Reconnecting to 802.1X SSID takes long time

  • 1
  • Question
  • Updated 3 years ago
I have not noticed any errors on NPS, AD, or aerohive side when a client is reconnecting first time in the morning to the radius SSID, it takes usually 2 - 3 minutes, later while they move - the roaming is pretty fast. All clients are Mac OS, 10.10. For me that 3 minutes to be connected to the radius is a bit to long. 
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
To triage this to the culprit, have you:

  • Looked at a client monitor capture?
  • Looked at a capture of the EAPOL in the air?
  • Looked at a capture of the RADIUS traffic?
I'm very happy to take a look if you can collect this information :)
(Edited)
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Yes, I use client monitor tool so far, but did not notice any errors. I have checked the events on the NPS server but all clear. 

I did not look for:

  • Looked at a capture of the EAPOL in the air?
  • Looked at a capture of the RADIUS traffic?
Should I use wireshark for both of these? 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You can get EAPOL captures via an independent laptop that watches the exchange in monitor mode, either Wireshark (Mac or Linux) or Microsoft's Message Analyzer (Windows Vista or later and an NDIS 6.x driver that supports monitor mode).

Yes, these tools can be used to capture the RADIUS traffic between the authenticator (AP) and the authentication server (NPS).

You can install Wireshark or Message Analyzer on your NPS server to get a capture there.
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Are you aware of the following bug in OS X where it attempts to revocation check the server certificate, a nice catch-22 when you have no network access at that point?

https://support.apple.com/en-us/HT203841
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
I've definitely had issues with our MacBooks reconnecting to the 802.1X network after being home for the evening
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Hmm, interesting. Thank You for all Your help. I will use wireshark for troubleshooting.