I remember that as well. I'm not against bashing Cisco when they deserve it. But this also reminds me that Apple causes their share of problems. In fact, I would say that lately Apple clients cause more problems for us than any other client. Beyond all of the driver issues (historic and recent), we have had many problems with their 802.1x implementation as well. They seem to want to change it just enough with every OS to mess up anything we do to automate the provisioning of configurations etc. In many cases their 802.1x config will work automatically, but ignoring our cert server settings. When they first went to leopard, there was a bug that required that their NIC be shut down and restarted before someone could connect. We also have issues with the way they store 802.1x credentials in clear text. They don't seem to understand the problem with that. And, while I'm piling on Apple I should also mention that we have had many more security incidents with Apple devices this past semester than PC's due to DNS hijackings. We have also been very frustrated in any attempts to communicate our concerns to Apple. It is all a bit ironic to me that this happens on a platform that is purported to be inherently more secure than PC.
Pete Morrissey -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Frank Bulk Sent: Thursday, January 22, 2009 11:43 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues Thanks for this URL. Reminds me of the Apple iPhone/Cisco Wi-Fi network issue. Frank -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Dale W. Carder Sent: Thursday, January 22, 2009 9:49 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues Frank, I think the dhcp issues have been related to rfc 4436. Also, see this thread for other issues apple's implementation of dnav4 has had historically. http://lists.sans.org/pipermail/unisog/2007-January/027056.html Dale On Jan 22, 2009, at 9:27 PM, Frank Bulk wrote: > Kristina: > > Is the SE talking about using DHCP INFORM instead of DHCP RENEW? > > Frank > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Kristina > Gasca > Sent: Thursday, January 22, 2009 5:58 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues > > This is what we heard from our SE concerning our Macintosh > connectivity > issues -- although i quote "This is my personal view on the issues I > have seen, and are not to be taken as an official word on the problem > from the big C..." > > However the latest version of drivers are supposed to fix these > problems > -- especially the roaming. > > ***************************** > Basically, we have seen 2 issues with Macs. > One issue has to do with the way the MAC does DHCP, and specifically > DHCP renewing of leases. The Mac implements a newer RFC which > attempts > to use old DHCP lease information if there is still time available on > the lease. It does this without going through the "normal" DHCP lease > refresh process. If the controller is configured to "require DHCP" > then > the controller will not know what to do with the packets from the Mac > until it goes through the normal dhcp lease process. The Mac will > eventually go though a full DHCP process and "fix" itself, but then > process can take a period of time. The workaround for this is to > remove > the "DHCP required" checkbox on the WLAN. > > The other issue has to do with Mac roaming. This issue is being > addressed by Apple with new drivers. The reality is that the Apples > were build for hotspot type access where it tried to hang on the AP > until the signal goes all very low (to 0 SNR in some cases). > Apparently > Apple is rewriting their wireless stack to give better roaming > performance, but I am not sure when Apple will release the driver. > > ***************************** > > Angela K Hollman wrote: >> >> I have noticed the Macs failure to get an IP even though they pass >> the >> 802.1x authentication. This problem seemed to get a lot better moving >> from 10.4 to 10.5 and even a little better with the latest 10.5 >> releases. However, when a client first authenticates after having >> their computer off-campus, it seems the Airport has to be toggled off >> and back on once or twice before the Mac receives an IP. I have been >> getting the information out to Mac users to toggle the Airport off >> and >> back on but the problem is very annoying. >> >> I have not noticed any of the 11a problems mentioned. >> _________________ >> Angela K. Hollman >> Information Technology Services >> Network Manager >> (308)865-8176 >> >> >> From: Lee H Badman <[email protected]> >> To: [email protected] >> Date: 01/22/2009 10:58 AM >> Subject: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues >> Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv >> <[email protected]> >> >> >> ------------------------------------------------------------------------ >> >> >> >> We saw this in earlier versions of OS X, then things got better with >> some of the earlier 10.5.x code, but now seems to be getting worse >> again. Wondering if anyone else is seeing Mac behavior along these >> lines on the latest Apple code versions including 10.5.6: >> >> >> >> * Clients will associate to lesser-quality 11a cells even though >> better 11g signal is present (FREQUENT) >> * Clients will stick to the 11a AP they associate with even when >> they have the opportunity to move to better (stronger, less >> users, good SNR) 11a signal (FREQUENT) >> * Clients appear to be fine in every way- good association, good >> SNR and signal strength, pass 802.1x authentication, all >> indications are fine. Yet they have difficulty getting IP >> address or doing anything else despite their nearby peers having >> no issues at all, in cells that are not overtaxed. (LESS >> FREQUENT) >> >> >> >> We have about 35% Macintosh penetration among our 5-6 thousand user >> per day client count. But of late, every wireless client issue not >> easily resolved seems to be with Mac hardware doing the above >> described. >> >> >> >> Is any one else feeling these symptoms? >> >> >> >> -Lee >> >> >> >> >> >> Lee H. Badman >> >> Wireless/Network Engineer >> >> Information Technology and Services >> >> Syracuse University >> >> 315 443-3003 >> >> >> >> ********** Participation and subscription information for this >> EDUCAUSE Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> ********** Participation and subscription information for this >> EDUCAUSE Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Kristina Gasca, Wireless Network Engineer > North Carolina State University > Communication Technologies > 919.515.0107 (office) > 919.515.1641 (fax) > [email protected] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ********** > Participation and subscription information for this EDUCAUSE > Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
