Facebook issue with WPA Enterprise

  • 1
  • Question
  • Updated 1 year ago
Hi,

We are seeing issues where Facebook is not refreshing at all, comments/images do not open up properly on mobile phones on our WPA Enterprise (802.1X) Authenticated SSID, however it works fine on SSID with private PSK.

I have experienced this issue first hand on Android Phones but we have received complaint for iphones as well.

Is there a known issue going around. Or could there be a fix for it.

Our Infrastructure has AP330 (6.5r6) and AP250 (7.1r1).

Any help is greatly appreciated.

Thanks
Sajid
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Sajid,

What are you using as the RADIUS server? NPS?

If so, can you follow the suggestion here:

https://community.aerohive.com/aerohive/topics/since-upgrading-hivemanger-to-6-8r5-we-cannot-push-a-...

Then, reboot all your APs at the same time.

Thanks,

Nick
(Edited)
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi Nick,

Thanks for your message.

Sorry I'm a bit confused, if the link you provided is related to my facebook issue. We are using NPS but why is the authentication/accounting issue related to facebook traffic. 

We were having Radius Accounting errors when we had AP330 on 6.5r5 but after upgrading to 6.r6 that was resolved. However, the Facebook issue is still there i.e. newsfeed/videos/comments etc are not opening up correctly.

Thanks
Sajid
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I was merely trying to read between the lines, assuming a wider connectivity issue than something that just affects Facebook as you said that this affected 802.1X and not PPSKs.

HiveOS 7.1r1 is still affected by that issue that pertains to RADIUS Class attributes and this can affect other APs in the same hive, it pertains to the roaming cache exchange. This will be resolved in an upcoming release of HiveOS.

The method of authentication by itself will not discriminate based on traffic type in this way. It will not target Facebook specifically, it does not work like that.

You would need to supply more data about the issue. Have you considered opening a support case for this to be investigated?
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi Nick,

Interesting point you raised about HiveOS 7.1r1. We have AP250 on 7.1r1 but do not see Radius errors as we used to see with 6.5r5 (AP330). Will keep an eye out for the errors.

I was thinking about the support case, but the issue seemed like common making me believe others might be facing similar sorts.

Thanks for your assistance.

Sajid
Photo of Eastman Rivai

Eastman Rivai, Official Rep

  • 146 Posts
  • 17 Reply Likes
Sajid,

Can you confirm if both SSID (dot1x and PSK) are on the same user profile? Is there any firewall configured on the user profile?

Eastman
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi Eastman,

Thanks for your reply.

Both SSIDs map to different User profile with different firewall policy(but same rules) applied on user profiles.

They both pass through CVG tunnel as well.

Sajid
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi,

I've done some testing on this.

Doesn't look like dot1X/PSK issue, as I tried the problematic SSID to PSK it still didnt work. I also tested for mobile device to bypass CVG tunnel and it didnt work. Started to think its a network issue (could still be), but then i bought another company WiFi router and tested the same thing on same VLAN and it was working. 

I've allowed everything and simplified things so the mobile just gets an IP and goes out to network. Still facebook not working :(.

Don't know what to do here.

Sajid
Photo of Eastman Rivai

Eastman Rivai, Official Rep

  • 146 Posts
  • 17 Reply Likes
Sajid,

Have you tried completely removed the firewall from the network policy and tested? Perhaps you can share your configuration with us.

Thank you,

Eastman
Photo of Sajid Abbas

Sajid Abbas

  • 14 Posts
  • 0 Reply Likes
Hi,

I removed the FW policy but couldn't get the issue to resolved.

Sajid