Weird issue with 802.1x and Windows clients

J

jnick

2[H]4U
Joined
Sep 25, 2004
Messages
2,888
I've been banging my head against the wall on this for about two weeks. We have a WPA2-Enterprise SSID up for all business owned devices. Windows users have been complaining about really slow speeds on wireless ever since. Through a bunch of testing we saw the following:

* Windows clients connecting to 'Private' have the issue of connecting to 802.11a. Apple clients do not and connect to 802.11an just fine. We have tried all flavors of Thinkpads (T520, T440, T450, Tablet 10) and we have tested both Windows 7 and Windows 8.1.


* Meru (our wireless vendor) shows the windows clients 'type' as [abgn] on association, however the machine still defaults to 802.11a. Log line below.

[state change <old=Unauthenticated> <new=Authenticated> <AP=135> ESSID=Private Ch=44 <BSSID=00:0c:e6:02:99:e8> type abgn]


* Windows clients connecting to our non secure wireless do NOT have this issue and connect to that SSID via 802.11an


* Fortinet/Meru has looked over our Meru configuration for the secure SSID and confirms that they are configured correctly.


* Both myself and Meru have compared the non-private SSID to the 'Private' SSID and found no differences other than one using WPA2 and the other is not.

Has anyone seen something like this? Again, all of our Macbooks are fine. They connect 802.11an without issue. It's only the windows machines that are having issues. Is there something specific that you need to do when using Radius on windows to get the clients to associate on 802.11n?

Thank you!
 
I am thinking it could be something to do with the 802.1x authentication issue with WPA2 enterprise affecting the windows clients. Do these computers connect fine with no encryption? As some users reported on HP forums It could be a windows driver or settings issues.
 
jnick said:
We have tried all flavors of Thinkpads (T520, T440, T450, Tablet 10) and we have tested both Windows 7 and Windows 8.1.
Click to expand...

First, those aren't ALL flavors of Thinkpads. :) Seriously though, are these Lenovo builds or something your IT group cooked up and loaded? I ask because it sounds like a driver issue and it would be odd for the same driver bug to be present across all those different platforms with different drivers.
 
Curious as to how have you validated what speed the Macbook's are connecting at? From the client side or from the controller side?
 
I would consider trying a different make and model laptop to the wireless to see if there is a noticeable difference in the wifi speeds.
 
Temporarily remove the security from the "Private" ESSID since you say that is the only difference in the two networks. If you remove the WPA2 security on Private and it works fine, then something in your config is forcing it down to 802.11a. Use a laptop and run inSSIDer, is the channel the Private network on too crowded? If so move it to another channel manually instead of letting the AP auto select.
 
I know I'm a few months out, but I was able to figure out a resolution for this. As it turns out, Window 7 was set to use FIPS encryption for the wireless profile. This doesn't support 802.11n and is encrypting at the OS level vs the hardware level. Once we removed that option, the clients began working as they should on 802.11n. Figured I'd post this should anyone else have this issue!
 
jnick said:
I know I'm a few months out, but I was able to figure out a resolution for this. As it turns out, Window 7 was set to use FIPS encryption for the wireless profile. This doesn't support 802.11n and is encrypting at the OS level vs the hardware level. Once we removed that option, the clients began working as they should on 802.11n. Figured I'd post this should anyone else have this issue!
Click to expand...
It is good that you were able to get the issue sorted out and you were able to identify the root cause.
 
You must log in or register to reply here.
Back
Top