Cisco Wifi issues

nkalister
Valued Contributor

Hello jamfnation . . . I'm wondering if anyone else out there is using a similar wifi config as my org . . . we're using cisco access points and wireless controllers, macs are authenticating using certificates issued by our active directory certificate authority embedded in configuration profiles generated by profile manager on os x server.
We're seeing mac clients get kicked off of the wifi network very frequently, and cisco seems powerless to help us. We've had a TAC case open with them for about 6 weeks now and nothing they've tried has helped at all. This is affecting all macs at all of our locations, on machines running 10.7.x, 10.8.x, and the GM of 10.9
Apple vetted my configuration profile and found no issues. Anyone else using certifcate-based 802.1x authentication with cisco access points?

12 REPLIES 12

koepke
New Contributor II

I have the same issue. Completely random drops. We're using Cisco APs. If I manually configure the wireless connection keying in the SSID and accepting the certificate is never drops but as soon as I use a 802.1x profile I get sporadic drops in wifi connectivity. How long has this been going on for you? My org is piloting Macs right now so we have less than 20 devices at the moment but if this gets bigger, manually configuring each device will be a nightmare.

Nix4Life
Valued Contributor

Hi Guys;

during me search for a login issue I can across this, it might help:
*"We've been having a terrible time with our clients dropping their wifi connections (and killing FirstClass sessions). After a lot of troubleshooting with Aruba, it was suggested that we run the following command on our test machine:

sudo defaults write /Library/Preferences/com.apple.airport.opproam disabled -bool true"*

and set MTU to 1453

tkimpton
Valued Contributor II

Please can you post the url for everyone?

I'd like to look at it.

I've been having wifi drop outs for years and our network guy doesn't want to look in to it.

nkalister
Valued Contributor

So, apple responded to this today saying it's a known issue with system-level authentication in 10.8 and is fixed in 10.9. I've seen the issue with the 10.9 gm, though, so we'll see what apple says about that. They're looking at logs from my 10.9 GM test machine now.

bentoms
Release Candidate Programs Tester

Does it only affect a certain version of the Cisco AP firmware?

200 ish clients fine here with Cisco AP's & controllers.

nkalister
Valued Contributor

are you using system-level 802.1x? according to apple, this only affects you if your authentication certificate is in the system keychain. also according to apple, it's not dependent on anything going on on the cisco side of things.

bentoms
Release Candidate Programs Tester

Yep. Our macs have our internal CA cert installed & contact our CA & request a cert from it for the device (using the Machine template).

The mac can then authenticate @ a system level using the cert to our wireless.

So a basic 802.1x RADIUS setup I think.

Nix4Life
Valued Contributor

tkimpton

it was fwd to me in an email. I can post if you want . we use Meraki access points with the same authentication model

LS

jwojda
Valued Contributor II

We had/have a problem with Meru, we found it was hopping between 2.4ghz and 5ghz due to band steering.

awimmer
New Contributor

Nick, I wish I had seen this posting sooner. I recently migrated 700 10.8.x users to 802.1x authentication, pushing a system-level profile. We are using Aerohive APs. A nightmare ensued with formerly stable users now dropping often and randomly. I had to back away from 802.1x to restore calm. I'd appreciate hearing any reports as to whether Mavericks has resolved this issue for others. Thanks.

alexjdale
Valued Contributor III

Mavericks definitely solved these issues for us. We had a lot of stability problems that were addressed.

tkimpton
Valued Contributor II

@alexjdale

Thanks for letting us know. Looking forward to Mavericks now :)