User profile for user: Charlie Crackle
Charlie Crackle Author
User level: Level 1
9 points

Latest M2 MAC Pro WiFi can not connect to cisco WiFI when Fast Transition is to Adaptive

Is anyone else having issues with the Latest M2 Mac Book Pros (with WiFi 6E) not connecting to Cisco AIROS Controller based Networks if Fast Transition (FT) is set to ADAPTIVE? Tested on the Latest 8.10.183.0 with 9130,3800,3700 Series AP. Also Tested on 8.5.182.2 with 3600 series APs. Other Mac and IOS devices work fine.


No other vendor can support Adaptive mode, it is proprietary to Cisco and Apple. The result is that all non-iOS devices (inc MacOS v12 ??? ) will connect and roam without FT. But iOS devices can “Adapt” (upscale) their ‘Authentication and Key Management’ suite (AKM) to connect with FT even though the SSID does not support it.


If the SSID FT option is set to ENABLED the M2 WiFi6e device can connect.

If the SSID FT option is set to DISABLED the M2 WiFi6e device can connect.


The devices ASSOCIATES and does 802.1x Auth but then cannot get an IP address and gets self assigned IP then disconnects. This is all happening on WiFi 5Ghz (no 6Ghz)


from the apple site

802.11r


Wi-Fi network roaming with 802.11k, 802.11r and 802.11v on iOS, iPadOS and macOS – Apple Support (AU)

When your device roams from one AP to another on the

same network, 802.11r uses a feature called Fast Basic Service Set

Transition (FT) to authenticate more quickly. FT works with both

pre-shared key (PSK) and 802.1X authentication methods.


iOS 10 and later, iPadOS and macOS 12 include support for adaptive

802.11r on Cisco wireless networks. Adaptive 802.11r offers FT without

the need to enable 802.11r on the configured Cisco wireless network. To

support adaptive 802.11r, the Cisco network must be using controller

code version 8.3 or later.




Are there know issues with M2 WiFi 6e Based machines ???





Posted on Feb 9, 2023 10:06 PM

Reply

Similar questions

6 replies
User profile for user: sberman
sberman
User level: Level 10
271,474 points

Feb 14, 2023 02:26 PM in response to Charlie Crackle

I have an M2 iPad Pro using Wi-Fi 6E with my NETGEAR router. Though I cannot specifically address your Fast Transition question, I can tell you this article helped my iPad connect using the full Wi-Fi 6E (including 6GHz) capability of the router. See especially the section entitled “About Wi-Fi 6E networks that have limited compatibility”


Use Wi-Fi 6E networks with Apple devices - Apple Support


Reply
User profile for user: Charlie Crackle
Charlie Crackle Author
User level: Level 1
9 points

Feb 12, 2023 11:51 PM in response to Charlie Crackle

Well the packets never lie. Did a Wifi 6 ax packet capture on a Wifi 6 Netally NxG. Here is the association request.. (below) sending a NON-FT AKM suite for a FT join.     in simple terms    Think of it like trading toys with a friend. You have a toy tool called a NON-FT AKM suite, and your friend wants to trade with you, but they only want a specific toy tool, called a FT join.

But you don't have that toy tool, you only have the NON-FT AKM suite. So, you can't make the trade with your friend because they only want the specific toy they mentioned.


Let hope apple can fix this fast..



Reply
User profile for user: Charlie Crackle
Charlie Crackle Author
User level: Level 1
9 points

Feb 10, 2023 12:30 AM in response to Charlie Crackle

These are the logs from the Cisco WLC Controller for ADAPTIVE and ENABLED


FT set to "Adaptive"



Client made new Association to AP/BSSID BSSID AP

WLC recognizes that the client is 802.11r-capable

The WLC/AP has found from client association request Information Element that claims PMKID Caching support

The Reassociation Request from the client comes with 0 PMKID

Client has successfully cleared AP association phase

WLC/AP is sending an Association Response to the client with status code 0 = Successful association

Client will be required to Reauthenticate in 0

seconds

WLC/AP is sending EAP-Identity-Request to the client

RADIUS Server permitted access

Client will be required to Reauthenticate in 0

4-Way PTK Handshake, Sending M1

4-Way PTK Handshake, Received M2

4-Way PTK Handshake, Client did not respond with M2

4-Way PTK Handshake, Retransmitting M1 retry #1

4-Way PTK Handshake, Received M2

4-Way PTK Handshake, Client did not respond with M2

4-Way PTK Handshake, Retransmitting M1 retry #2

4-Way PTK Handshake, Received M2

4-Way PTK Handshake, Client did not respond with M2

4-Way PTK Handshake, Retransmitting M1 retry #3

4-Way PTK Handshake, Received M2

4-Way PTK Handshake, Client did not respond with M2

4-Way PTK Handshake, Retransmitting M1 retry #4

4-Way PTK Handshake, Client did not respond with M2

Client has been deauthenticated

Client expiration timer code set for 10 seconds. The reason: Roaming failed due to WLAN security policy mismatch between controllers (configuration error). It can also be used to report EAPoL retry errors, and GTK rotation failure (in 8.5)




FT set to "Enabled"


Client made new Association to AP/BSSID BSSID AP

WLC recognizes that the client is 802.11r-capable

The WLC/AP has found from client association request Information Element that claims PMKID Caching support

Client is entering the 802.1x or PSK Authentication state

Client has successfully cleared AP association phase

WLC/AP is sending an Association Response to the client with status code 0 = Successful association

Client will be required to Reauthenticate in 0

seconds

WLC/AP is sending EAP-Identity-Request to the client

Client sent EAP-Identity-Response to WLC/AP

RADIUS Server permitted access

Client will be required to Reauthenticate in 0

seconds

WLC creates a PMK cache entry for this client, which is used for FT with AKM:802.1xin this case, so the PMKID is computed with the AP MAC address

4-Way PTK Handshake, Sending M1

4-Way PTK Handshake, Received M2

4-Way PTK Handshake, Sending M3

Client has completed PSK Dot1x or WEP authentication phase

Client has entered DHCP Required state

Received DHCP request from client

WLC begins FT fast-secure roaming over-the-Air with this client and performs a type of preauthentication, because the client asks for this with FT on the Authentication frame that is sent to the new AP over-the-Air (before the Reassociation Request).

Local roaming event triggered with the new AP to which the client roams.

WLC recognizes that the client is 802.11r-capable

FT fast-secure roaming is successful for this client.

Client is entering the 802.1x or PSK Authentication state

WLC/AP is sending an Association Response to the client with status code 0 = Successful association

Client has completed PSK Dot1x or WEP authentication phase

Received DHCP request from client

Received DHCP OFFER from DHCP server

Received DHCP request from client

Received DHCP ACK from DHCP server

Client has entered RUN state

Received DHCP ACK, assigning IP Address x.x.x.x

Received DHCP ACK from DHCP server

Reply
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
138,635 points

Feb 13, 2023 05:28 PM in response to Charlie Crackle

I think if no one has had anything to add, you may have exhausted the insights available on this user-to-User forum. You next stop should probably be Apple support, unless your organization has an inside track as a national or education Account, or are active developers.


You need to work through the simple questions with the first responder, then ask for a specialist. They can all read the great stuff you already posted here (so you can just tell them it is here) but they have there own more rigorous data collection methods.


Official Apple Support


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Latest M2 MAC Pro WiFi can not connect to cisco WiFI when Fast Transition is to Adaptive

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up