Issue with OSX 10.11.6 and Aerohives

  • 1
  • Question
  • Updated 1 year ago
I have had an issue that has come up in the past few weeks that is evident only on our Aerohive system and only on those devices utilizing OSX (specifically 10.11.6 as that is the SOE currently).

We are running a RADIUS authentication service utilizing 802.11x Machine Certificates and User Authentication for roaming staff (staff that move between two or more locations within our extended WAN).

This issue is the devices can only intermittently connect, yet can connect to our Cisco infrastructure in another part of the site (same network. same RADIUS server, just different WAP's/Controller).

If a reboot is done, clients can connect for a short period, but drop off after give or take 5 minutes.


Anyone got any idea's
Photo of Justin

Justin

  • 2 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
I personally have not studied this but suggest troubleshooting:
- do the problems happen when devices aren't roaming from site to site?
- if you disable then re-enable wireless on the MB, do things work?
- if you force a disconnect on the Aerohive side, do the devices reconnect?
- if you run client debugs against the mac on the Aerohive side, what does that show?
- are you seeing failed attempts in the RADIUS logs or is the connection not getting that far?
- if you try using 802.1x without machine authentication, is the problem seen?
- is the same SSID used for the Cisco infrastructure as for the Aerohive infrastructure and 
if so, is the problem seen if you establish a different SSID for each vendor?
- if you backend the Aerohive SSID to a different RADIUS server than the Cisco SSID, do you see the problem?
- with a MB configured for only Aerohive SSID, is the problem seen?
- have you explored whether this could be a dhcp (does ifconfig -a show an address) or DNS issue?  
- if the RADIUS server and/or debugs show access-accept, can you do a dhcp renew from the CLI?
- if the RADIUS server and/or debug show access-accept, are you see a dhcp broadcast from the MB?
- if you set up the switch upstream as a dhcp server and do debugs there, are you seeing dhcp requests after the access-accept?
Photo of Aaron Valente

Aaron Valente

  • 42 Posts
  • 3 Reply Likes
I have experienced a similar issue with OSX devices but I believe mine is more an issue with the CWP. Using the 802.11x authentication through RADIUS works perfectly for clients on any other device but the CWP wont even display (or when it does it wont authenticate) on OSX devices.  I have yet to find a solution, I even explored completely dismantling this SSID to start over....