Yes on both.
It is unclear to me however why a Mac would check crl when roaming between
WAPs. Seems like a bug to me.
[email signature]
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
(Network Services)
Sent: Thursday, December 05, 2013 7:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eapol-Rate-Optimization
Are you sure the CRL server is accessible from the client? Turning off that
check sound like added security risk.
From: Marcelo Lew [mailto:marcelo@du.edu]
Sent: Wednesday, December 4, 2013 11:32 AM
Subject: Re: Eapol-Rate-Optimization
We also tried EAPOL-rate-opt. It did help with the Mac roaming issue, but it
adds too much overhead and affects throughput quite a bit. We are on 6.3.1.1,
and I still see the issue (testing on Macbook running Mavericks). Only fix
that worked (per user fix) for us, is unchecking OCSP and CRL under
keychain/preferences/certificates.
Marcelo
Marcelo Lew
Wireless Network Architect Engineer
University Technology Services
University of Denver
Desk: (303) 871-6523
Cell: (303) 669-4217
Fax: (303) 871-5900
Email: m...@du.edumailto:m...@du.edu
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeff Kell
Sent: Tuesday, December 03, 2013 7:44 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eapol-Rate-Optimization
On 12/3/2013 9:34 PM, Wright, Don wrote:
Just curious, have any Aruba shops tried enabling EAPOL rate optimization
to try helping with the Apple roaming/dropping issue? It's a new setting in
6.1 and while it didn't help in my testing, I've heard others have had success
with it. Would someone care to update with details?
We have had issues with MacOS devices and roaming. Three variables were
suggested - OKC, PMKID, and EAPOL-rate-opt.
We had OKC / PMKID both enabled, no EAPOL-rate-opt, and interval between ID
requests at 30 seconds. Wandering around a well-covered building with a MacOS
laptop pinging a fixed target and it would disassociate / reassociate /
reauthenticate with significant delay in between; Windows laptop did not have
this issue (maybe drop a packet or two between roaming targets). We tried
disabling OKC by itself, but it seemed to make no difference. This was
discussed on the list before so I'll not repeat the whole issue.
We tried the EAPOL-rate-opt, and we would drop a handful of pings, but
essentially keep a connection intact. So yes, it did appear to help. It's not
100% still (is anything wireless ever 100%?) but was a solid improvement over
the previous case.
We're still grabbing at straws to improve the mobility, and hoping perhaps
the sticky client voodoo in 6.3 might help the issue as well.
Jeff
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
inline: image001.jpg