This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

What reasons would there be for a PPSK to stop working on a handful of devices, while it works on others connected to the same AP?

What reasons would there be for a PPSK to stop working on a handful of devices, while it works on others connected to the same AP?

tgmatula
New Contributor

‎10-07-2019 01:00 PM

Our campuses are experiencing chronic connectivity issues with one of the following symptoms:

1) Either the PPSK stops working on their device. 

2) They are able to connect to the SSID and PPSK but no internet connectivity. Cannot ping DNS or Gateway. 

 

Testing:

Rebooting the AP does nothing for the user. Moving closer to the AP or changing the connection preference between 2.4 and 5GHz has no effect.

 

The only solution... so far is to locate which RADSEC(proxy) the AP is connecting to and reboot it...

Oak-AP106#show idm

IDM client: Enabled Per SSID

IDM Proxy IP: 10.31.120.40

IDM proxy: Disabled

RadSec Certificate state: Valid

RadSec Certificate Issued: 2019-01-15 08:25:32 GMT

RadSec Certificate Expires: 2020-01-15 08:25:32 GMT

 

Is the IDM Proxy supposed to show "DIsabled" even though the IP is listed and it is using that particular proxy for PPSK authentication?  

 

Anyone have any permanent solutions for the RADSEC issues???

0 Kudos
8 REPLIES 8

Shepherd
New Contributor

3 weeks ago

If PPSK stops working on some devices but not others on the same AP, it’s often due to RadSec proxy issues. High AP CPU usage can disrupt authentication exclude such APs from proxy roles. Firewall blocks on ports 2083 and 3000–3010, time sync problems, expired RadSec certificates, or MFP being enabled can also cause issues. Make sure the AP's time is correct, MFP is disabled, and devices have updated drivers. Running diagnostics and checking logs can help identify the problem. Rebooting the RadSec proxy often resolves the issue temporarily, but proper configuration is key for a permanent fix.

0 Kudos

Chanson_Gong
New Contributor

‎04-02-2025 06:19 PM

I have come across the same, from the proxy server ap I can see the ap is getting ip add but no matter how many times I tried to reset the idm or revert to device to policy template. It is still saying RadSec Certificate state: Not exist, not sure if I should reboot the proxy server aps to see if that will resolve the issue?

RadSec Certificate state: Not exist

and 

sh idm cert
RadSec certificate file is not installed.

0 Kudos

samantha_lynn
Esteemed Contributor III

‎10-16-2019 05:06 PM

Thank you for those files. Could you provide the MAC address of the client that wasn't able to connect when you pulled these logs?

0 Kudos

tgmatula
New Contributor

‎10-16-2019 04:29 PM

Logs uploaded.

 

0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN