Hello all,
We are running 4.8.2 and have an intermittent problem with Apple Macintoshes running Snow Leopard and Lion. Snow Leopard and Lion Macintosh computers take a long time to connect to wireless because there's a delay in getting an IP address, and of course they cannot be challenged to login until they have an IP address. The delay is anywhere from a minute to 3 minutes, and the machine will finally get an IP after much waiting. It doesn’t happen all the time and there doesn’t seem to be a pattern. But from the user point of view, they just can’t get onto wireless and don’t wait 3 minutes and just give up. I have confirmed a few things: 1. The total throughput of wireless traffic going through our CAS is only 50Mbps, so it doesn’t appear to be a congestion issue in the CAS. 2. The total number of users flowing through the CAS today is 853, we have a 5000 user license. 3. The AP isn’t overloaded and this problem will happen on an AP with no other users on it. 4. DHCP usage for the wireless subnets is low, so this isn't an issue of not having enough leases. 5. It happens only on our unencrypted SSID, which goes through the CAS; our 802.1x SSID bypasses the CAS and this problem doesn’t happen on that SSID. Both SSIDs go to the same enterprise DHCP server for IP addresses. 6. I had heard that OCSP changes in Snow Leopard/Lion was causing users to not be able to get to the web logon page—we do both web logon and Agent; we tried opening up the Unauthenticated role to Comodo’s OCSP server, but it didn’t help. I searched around online and found several things that people had done to fix similar Airport/Ethernet issues on the Apple client side: 1. Disabled ipV6 --> Problem still occurs. 2. Unclicked the check box, "Use Passive FTP Mode (PASV)" under Airport settings --> Problem still occurs. 3. Removed the SSID from list of Preferred Networks in Airport and rebuilt it --> Problem still occurs. 4. Disabled CRL --> Problem still occurs. 5. Disabled OCSP à Problem still occurs. 6. Repaired Keychain --> Problem still occurs. We did some sniffing and our DHCP server is apparently replying to the Apple with multiple DHCP offers, but the Mac just sits there, then finally it comes to its senses and takes the IP address. This suggests that it could be strictly a Snow Leopard/Lion OS problem to take up with Apple, but I still wanted to ask everyone here about it. So in summary, the IP address delay problem only happens on Apple Lion and Snow Leopard machines, on the normal, Non-802.1x SSID...it doesn't happen anywhere else on any other clients, e.g., iOS, Windows 7, XP, Android. Has anyone else seen this? Many thanks, -Aaron -- Aaron Abitia Network Analyst Network Administration, ITS Cal Poly State University Tel: 805.756.1295
