09-23-2019 04:08 PM
I have a case started with Support, but am curious if anyone else has observed this. We have experienced random issues where clients are associating with an AP, but go nowhere after connecting (primarily chromebooks). A reboot of the AP remedies the issue. During one such period I captured some logs and see that while this is happening the AP is handling a ton of CAPWAP events related to MAC authentication. For example:
CAPWAP receive kevent AH_KEVENT_ITK_NOTIFY, eventid = 15, size = 369
CM2.0 detect problem(station=c8bc:c8c0:6bdf, problem id=0x00000001(denied-by-ACL), interface=wifi0.2(ifidx=17), count=2234)
The log is basically dominated by these.
My interpretation is that a client (in this case, primarily Apple computers) is being denied access to an interface we have set up to use MAC authentication. Because that client's MAC is not listed on the NPS controlling access it is rejected. This is all correct and what I would expect. What I am wondering is why so many... and if this is, in fact, why the AP is basically seizing up.
AP 230 running HiveOS 10.0r5
09-24-2019 01:55 PM
Is it typically the same MAC address listed in these event logs, or a wide variety? If it's the same MAC, it's possible the machine is repeating it's request continually after every rejection, likely as an automatic connection function. It's unlikely that this would be the sole reason for an AP to seize up, but it would depend on how many clients are doing this and how often those requests are coming through. If you could send me a tech data file at communityhelp@aerohive.com, I can take a look and let you know what I find.