We noticed that the WLAN with band/load-steering enabled had a high report rate of Macintosh connectivity issues, and the WLAN that did not was trouble free. I suspect what was happening was this: Mac would initially associate (Ent-WPA2), then the controller would force it to move to another band and/or AP. It's at this point (a roam) that the Apple certificate issue would kick in, and it was hit or miss as to the Mac re-associating or failing. This was especially problematic when a Mac client was equidistant from two AP's. Turning off band/load steering pretty much eliminated the bulk of the connectivity issues, and trusting the certificate solved the rest. Band/load steering is just problematic because you can never predict how a client will react to it. Jeff
>>> On Friday, January 31, 2014 at 10:57 AM, in message >>> <CAPCnwUdh-=jawm78pjfuu1n9bhs9d_japthbfnwrrgsrbzg...@mail.gmail.com>, >>> Norman Elton <normel...@gmail.com> wrote: Interesting. What were the band-steering symptoms? Any way to pin the problem down to band-steering, or was it trial and error? Norman On Fri, Jan 31, 2014 at 1:44 PM, Edward Ip <i...@algonquincollege.com> wrote: I agree with Jeff, we recently disabled band steering on our Aruba controllers and it has helped a bit. Edward Ip Algonquin College | 1385 Woodroffe Avenue | Room C316 | Ottawa | Ontario | K2G 1V8 | Canada algonquincollege.com From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 31, 2014 1:40 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] OS X 802.1x auth issue We've seen the cert issue, and OS 10.8 and 10.9 don't seem to like band/load-steering. The cert issue coupled with band-steering and/or load-steering make the Mac's very unhappy. Jeff >>> On Friday, January 31, 2014 at 10:05 AM, in message >>> <CAPCnwUdAuZqKuFwOycKrGmXgiKCrb_Wy82=o5xc3be+o7an...@mail.gmail.com>, >>> Norman Elton <normel...@gmail.com> wrote: And a follow up. Has anyone actually confirmed that this bug is actually causing client complaints? We do seem to riding a wave of complaints from MacBook owners. We are only just now starting to change cert trust settings. Hopefully we'll know more next week as students have a chance to test things out over the weekend. Norman Elton College of William & Mary On Fri, Jan 31, 2014 at 12:59 PM, Norman Elton <normel...@gmail.com> wrote: >> It also appears specific to certs based on 2048 bit keys. Also there is no >> cert validation delay upon initial connect... only when attempting to >> reauth... ie after a death or a roam event. > > Can anyone confirm the bug only affects certs with 2048 bit keys? I > don't see that listed anywhere in Apple's release. It's an interesting > twist. > > Thanks! > > Norman Elton > College of William & Mary ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.