-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan, > thanks for the list > > > I can confirm all of these issues. Also, if you have WPA/AES > turned on, then the Mac wont touch the lovely WPA2/AES I haven't seen this. We have WPA/WPA2 TKIP/AES, and the Mac appears to always pick WPA2. Unfortunately I don't know what cipher it's using, as the controller won't tell me, and they got rid of the airport utility in leopard (grrr).
If you can get some Beacon frames with your Cisco APs, I can send you some from our HP kit, see if there's anything obvious about the way it's advertising supported ciphers/ security standards. > - ie it wont do 802.11n properly. if you reratify the wifi so you > only do WPA/TKIP and WPA2/AES then the Mac is a _little_ happier > > I can also confirm the DHCP issu e- if you set the client ID then > the Mac gets a DHCP address faster. not the speed expected...but > faster. (we use ISC DHCPD and I've been looking for ANYTHING that > will speed the Mac client up!) Packet traces.... You should be able to take these on the Mac with tcpdump or Wireshark. DHCP is a relatively easy protocol to debug; if there are issues, report them to Apple. It might be something stupid like the event generated by the supplicant that prods the DHCP client into trying to get a lease, is generated when the supplicant gets an EAP-Success *not* when the 4-Way handshake completes. From my experience Macs usually try and renew their previous lease before requesting a new one, so this may add some additional latency. > we've put in another Cisco TAC case regarding Apple kit. I blame > cisco as much as apple (the apple stuff works in different ways on > Trapeze and netgear APs) Yes, i've found them to work more reliably on Trapeze. Mine was connecting fine using WPA2-Enterprise at NW to an Aruba 802.11n AP... hmm actually it did take a few 'Turn offs' 'Turn ons' to get an IP with those.... But then the Cambridge infrastructure seemed to be pretty sucky anyway. With the ProCurve 530s we used to have, the Macs would sometimes go blind to all networks other than the one they were currently connected to. I.e. when you click the little wireless Icon, you'd only see the network you were connected to. > > back onto topic: I've noticed RADIUS stuff on the Mac is quite > sucky...it seems to go through PEAP or TTLS at least once too many > times. almost like its ignoring a reply or 'having another go' - is > this something engineered into the OS so they work better with > Airports ? :-( > Have you actually traced the wireless traffic (passively), are you sure it's the Macs at fault with this one? We saw the 'having another go' issue, but it was due to a timer problem on our WESM (Wireless Edge Service Module). The WESM would send ST Nonce to the Mac, then restart authentication by sending an EAP-Identity-Request, it'd do this a ~13 times before letting the Mac respond with ST Nonce. This may not be a RADIUS issue at all. Arran -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknbV84ACgkQcaklux5oVKIHqQCcCwLelr4pJ71c0JlkKU+Yf3uv 6wgAn2t7ww0+5nX6un73XfUP9DWaORYI =1hdq -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
