Wanted to share an issue we've been chasing down over the last few months. We have passed on our findings to Apple as well in hopes it can be addressed.
Originally noticed as post-2013 MacBook Airs having difficulty acquiring an IP address via DHCP in a WPA2-PSK Cisco environment. Long story short we found that HP printer LLC frames seemed to be causing the MBA to stop processing packets. Turning the DLC/LLC feature off on the printers resolved the issue immediately. Other packets could potentially do the same. It seems an Apple/Broadcom 4360 related issue which acted as follows: 2013+ MBA starts/wakes up and sources an LLC broadcast query (not sure why). All LLC capable printers unicast respond 4 times to each requesting host Cisco AP encrypts the response MBAs simply discard these responses. MBAs spin long enough inhibiting other packets from getting through. Depending on # of printers, it would eventually acquire an address or end up showing the '!' wireless symbol. We then opened a case with Cisco TAC which end result was this: ======== The client is unable to ACK encrypted LLC frames which are <15 bytes (data) in size. The LLC frames we are replaying are 3 bytes in size. After encryption it increases to 11 bytes. If we increase the data in the LLC frame to 7 bytes (which leads to 15 bytes of encrypted data), the client seems to respond and there is no issue seen. This behavior is seen only with 11ac MAC Books (both Pro and Air).Non-11ac MAC books don’t have the issue and they are ACKing the LLC frames. There is no issue with intel clients as well. So, we suspect it to be an Apple bug with 11ac adapters. Since the client is not even ACKing the frame, it is mostly some issue with the client or a Physical layer issue. With Ubiquiti APs, the same 3 bytes of data become 54 bytes of encrypted data. I am not sure if Ubiquiti is doing the right thing or not. But since, the encrypted data is >15 bytes, the MAC book clients don’t have any issue. -- Garry Peirce Network Architect Networkmaine, University of Maine System 1-207-561-3539 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
