Jeff, We double and triple checked the subnet info across all devices (switch, dhcp) and it looks correct everywhere. I feel if it were a subnet issue, we'd be seeing the problem across more than just random Macs, but this crossed our minds as well, so we checked this information multiple times.
We do have a packet capture from both AP and Macbook. I can provide it to you personally so I'm not flooding the listserv with it. *Respectfully,* *Stacey Frye* *Network Engineer* *Office of Information Technology Services (ITS)* Riverdale, NY 10471 Phone: 718-862-7499 [email protected] <[email protected]> www.manhattan.edu On Tue, Oct 6, 2020 at 4:10 PM Oliver, Jeff <[email protected]> wrote: > Hi Stacey, > > > > You mentioned that you had increased the subnet size? Is there a chance > that the new subnet mask was missed on some piece of equipment or ACL > somewhere that is causing traffic to be ignored or blocked? Are you able to > do a packet capture on the macbook or access point? > > > > > > > > Cheers, > > Jeff > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > [email protected]> *On Behalf Of *Stacey Frye > *Sent:* October 6, 2020 2:04 PM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Mac wireless issue > > > > Caution: This email was sent from someone *outside of the University of > Lethbridge*. Do not click on links or open attachments unless you know > they are safe. Suspicious emails should be forwarded to [email protected]. > > > > We thought the IOS 14 Mac Randomization may have contributed, but we are > only seeing this problem with Macbook laptops, not iPhones/iPads. > > > > So far, it seems that all affected users are on Catalina. I haven't seen > any Beta users being affected (not entirely sure if we have any Beta > testers on campus right now, I know there are none in our IT offices at the > moment). > > > > When the Mac does eventually get an IP address, we can see it connected to > the AP on the controller. We don't have the firewall setup on our > controller, so we don't have any ACLs configured there, and all users are > automatically put into the logon state once connected to an AP (we have a > very simple controller setup right now). > > > > *Respectfully,* > > > > *Stacey Frye* > *Network Engineer* > > *Office of Information Technology Services (ITS)* > > Riverdale, NY 10471 > Phone: 718-862-7499 > [email protected] <[email protected]> > www.manhattan.edu > > > > > > On Tue, Oct 6, 2020 at 3:41 PM Oliver, Jeff <[email protected]> wrote: > > Also, could be related to Apple releasing MacOS 10.16 to the developer > crowd (which is a lot of us) and the timing fits… > > > > > https://www.macworld.co.uk/news/mac-software/macos-big-sur-release-date-3779573/ > > > > > > Cheers, > > Jeff > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > [email protected]> *On Behalf Of *Joey Rego > *Sent:* October 6, 2020 1:39 PM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Mac wireless issue > > > > Caution: This email was sent from someone *outside of the University of > Lethbridge*. Do not click on links or open attachments unless you know > they are safe. Suspicious emails should be forwarded to [email protected]. > > > > Possibly related to the IOS 14 Mac randomization? > > > > > > > > [image: > http://lynnda/DesktopAuthorityConsole/Images/Upload/9fcddab6-8cf5-43af-97db-6d11a7f75a10/Lynn.jpg] > > > > *Joey Rego* > > Assistant Director of Information Security > > Information Technology > > Lynn University > > 3601 North Military Trail > > Boca Raton, FL 33431 > > T: +1 561-237-7982 > > [email protected] > > +1 561-237-7000 | lynn.edu <http://www.lynn.edu/> | give.lynn.edu > > > > *Help Keep Our Students and Employees Data Secure!* > > Ask Yourself the following when you need to store files or information? > > 1. *What data or files am I collecting in this process and what is > the business justification for asking, collecting and storing it?* > > 2. *Is the data regulated at the state level, or federal level?* > > 3. *Where am I storing the data and how am I securing it so that > only the persons who I want to have access has access?* > > 4. *Once I’ve stored the data or files, what are some reasons that I > would need to review the data?* > > 5. *When will I purge or delete the data or file?* > > 6. *How or what process will I write down and implement to destroy > the data or file once it is no longer needed?* > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > [email protected]> *On Behalf Of *Floyd, Brad > *Sent:* Tuesday, October 6, 2020 3:37 PM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Mac wireless issue > > > > Stacey, > > Are you using the validuser ACL? Do the devices in question show up in the > station-table? > > Thanks, > > Brad > > > > -------- Original message -------- > From: Stacey Frye <[email protected]> > Date: 10/6/20 2:04 PM (GMT-06:00) > To: [email protected] > Subject: [WIRELESS-LAN] Mac wireless issue > > *[EXTERNAL SENDER]* > > > Greetings, > > > > We are seeing a weird issue on our campus and hoping some of you may give > us some ideas to check on. > > > > Background: We are using Aruba wireless controllers/APs (sadly, no > airwave). All buildings are using the same VLAN ID for the wireless subnet, > but each building has their own subnet for wireless. All APs are configured > in the same AP-group. We have an open wireless network and not using any > NAT (public IPs are being given out). IPv4 only. > > > > A lot of our Mac users, though not all, when trying to connect to > wireless, they are able to connect to the AP, but are receiving a "No IP > Address" message, and therefore cannot access the Internet. Once they leave > this building and go to any other building on campus, they do not have an > issue whatsoever. > > > > We have tried to manually configure the IP address, but still the device > is unable to access the Internet (cannot even ping the GW). After removing > the Wi-Fi option in Network Preferences and then re-adding, the device is > able to get an IP from DHCP server, but is still unable to pass any > traffic. We have tried rebooting the laptop, completely removing wireless > network and reconnecting, and have tried booting in safe mode. Nothing > seems to be working. If we connect using an ethernet cable in the same > building that we're having wifi trouble in, it works with no problem. > Config for the wireless subnet in the affected building is the exact same > as config in all other buildings (except the subnet, of course). All > buildings are using the same DHCP server. > > > > This seems to only be happening with Macs, not any Windows machines that I > am aware of, nor do we have any problems with other Apple devices. And like > I said, some Macs are having the issue, others are not. We only started > seeing these problems within the last 2-3 weeks. The only difference we > made in the affected building is giving it a larger subnet over the summer. > > > > We are working with our Aruba SE who is reaching out to TAC for us, but > wanted to reach out to you guys for any other possible insight or ideas. > Thanks in advance! > > > > *Respectfully,* > > > > *Stacey Frye* > *Network Engineer* > > *Office of Information Technology Services (ITS)* > > Riverdale, NY 10471 > Phone: 718-862-7499 > [email protected] <[email protected]> > www.manhattan.edu > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.manhattan.edu_&d=DwMFAg&c=tSGu_Pc6mPnB6zIYTZr3Sw&r=PTnT2JXctjp4MTPziGqcrg&m=PTfYkROyh14oBwl9a-h0TOB41DBhsKaRYW4fYFA39jE&s=PDXrtPfy7JZFBblhql8IPeSqQNWYP-JcyCKBe4UvUlc&e=> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=tSGu_Pc6mPnB6zIYTZr3Sw&r=PTnT2JXctjp4MTPziGqcrg&m=PTfYkROyh14oBwl9a-h0TOB41DBhsKaRYW4fYFA39jE&s=xZvNZFM5Pxw3Eh_qwi4FU0YE3BQhAtPk6gm_zctxn-E&e=> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=tSGu_Pc6mPnB6zIYTZr3Sw&r=PTnT2JXctjp4MTPziGqcrg&m=PTfYkROyh14oBwl9a-h0TOB41DBhsKaRYW4fYFA39jE&s=xZvNZFM5Pxw3Eh_qwi4FU0YE3BQhAtPk6gm_zctxn-E&e=> > > This email is intended for the designated recipient only, and may be > confidential, non-public, proprietary, protected by the attorney/client or > other privilege. Unauthorized reading, distribution, copying or other use > of this communication is prohibited and may be unlawful. Receipt by anyone > other than the intended recipients should not be deemed a waiver of any > privilege or protection. If you are not the intended recipient or if you > believe that you have received this email in error, please notify the > sender immediately and delete all copies from your computer system without > reading, saving, or using it in any manner. Although it has been checked > for viruses and other malicious software, malware, we do not warrant, > represent or guarantee in any way that this communication is free of > malware or potentially damaging defects. All liability for any actual or > alleged loss, damage, or injury arising out of or resulting in any way from > the receipt, opening or use of this email is expressly disclaimed. > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
