802.1x issues

AVmcclint
Honored Contributor

Not exactly Jamf-related, but I'll toss this question out to the knowledgable masses. We are seeing some Macs losing all connectivity on our 802.1x Wifi. The computers have valid IPs and show that they are authenticated on 802.1x, but all pings (to & from and internal & external) fail. I got our network team involved and they show that the Macs seem to be repeatedly authenticating throughout the day. When a Mac is in this dead state, they show that everything on their end looks 100%. They can snap a Mac back into communicating by sending a command from their console to reauthenticate. In the /var/log/wifi.log file, often times it does not indicate any sign of trouble or activity at all at the time of the disconnection. There was one time I got the following line from the log at the exact timestamp the issue happened:

Mon Sep 30 09:54:15.138 <kernel> IO80211AssociationJoinSnapshot::captureRequestCallback Problem reported from corecapture

Other than that, there's no logged indicators of problems. In addition to the network team being able to force a reauthentication, we found that the simple act of disabling Wifi and enabling it again will restore connectivity. It seems that these problems started when we began upgrading to Mojave. Many of the affected Macs are updated all the way through 10.14.6 w/Supplemental update 2. Has anyone else experienced this kind of problem since going to Mojave?

3 REPLIES 3

ammonsc
Contributor II

We have an issue where the wireless network just completely disappears. We have to exclude the user from the configuration profile and then add them back in for the network to come back.

On a side note my son just had this issue with his Mac at college. Exactly like you stated. Looks fine, shows a valid IP, 802.1x auth is good. But nothing works. Only a shutdown fixed it. Restart would come right back up to the same state.

edickson
Contributor

Just thinking out loud here but with the Macs repeatedly authenticating during the day are they being locked out of something? I was thinking Active Directory style where if a user fails the authentication too many times they are locked out for X amount of time (or until IT Support unlocks their account).

If your network team doesn't see any issues might be good to run this by Apple support as well to see what they think.

agakhan_admin
New Contributor II

Is there any solution for this?