Currently running Aruba Campus AP's and Switches. Dual Mobility Master in cluster with dual Mobility Controllers in cluster. Public School with 1-to-1 Apple iPads managed under MDM. Users have a WPA2-PSK pre-loaded on their device. Clients can connect and roam to majority of devices.
HOWEVER, some devices are not able to connect to certain AP's. Not that the AP's won't accept ANY clients. They have each decided to not accept certain clients.
For example Clients A, B, and C cannot connect to AP-1. But, they can connect to AP-2, AP-3, etc...
Clients D, E, and F cannot connect to AP-2. But, they can connect to AP-1, AP-3, etc...
And so on...
Not all clients experience the problem and not all AP's demonstrate the problem. No clear pattern between clients and AP's. Once the problem occurs, it persists indefinitely (weeks so far).
I have confirmed the PSK is correct. When failing to connect the client device reports that the PSK is incorrect and the AP reports PTK Challenge Failed. Initially the problem was only reported on iOS devices. iOS devices are the VAST majority of our Wifi clients. However, an Aruba (Cape Networks) UXI sensor is now showing the problem.
I have checked coverage, channels, and interference.
Offending AP's are running identical configurations and connected to the same controllers as the non-bugging AP's.
OKC, Validate PMKID, 802.11k/v/r have all been turned on/off in various combinations to no effect.
I created a new, different WPA3 SSID with a different PSK. Bug persists.
We have been using AP-515's but yesterday we had some of them changed out for AP-555's. Once provisioned, some, but not all, of the 555's are demonstrating the bug.
I have a ticket in with TAC, who seem stumped and have escalated the issue as a possible "future firmware patch." I've only been Tech Director since June, when does the internal screaming stop?
No comments:
Post a Comment