I work for a fairly large school district. We are seeing an issue with laptops randomly being unable to connect via wireless. The wireless works fine for a while....then suddenly quit. We have to connect them via wired...disjoin from domain...then rejoin. These connect via Cisco lightweight APs to Cisco controller. We see nothing in the Radius for the failing machines. We dont have a wireless sniffer.....so not sure where to go with this. The machine has to authenticate first....then the user.
Its hard to tell without some kind of a tool or log. Try looking in the controller/AP log files. You've probably got a poor SNR - from noise or poor power margin.
> disjoin from domain...then rejoin
If it were just a layer 2 disconnect you shouldn't be losing your security channel. Any errors in the client log? What does nltest say?
Wireshark is a good free sniffer and under linux (I use Backtrack) you can capture management packets. It would be worth it to find a laptop with a supported card and at least use a bootable disk, though you should have plenty of spare hard drives to slap a Backtrack install on. That way you can watch the association negotiation.
When you say you see nothing, do you mean nothing unusual or nothing at all? Can you log successful attempts? It sounds like a 802.1X problem to me. I assume you don't have port control on your wired network. It might be interesting to see what happens if you do 802.1X on a hard wired port.
Sorry....I am a farily newbee when it comes to wireless. My background is mostly in wired networks. Trying to learn wireless and help out at the same time. I had mentioned trying Wireshark...but was told that since it is encrypted traffic....it wouldnt do any good. It is certificate based. Would Wireshark decrypt?
To Contributor....there are pleanty of successful attempts...just dont see any unsucsessful attempts from the suspect client. This on the radius.
If only few/particular devices are disconnecting there might be problem with the driver(I have experienced this in some of the HP & Dell laptops having broadcom radios)
Also every AP/Controller allows you to enable logging. By looking at the logs you can try to resolve. I am not sure how to enable logging in Cisco however there will option to log the events to the console or syslog server.
You said "The machine has to authenticate first....then the user."
Does rebooting the laptop fix everything?
Sounds like the machine session is lost and then you are trying to login with just the user credentials. I used to work for a wireless vendor that offered a solution like this and it was a pain in the rear because you cant initiate a machine login in windows before the user login, if the user is already logged in.
Ok, you can but its far far less work than rebooting the laptop. If this is indeed your problem were the machine session is lost and you need to reboot the laptop, you might want to go with a certificate based solution instead.
[quote] I had mentioned trying Wireshark...but was told that since it is encrypted traffic....it wouldnt do any good. It is certificate based. Would Wireshark decrypt?[/quote]
Wireshark will not decrypt it but you can certainly capture the authentication frames and see where thing break down. There is a ton of useful information you can get just by watching the frames as one of your clients tries to connect. Definitely do a Wireshark capture and then filter all but the client and the BSSID.
On the Wlc do a client debug, that will give you lots of information on the clients state machine.
debug client <mac address>
<p>gucci handbags sweet or bitter Was the acidity by means of the wines properly sensible with each of the several other elements What gucci bags merchandise achieved it go properly with Could gucci outlet consume this wine when again should you do such as the wine, jot along the brand in the wines, the true producer at the same time to yr concerning traditional to make sure gucci outlet online you can uncover this wines when againWith regard to enlarger within of the safekeeping strength, there tiffany and co outlet are a tremendous amount of dishes that may tiffany jewelry outlet helpful. collectively with enhancing the particular safekeeping benefits of an individual, the usage of those dishes allows in most round development. to possess the ability to preserve should you are a00 concerning intelligence, we advise that individuals consume healthful foods. natural merchandise help enhance a person abilities, like a end result of absence of any type of artificial artificial additives within them. should you have standard efficacy substandard, increased supplementation and necessary</p>