We've had complaints for a while that would come in sporadically, but didn't pay them much mind as it was always difficult to reproduce. The complaint was with Apple devices (normally OSX) that would just drop connectivity and then reestablish moments later. People would complain that our secure SSID (our primary EAP-TLS WPA2-Ent SSID) was not stable. It was always from Apple users. Recently, however, one of our employees with an Apple running OSX (Yosemite) started to have the problem routinely on our PSK SSID. When I turned on debugging in the logs, the following message was logged every time he dropped:
Sep 5 10:53:48 :501105: <NOTI> |AP RB_House_016@172.28.65.99<mailto:RB_House_016@172.28.65.99> stm| Deauth from sta: 48:d7:05:bf:28:e5: AP 172.28.65.99-00:1a:1e:52:dd:51-RB_House_016 Reason Ptk Challenge Failed When I did a google the Ptk Challenge failed, it turned up an Airheads forum that said that since OSX devices don't support Opportunistic Key Caching, having this enabled on your controllers could cause drops on these devices when they roam from AP to AP. We disabled it on both out UNC-Secure and UNC-PSK SSIDs, and yet the user is still having disconnects, and we still see this message when his device drops. We actually see a LOT of these messages in the logs now that I have turned on the proper notification logging, indicating that this error message is either a red herring, or a lot more prevalent in our environment that we had hoped for. I plan on opening a case with Aruba, but before I beat my head against a wall for the next couple of hours with a support engineer, have any of you seen this problem and tackled it? Ryan H Turner Senior Network Engineer The University of North Carolina at Chapel Hill CB 1150 Chapel Hill, NC 27599 +1 919 445 0113 Office +1 919 274 7926 Mobile ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.