Solved

Monitoring authentication events

  • 2 March 2021
  • 6 replies
  • 34 views

AP650s, using ExtremeCloud IQ.  I have MAC authentication on one SSID, using one of the AP650s as RADIUS.  One iPhone user is having trouble connecting, even though I’ve entered her MAC address in the user base and she says she’s entering the password correctly (there’s a pre-shared key so that the SSID isn’t open, and then MAC authentication takes over).

So, it should work, but isn’t, and I want to look at authentication logs to see if I can find errors relating to that MAC address - something like “xx:xx:xx:xx:xx:xx tried to authenticate and failed.”  But, I don’t see anything like that in the logs that I can see (at Manage/Events and Manage/Tools).  Am I looking in the wrong place?

icon

Best answer by HHRINetwork 2 March 2021, 21:55

Figured it out!  It’s Apple #&$^&%^ Private MAC address.  See https://support.apple.com/en-us/HT211227 for details.  By default, the iPhone sends a fake MAC to each AP it connects to, so doing MAC authentication by the real one won’t work.  You can turn it off per SSID.  Once we did that, she connected.

View original

6 replies

Userlevel 6

I’d recommend setting up a client monitor for that device so you can start collecting the authentication logs. The client monitor should tell us what step of the authentication process is failing, which will tell us where to troubleshoot. This guide reviews how to set up a client monitor in ExtremeCloud IQ: https://extremeportal.force.com/ExtrArticleDetail?an=000056843&q

 

If you’d like help reading the results, please feel free to email an export of the client monitor to me at community@extremenetworks.com so I can take a look for you. 

Userlevel 2
Badge +1

Click on the AP and on the left you can see under monitor “event”. 

Thanks for the quick replies.  So, I set up a client monitor for her MAC address on the one AP that she would connect to.  Told her to connect, she tried and it failed - but the monitor picked up nothing at all. 

I’m working from home, so not looking over her shoulder, so I can’t guarantee she’s doing what she says she is.  But she’s generally a smart user.   But that sure sounds like she’s not even trying to connect to the right AP, right?

Userlevel 6

That’s what it sounds like to me too. Are there any near by APs she could be roaming to that we could try to see with a client monitor? Also, does she have any other devices she can try to connect with to see if it’s an issue isolated to one device or not?

Only one AP on her floor, no other devices handy, but I had her connect to the guest network and found that her iPhone reported a different MAC address. 

Of course, once I put that into the user base, it still failed.  Kind of stuck now, but when I’m in the office later this week I’ll try again.

Figured it out!  It’s Apple #&$^&%^ Private MAC address.  See https://support.apple.com/en-us/HT211227 for details.  By default, the iPhone sends a fake MAC to each AP it connects to, so doing MAC authentication by the real one won’t work.  You can turn it off per SSID.  Once we did that, she connected.

Reply