cancel
Showing results for 
Search instead for 
Did you mean: 

APs not passing traffic... Connection to MAC Authentication denials?

APs not passing traffic... Connection to MAC Authentication denials?

tandrews
New Contributor

I have a case started with Support, but am curious if anyone else has observed this. We have experienced random issues where clients are associating with an AP, but go nowhere after connecting (primarily chromebooks). A reboot of the AP remedies the issue. During one such period I captured some logs and see that while this is happening the AP is handling a ton of CAPWAP events related to MAC authentication. For example:

 

CAPWAP receive kevent AH_KEVENT_ITK_NOTIFY, eventid = 15, size = 369

CM2.0 detect problem(station=c8bc:c8c0:6bdf, problem id=0x00000001(denied-by-ACL), interface=wifi0.2(ifidx=17), count=2234)

 

The log is basically dominated by these.

 

My interpretation is that a client (in this case, primarily Apple computers) is being denied access to an interface we have set up to use MAC authentication. Because that client's MAC is not listed on the NPS controlling access it is rejected. This is all correct and what I would expect. What I am wondering is why so many... and if this is, in fact, why the AP is basically seizing up.

 

AP 230 running HiveOS 10.0r5

5 REPLIES 5

samantha_lynn
Esteemed Contributor III

That sounds like a good guess to me, and would match the data we're seeing. Thank you for updating the firmware for us. If the issue does come back, getting tech data while there is an issue would be the best step to take so we can compare the logs. I'm also going to review the data on the case with our expert team (we have a meeting set for tomorrow) to see if they have any input for us.

tandrews
New Contributor

Hi Sam...

 

I winnowed things down to about the same numbers last week. They are all Mac computers. I'm guessing they are sitting in the lab with the wireless radios turned on and constantly trying to associate with this SSID.

 

I updated all of the APs in that building to 10.0r7a last night. No issues reported so far. The tech data upload I provided was during a period when the device was functioning... so perhaps I should gather the data when (if) it is not? Like I said... no issues this morning.

samantha_lynn
Esteemed Contributor III

Thank you for sending me that case number. I reviewed the tech data attached and I see that it's many different MAC addresses. I sent you all the unique MAC addresses I saw within a 3 second time period (14 different client devices, over 50 requests, an average of about 16 requests a second), all of which sent multiple requests throughout. Could you tell me if these devices have anything in common, like OS type?

 

Also, I see the last recommendation was to update the firmware and the tech data I looked at was still on the old firmware, have you been able to update since you last spoke with us? Would you be able to send new tech data once you have updated?

 

Finally, since a reboot temporarily resolves the issue, would you be able to pull tech data a few minutes after a reboot so we can compare the logs?

tandrews
New Contributor

Message sent. I have an open case with syslogs and techdata uploaded.

GTM-P2G8KFN