Hello jamfnation . . . I'm wondering if anyone else out there is using a similar wifi config as my org . . . we're using cisco access points and wireless controllers, macs are authenticating using certificates issued by our active directory certificate authority embedded in configuration profiles generated by profile manager on os x server.
We're seeing mac clients get kicked off of the wifi network very frequently, and cisco seems powerless to help us. We've had a TAC case open with them for about 6 weeks now and nothing they've tried has helped at all. This is affecting all macs at all of our locations, on machines running 10.7.x, 10.8.x, and the GM of 10.9
Apple vetted my configuration profile and found no issues. Anyone else using certifcate-based 802.1x authentication with cisco access points?
I have the same issue. Completely random drops. We're using Cisco APs. If I manually configure the wireless connection keying in the SSID and accepting the certificate is never drops but as soon as I use a 802.1x profile I get sporadic drops in wifi connectivity. How long has this been going on for you? My org is piloting Macs right now so we have less than 20 devices at the moment but if this gets bigger, manually configuring each device will be a nightmare.
during me search for a login issue I can across this, it might help:
*"We've been having a terrible time with our clients dropping their wifi connections (and killing FirstClass sessions). After a lot of troubleshooting with Aruba, it was suggested that we run the following command on our test machine:
sudo defaults write /Library/Preferences/com.apple.airport.opproam disabled -bool true"*
and set MTU to 1453
So, apple responded to this today saying it's a known issue with system-level authentication in 10.8 and is fixed in 10.9. I've seen the issue with the 10.9 gm, though, so we'll see what apple says about that. They're looking at logs from my 10.9 GM test machine now.
are you using system-level 802.1x? according to apple, this only affects you if your authentication certificate is in the system keychain. also according to apple, it's not dependent on anything going on on the cisco side of things.
Yep. Our macs have our internal CA cert installed & contact our CA & request a cert from it for the device (using the Machine template).
The mac can then authenticate @ a system level using the cert to our wireless.
So a basic 802.1x RADIUS setup I think.
Nick, I wish I had seen this posting sooner. I recently migrated 700 10.8.x users to 802.1x authentication, pushing a system-level profile. We are using Aerohive APs. A nightmare ensued with formerly stable users now dropping often and randomly. I had to back away from 802.1x to restore calm. I'd appreciate hearing any reports as to whether Mavericks has resolved this issue for others. Thanks.