Jamf Nation Community

nkalister · ‎10-09-2013

Hello jamfnation . . . I'm wondering if anyone else out there is using a similar wifi config as my org . . . we're using cisco access points and wireless controllers, macs are authenticating using certificates issued by our active directory certificate authority embedded in configuration profiles generated by profile manager on os x server.
We're seeing mac clients get kicked off of the wifi network very frequently, and cisco seems powerless to help us. We've had a TAC case open with them for about 6 weeks now and nothing they've tried has helped at all. This is affecting all macs at all of our locations, on machines running 10.7.x, 10.8.x, and the GM of 10.9
Apple vetted my configuration profile and found no issues. Anyone else using certifcate-based 802.1x authentication with cisco access points?

koepke · ‎10-10-2013

I have the same issue. Completely random drops. We're using Cisco APs. If I manually configure the wireless connection keying in the SSID and accepting the certificate is never drops but as soon as I use a 802.1x profile I get sporadic drops in wifi connectivity. How long has this been going on for you? My org is piloting Macs right now so we have less than 20 devices at the moment but if this gets bigger, manually configuring each device will be a nightmare.

Nix4Life · ‎10-10-2013

Hi Guys;

during me search for a login issue I can across this, it might help:
*"We've been having a terrible time with our clients dropping their wifi connections (and killing FirstClass sessions). After a lot of troubleshooting with Aruba, it was suggested that we run the following command on our test machine:

sudo defaults write /Library/Preferences/com.apple.airport.opproam disabled -bool true"*

and set MTU to 1453

tkimpton · ‎10-10-2013

Please can you post the url for everyone?

I'd like to look at it.

I've been having wifi drop outs for years and our network guy doesn't want to look in to it.

nkalister · ‎10-11-2013

So, apple responded to this today saying it's a known issue with system-level authentication in 10.8 and is fixed in 10.9. I've seen the issue with the 10.9 gm, though, so we'll see what apple says about that. They're looking at logs from my 10.9 GM test machine now.

bentoms · ‎10-11-2013

Does it only affect a certain version of the Cisco AP firmware?

200 ish clients fine here with Cisco AP's & controllers.

nkalister · ‎10-11-2013

are you using system-level 802.1x? according to apple, this only affects you if your authentication certificate is in the system keychain. also according to apple, it's not dependent on anything going on on the cisco side of things.

bentoms · ‎10-11-2013

Yep. Our macs have our internal CA cert installed & contact our CA & request a cert from it for the device (using the Machine template).

The mac can then authenticate @ a system level using the cert to our wireless.

So a basic 802.1x RADIUS setup I think.

Nix4Life · ‎10-11-2013

tkimpton

it was fwd to me in an email. I can post if you want . we use Meraki access points with the same authentication model

LS

ImAMacGuy · ‎10-14-2013

We had/have a problem with Meru, we found it was hopping between 2.4ghz and 5ghz due to band steering.

awimmer · ‎12-10-2013

Nick, I wish I had seen this posting sooner. I recently migrated 700 10.8.x users to 802.1x authentication, pushing a system-level profile. We are using Aerohive APs. A nightmare ensued with formerly stable users now dropping often and randomly. I had to back away from 802.1x to restore calm. I'd appreciate hearing any reports as to whether Mavericks has resolved this issue for others. Thanks.

alexjdale · ‎12-10-2013

Mavericks definitely solved these issues for us. We had a lot of stability problems that were addressed.

tkimpton · ‎12-10-2013

@alexjdale

Thanks for letting us know. Looking forward to Mavericks now :)

Jamf Nation Community

Cisco Wifi issues