Announcement

Collapse
No announcement yet.

Access Point - AIR-AP1231G-A-K9 - PCs can connect but Apple Macs Cannot ...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access Point - AIR-AP1231G-A-K9 - PCs can connect but Apple Macs Cannot ...

    Hello,

    This is a sort of follow up to a post I made a few days ago. I made changes to my access points and on Windows computers everything works but on Apple products (Macs, iPads, iPhones) the strangest things happen.

    (1). About 90% of the time nothing works in that we get NO connection to the Access Point. In the client association logs we see the Mac Address show up but there is a 0.0.0 address where it seems like the device is trying to get an DHCP lease. After a while, the device gets the IPPA address of 169.X.X.X.

    (2) After a extended period of time (an hour or more) the Apple device eventually gets an IP address from the network and then is able to successfully connect to the network. However, the connection is short lived and drops after about 30 minutes to an hour.

    Is there a problem with the way Apple products encapsulates their network traffic versus Windows or other products?

    Again, this not affect any Windows or Andriod based devices (laptops, phones, etc.) They can connect right away and never drop out.

    Below is the configuration file for the AP in question, although this is affecting all of our APs:

    Code:
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname AP-5
    !
    enable {Authentication Information}
    enable {Authentication Information}
    !
    username {Authentication Information}
    username {Authentication Information}
    ip subnet-zero
    ip domain name {Domain here}
    !
    no aaa new-model
    !
    dot11 ssid (Secure) Staff/Faculty
       vlan 70
       authentication open 
    !
    dot11 ssid Public
       vlan 60
       authentication open 
       guest-mode
    !
    !
    !
    bridge irb
    !
    !
    interface Dot11Radio0
     no ip address
     no ip route-cache
     !
     ssid (Secure) Staff/Faculty
     !
     ssid Public
     !
     speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
     station-role root
     no cdp enable
    !
    interface Dot11Radio0.60
     encapsulation dot1Q 60 native
     no ip route-cache
     no cdp enable
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     no bridge-group 1 unicast-flooding
     bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.70
     encapsulation dot1Q 70
     no ip route-cache
     no cdp enable
     bridge-group 70
     bridge-group 70 subscriber-loop-control
     no bridge-group 70 source-learning
     bridge-group 70 spanning-disabled
    !
    interface FastEthernet0
     no ip address
     no ip route-cache
     duplex auto
     speed auto
    !
    interface FastEthernet0.60
     encapsulation dot1Q 60 native
     ip address 10.60.255.5 255.255.0.0
     no ip route-cache
     bridge-group 1
     no bridge-group 1 source-learning
     bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.70
     encapsulation dot1Q 70
     ip address dhcp
     no ip route-cache
     bridge-group 70
     no bridge-group 70 unicast-flooding
     bridge-group 70 spanning-disabled
    !
    interface BVI1
     ip address 10.60.255.5 255.255.0.0
     no ip route-cache
    !
    ip default-gateway 10.60.0.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1 
    logging snmp-trap emergencies
    logging snmp-trap alerts
    logging snmp-trap critical
    logging snmp-trap errors
    logging snmp-trap warnings
    bridge 1 route ip
    !
    !
    !
    line con 0
     transport preferred all
     transport output all
    line vty 0 4
     login local
     transport preferred all
     transport input all
     transport output all
    line vty 5 15
     login
     transport preferred all
     transport input all
     transport output all
    !
    end

  • #2
    Re: Access Point - AIR-AP1231G-A-K9 - PCs can connect but Apple Macs Cannot ...

    The DORA process should be the same for mac's as it is for windows. We run 1242's on our network with no issues on windows,mac, android etc.

    The only thing I can say to do is crate a SPAN session and do a packet capture of the dhcp process.


    Do you see the the association to the access point from an affected client?


    show dot11 associations
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Access Point - AIR-AP1231G-A-K9 - PCs can connect but Apple Macs Cannot ...

      Originally posted by auglan View Post
      The DORA process should be the same for mac's as it is for windows. We run 1242's on our network with no issues on windows,mac, android etc.

      The only thing I can say to do is crate a SPAN session and do a packet capture of the dhcp process.


      Do you see the the association to the access point from an affected client?


      show dot11 associations
      Yes, we see the associations from both the web interface as well as the commandline. Here is a sample of them:

      Code:
      802.11 Client Stations on Dot11Radio0:
      
      SSID [Public] :
      
      MAC Address    IP address      Device        Name            Parent         State
      001c.f093.e06e 10.60.0.46      unknown       -               self           Assoc
      00aa.7071.97c7 10.60.0.136     4500-radio    -               self           Assoc
      0446.65f9.4d55 10.60.0.69      unknown       -               self           Assoc
      4025.c2c8.1908 10.60.0.123     4500-radio    AP-5            self           Assoc
      64a7.6972.4257 10.60.0.11      unknown       -               self           Assoc
      8853.95a8.44d1 0.0.0.0         unknown       -               self           Assoc
      9021.5571.5110 10.60.0.90      unknown       -               self           Assoc
      b88d.122c.3eb0 10.60.0.118     unknown       -               self           Assoc
      b8c6.8e0a.f22b 10.60.0.103     4500-radio    -               self           Assoc
      d023.db3f.9448 10.60.0.96      unknown       -               self           Assoc
      d8a2.5e12.9726 0.0.0.0         unknown       -               self           Assoc
      e0b9.ba10.332a 0.0.0.0         unknown       -               self           Assoc
      The addresses that are marked with "0.0.0.0" are the problems, they stay like that forever.


      I can try a span session and see what happens. Thanks.

      Comment

      Working...
      X