Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x authentication on Macbooks running Lion..

Hi Guys,

I was wondering if anyone has experienced problems with 802.1x authentication on their Cisco Wifi network using Macbook Pro/Airs running Lion.

We have..

2x Controllers with WiSMs running 7.0.116.0

A mixture of 1131 and 1142 APs..  ( APs mainly in HREAP mode with some APs located on the same local network as the Controller in Local Mode )

Macbook Airs/ Pro running Lion

The symptoms we are experiencing are very similar to those described in this thread.. https://supportforums.cisco.com/message/3485552

In summary, we are finding that when our MacBooks are coming out of sleep/standby or roaming between APs, the devices get stuck during the 802.1x authentication process and will either get the self assigned 169 address or continuously try to authenticate.

This can occasionally be solved by turning the wifi interface off and on or manually stopping and starting the 802.1x process on the Mac

From reading various online forums, we have tried the following to resolve this..

- Disabled WPA across our wifi network as we don't use it anymore.. We now just use WPA2 with AES and Dot1x authentication.

- Disabled Client Load Balancing on the SSID configuration… this does not seem to have made things any better or worse although we are seeing more Load Profile threshold notification alerts for some of our APs which are used heavily.

- The 802.1x time out is currently set at 20secs.

- Some APs which are in Local mode ( due to them being on the same local network as our wifi controllers ) have been changed to HREAP mode and assigned a static IP address.. We found that this was required at our spoke sites where we were originally experiencing issues with our old Windows based devices.. Incidentally, we have not experienced any of these delayed authentication issues with our Window laptops, all our problems seem to be with our MacBooks running Lion..

As I mentioned earlier, there seems to be many discussions online regarding problems with the Lion OS and 802.1x authentication..

Has anyone experienced these problems in the past on there Cisco Aps and successfully managed to resolve it.. ?

Any ideas would be appreciated..

Many thanks.

Jon.

5 REPLIES
New Member

802.1x authentication on Macbooks running Lion..

Is this link helpful? We post this on our page for users of Apple devices who compain of something similar to what you describe:

https://discussions.apple.com/thread/1352518?threadID=1352518&start=885&tstart=1

New Member

802.1x authentication on Macbooks running Lion..

Hi Bryn,

sorry for the late reply and thanks for the link..

That apple link is infact one of the many threads I have already read through regarding this problem.. Unfortanately I had tried the solutions listed on there ( most of them are listed on my original post above ! ) and had no luck..

Since my post, we have created a new SSID using just a PSK as an experiment to see if the above issues dissapeared..

We found that the connectivity issues vanished straight away and as soon as 802.1x was enabled on this new SSID, our macbooks ( running Lion ) started getting stuck authenticating again when brought out of standby or roaming.

Current plan is to build a new radius server dedicated for this process to see if that has any effect..

Cisco Employee

802.1x authentication on Macbooks running Lion..

you can try increasing the EAPOL key timeout and EAPOL key retries and see if that makes any difference ..

show advanced eap

config advanced eap

http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp9681830

But i think its just apple devices that are impatient in general and does not like to wait too long for authentication and or dhcp process.

can you send the output of the commands >

> debug client

> debug aaa events enable

> debug dhcp packets enable

New Member

802.1x authentication on Macbooks running Lion..

jon,

were you able to find any resolution to this issue? we are experiencing similar issues with mac's dropping intermittently.

New Member

Ran across this old post

Ran across this old post while researching this same issue. For us, the problem appears to be with the Mac's trying to request an IPv6 address if set to Automatically or Link-local only for Configure IPv6 under the TCP/IP tab. When we changed this to Manually and set a manual link local address, the problem went away and could reconnect after roaming between APs or coming out of sleep/standby.

Enjoy,
Wayne 

 

UPDATE 1: This 'fix' did not solve the issue. After a day, we're still seeing the problem. 

 

UPDATE 2: Found the solution to my problem. It was the cert chain of trust and CRL lookup. The link below describes the problem, but basically the Mac's were unable to check the certs and causing a time out. No network = no CRL lookup = no network......

http://support.apple.com/kb/TS5258?viewlocale=en_US&locale=en_US

 

 

5292
Views
0
Helpful
5
Replies
CreatePlease login to create content