnt cause an issue with multiple SSID?

Can I ask why you say not to use Load Balancing? It was something I was looking to test in the near future.

georgebales · ‎09-13-2016

I am having a similar issue and wondering why you state to not use load balancing. Thanks.

garmeister · ‎09-16-2015

This is a known UAPSD wireless power saving protocol issue that affects Chromebooks with the Intel 7260AC card in them. Google and Intel have thus far not addressed the issue which was brought to their attention over a year ago. See the links below. If you turn off UAPSD on your wireless network you should see this issue go away. It's not a problem with Chromebooks in general as there is a driver setting on Windows machines with this same Intel card that allows you to turn off UAPSD because they too experience this issue with the Intel 7260AC card. Intel blames wireless vendors yet it seems to me that since this issue happens with this model card on not only Cisco but also Meraki, Aruba, UniFi and the list goes on. Intel also has a help article on their site about the cards this issue affects but they pass blame on wireless vendors even though the common denominator here is their cards.

https://code.google.com/p/chromium/issues/detail?id=406510

http://www.intel.com/support/wireless/wlan/sb/CS-034875.htm

ajc · ‎09-17-2015

Following this post.

bpcrossen · ‎09-24-2015

Good to know as I am having this issue with the acer 11's (cb3-111). Seemed to have happened after the chromebook updated to a newer version. I will be following this post as well. Thank you for the info.

Kevin Luu · ‎05-20-2018

I have a 2016-2017 Chromebook Samsung. Had similar issue as the original poster. After several re-tries and failures, here is the setting that worked for me.

PEAP

MSCHAPv2

Certificate: Set to none

username

password

Kevin Luu · ‎05-20-2018

I have a 2016-2017 Chromebook Samsung. Had similar issue as the original poster. After several re-tries and failures, here is the setting that worked for me.

PEAP

MSCHAPv2

Certificate: Set to none

username

password