cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1481
Views
35
Helpful
8
Replies

Only MacBooks got disassociated from the Wi-Fi

UnderSeige43
Level 1
Level 1

Hi,

I have a strange behaviour after merging AIR-AP2802I-E-K9 access points from physical 2500 WLC to Cisco vWLC v8.10.171.0. 

Immediately after the merging, only Windows operated laptops could join the network by using their enterprise WPA2 credentials. MacBook users connect well at the start, but after entering their credentials and trusting the certificate, they disconnect from the Wi-Fi and the status shows "Authorizing". We still have access points associated with the physical 2500 WLC at other buildings but the Mac users didn't report any problems with this. Also, some Mac users reported that the certification got accepted in the first connection try, but, after a while, both the credentials and certification trust pop up every 1 minute when they try to join the network. Another strange behaviour this time on the vWLC: users are assigned with IPv6 randomly for both Windows and Mac users and even for their mobile devices. And I made sure that no IPv6 settings were enabled on the WLAN or the Global Settings. 

iPhones and iPads are associated normally and remain associated without any problems. 

Is there are any sittings, I need to check or change in the vWLC beyond the encryption or the 802.1x regarding authorization for MacBook or Apple devices.

I tried all the traditional workarounds to solve this problem. After searching all around, I found that this might be a bug in this vWLC version and the only 2 suggestions are to either using MDM to manage the iOS devices and push the certificates or using Wildcard Certificates. But I am hoping that someone had this issue before and found its cause without using these suggestions.

The following errors were found in the syslog server while this was happening:

*apfReceiveTask: %LOG-4-Q_IND: apf_80211k.c:825 Could not process 802.11 Action. Received RM 11K Action frame through incorrect AP from mobile station. Mobile:AE:66:7E:E5:9A:81.

*aaaQueueReader: %AAA-4-RADSERVER_NOT_FOUND: radius_db.c:3783 Could not find appropriate RADIUS server for WLAN 0 - no mgmt servers configured

vWLC WLAN SSID settings:   

  • Layer 2 Security                              WPA2+WPA3
  • Layer 3 Security                              None
  • Authentication Servers use             Port 1812
  • Encryption is                                   CCMP128(AES)
  • Authentication Key Management    802.1X-SHA1

Thank you in advanced. 

 

1 Accepted Solution

Accepted Solutions

marce1000
VIP
VIP

 

 - Have a go with https://software.cisco.com/download/home/284464214/type/280926587/release/8.10.183.0 , also check the controller configuration with show run-config commands, and have the output analyzed with https://cway.cisco.com/wireless-config-analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

8 Replies 8

marce1000
VIP
VIP

 

 - Have a go with https://software.cisco.com/download/home/284464214/type/280926587/release/8.10.183.0 , also check the controller configuration with show run-config commands, and have the output analyzed with https://cway.cisco.com/wireless-config-analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank you @marce1000 ill upgrade and hopefully it will got solved.

 

                                >.... ill upgrade and hopefully it will got solved.
  Good plan, as the 9800 platform becomes more common the older aireos releases are getting depreciated , 

 M..



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R
VIP
VIP

Like @marce1000 says make sure your software is up to date to eliminate known bugs which have been fixed already!

Compare the config on your old WLC to the new one.  There will be some expected differences for the different versions but there might be something specific you tuned on the old one that you've missed on the new one.

Thank you @Rich R , its definitely a certificate bug that could be solved in the new version. Ill upgrade and let you know if this solve the problem.

Rich R
VIP
VIP

And if you still have problems then start changing or disabling newer features that are only there in 8.10 which can sometimes cause problems for buggy clients.  See also:
https://bst.cisco.com/bugsearch/bug/CSCwb04138
https://bst.cisco.com/bugsearch/bug/CSCvu24770

UnderSeige43
Level 1
Level 1

Thank you very much for your suggestions, ive managed to solve the problem by upgrading to 18.10.183 version, plus enabling some setting found in the iOS best practices.

Best regards,

Thank you again.

It would be useful for others to know which settings you found were causing problems - what they were set to and what you changed them to.

Review Cisco Networking for a $25 gift card