Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14647
Views
39
Helpful
24
Replies

M2 MAC Pro WiFi 6e Fails to join when Fast Transition set to ADAPTIVE

Go to solution
charles
Level 1
Level 1

‎02-09-2023 11:55 PM

Latest M2, M2Max, M2Pro, MAC Book Pro WiFi 6E cannot connect to Cisco WiFi when Fast Transition (FT) is set to "Adaptive"

Is anyone else having issues with the Latest M2 Mac Book Pros (with WiFi 6E) not connecting to Cisco AIROS Controller-based Networks if Fast Transition (FT) is set to ADAPTIVE? Tested on the Latest 8.10.183.0 with 9130,3800,3700 Series AP. Also Tested on 8.5.182.2 with 3600 series APs. Other Mac and IOS devices work fine.

No other vendor can support Adaptive mode, it is proprietary to Cisco and Apple. The result is that all non-iOS devices (inc MacOS < v12 ) will connect and roam without FT. But iOS devices can “Adapt” (upscale) their ‘Authentication and Key Management’ suite (AKM) to connect with FT even though the SSID does not support it.

If the SSID FT option is set to ENABLED the M2 WiFi6e device can connect.
If the SSID FT option is set to DISABLED the M2 WiFi6e device can connect.

The devices ASSOCIATES and does 802.1x Auth but then cannot get an IP address and gets self-assigned IP then disconnects. This is all happening on WiFi 5Ghz (no 6Ghz)

from the apple site

802.11r

Wi-Fi network roaming with 802.11k, 802.11r and 802.11v on iOS, iPadOS and macOS – Apple Support (AU)

When your device roams from one AP to another on the same network, 802.11r uses a feature called Fast Basic Service Set Transition (FT) to authenticate more quickly. FT works with both pre-shared key (PSK) and 802.1X authentication methods. iOS 10 and later, iPadOS and macOS 12 include support for adaptive 802.11r on Cisco wireless networks. Adaptive 802.11r offers FT without the need to enable 802.11r on the configured Cisco wireless network. To support adaptive 802.11r, the Cisco network must be using controller code version 8.3 or later.

 

 

 

2 people had this problem
24 Replies 24

Go to solution
charles
Level 1
Level 1

‎02-14-2023 01:25 AM

Love your work.  just need to see if there are any legacy clients that are mission critical that still use CCKM

0 Helpful

Go to solution
charles
Level 1
Level 1

‎02-14-2023 02:06 AM

Love your work thank you.   turning off CCKM when you have thousands clients and legacy VoiP will have some issues.  would still like apple to fix the issue.

0 Helpful

Go to solution
Rich R
VIP
VIP

‎02-14-2023 03:43 AM

Nice work @mrTeigen - good to know!
Maybe you could raise a TAC case @charles for Cisco to notify Apple as Apple tends to ignore end user reports.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
mrTeigen
Level 1
Level 1

‎02-14-2023 04:29 AM

Thank you all! 

It works on a 9800 WLC with this setting, but since it is in adaptive mode I would have to capture a roam to see if it is really using FT. But I do not use CCKM, and since it will be deprecated it is probably a good idea to find out how many of your clients that is actually using it. 

mrTeigen_0-1676377645056.png

 

0 Helpful

Go to solution
Nimpp
Level 1
Level 1

‎03-06-2023 02:33 AM - edited ‎03-06-2023 02:34 AM

Thank you all for your great work, I'm currently facing the same problem as a simple user and would like to ask you, please, if there is any client side solution ? 
Anything I can do on my side (=directly on the new macbook pro) that I can connect on a Wifi network with CCKM activated (it seems to be the issue if I understand correctly) ? 

Thank you very much and wish you the best. 

0 Helpful

Go to solution
charles
Level 1
Level 1
In response to Nimpp

‎03-06-2023 03:46 AM

From a client, there is not much you can do till apple and cisco fix the issue.    (I have case open with apple and cisco and they are working on it.  Fingers crossed

Go to solution
mrTeigen
Level 1
Level 1

‎03-06-2023 04:01 AM

Not to mention that Cisco has said that CCKM will be deprecated since 17.6 or something I would not get my hopes up. Maybe we get a fix, maybe not. Better to see how many devices use CCKM and turn it off. "Nobody" use CCKM anymore. CCKM is also turned off in later releases with the deprecated warning.

Go to solution
Nimpp
Level 1
Level 1

‎03-06-2023 05:25 AM

Thank you very much to both of you ! I will follow the outcome of this topic closely as I'm directly impacted, and there is nothing I can do to change the Wifi configuration.

Thanks again a lot for your work !

0 Helpful

Go to solution
charles
Level 1
Level 1

‎06-24-2023 06:56 PM

Apple has fixed this bug on MAC OS 13.4.

Go to solution
BrianRoberson
Level 1
Level 1
In response to charles

‎07-25-2023 04:09 PM

Perhaps my issue is different than the original one.  Clients on 6E devices can connect to 802.1X networks and get IP addresses.  When they attempt to roam the connection drops.  Sometimes it connects back up right away and then other times it just drops and doesn't connect.  I do have adaptive enabled turned on.  I'm wondering if it is worth trying turning it off.  It definitely is 6E devices on certificate based SSIDs.

Skip

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card