We have WPA2 and WPA3 checked at this time. The only issue we have seen have been with Windows 10 devices. We have a handful of Android 10 devices that as far as I know are mainly Pixel and Samsung that have not had issues. No Mac issues that I have heard about.
Jason Mallon Network Engineer, OIT The University of Alabama jemal...@ua.edu On Jun 26, 2020 5:12 PM, Paul Smith <psmi...@marian.edu> wrote: Q. Are you by any chance running WPA2 + WPA3 Enterprise with both the WPA2 and WPA3 boxes checked? We are currently on 8.10.121 and seeing this issue as well primarily with Windows devices. I have not seen any issues with Macs and authentication. A. No. WPA2 + WPA3, but only WPA2 is checked. I will experiment with this when I get back to the office. The big problem is it's impacting Windows 10 PCs. We have not seen the issue with iPhones or Android devices, but there may not be enough of them on campus right now to say for sure (we don't have a summer semester). We do have Mac's having a similar issue, but forgetting the SSID and re-selecting fixes any auth issues we see there. Q. FYI: I noticed that "over-the-ds" setting changed when we upgraded from 8.5 to 8.10.121.0. There may be other settings that changed as well. A. One of the engineers mentioned another setting was different (sorry, can't remember which it was), but then he called me right back and said that wasn't the issue. I believe there was something he found in the logs based on the conversation, so hopefully we'll have more info soon. It might've been beacon related, but I could have that planted in my head from an earlier post. Q. There was a memory leak in the AP. Clients were not moving from authentication to the AP through the association phase on the controller.(these terms seem backwards to me backwards -- authentication is finding the AP, association is the 802.1x/radius part). The AP was not forwarding the association PDU to the controller (so the radius servers never got to see request let alone send a rejection). Rebooting the AP at the time /might/ fix the problem, but if a large number of clients immediately connected to the newly rebooted AP it ran out memory and became semi-operational again. I'd check the AP rather than the controller logs to see what it's reporting. A. There's not an AP model on the campus that we've found the behavior any different. In our office where we test, it's a 2802 ... but the issue exists with the 3800's and even the new 9100's as well. Q. Have you tested your Android devices with FT disabled? (instead of FT Adaptive). I would be curious to hear what results you get. A. We haven't seen any issues with Android devices (yet), but we don't have enough on the campus to say for sure. We did go Adaptive at the suggestion of Cisco and a Presidio engineer because of some issues with iPads. So, I wouldn't be keen to change that. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
