This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Central Wireless RADIUS: Roaming Clients between APX320 and APX530 lose connection when on APX530


we notice a strage issue for a while now when WiFi clients are connected to a 802.1X RADIUS WiFi that contains APX320 and APX530 APs that are managed in Sophos Central. Occasionally it happens, when they move in the office and roam between the two models, that they lose network connectivity and the new AP is not authenticating the roamed client against the RADIUS Server. At the RADIUS server we see no authentication - neither failed or success - happening.

We have the feeling that is is only related to the APX530 - The clients have no connection, when they are connected to APX530 with 5GHz. Central still shows an IP Address for the client device, but the device actually has no IP on it's network adapter. When we reboot the APX, it usually works again. Fast roaming is enabled.
The users help themselves by turning their WiFi adapter of and on when they face the issue. It will not workaround immediately, they usually need some attempts until it may fix the issue. When it finally works, they are still connected to the APX530 as it is the nearest AP then. On the RADIUS we will then also see that authentication happened and was successful.

WiFi AP have Central firmware v2.3.4-5

There are only a few clients connected. No real load for the machines.

I'd like to know if there are known issues with that or if you have a hot idea how to debug on this.

This thread was automatically locked due to age.
Parents Reply Children
  • what I can see in the WLAN reports from Windows at the time the issue is recreated is:

    Funktionsänderung für "{8a3098e1-e242-4933-b6b2-fc7ea64e573c}" (Familie (0x47008000000000): v4, Funktion: Kein, ChangeReason: NoAddress)

    In english like:

    Capability change on {8a3098e1-e242-4933-b6b2-fc7ea64e573c} (0x47008000000000 Family: V4 Capability: None ChangeReason: NoAddress)

    If you search for that there is quite a lot discussion about that on intel. But not on Sophos.

    At the time the disconnect starts, in eventlog there is a driver event

    7003 - Roam Complete

    That is the latest Intel driver used on the affected test computer. Of course this is not the only notebook and WiFi model with that issue.

    Device: Intel(R) Wireless-AC 9560 160MHz
    PNP ID: PCI\VEN_8086&DEV_9DF0&SUBSYS_00348086&REV_30\3&11583659&0&A3
    Guid: {8A3098E1-E242-4933-B6B2-FC7EA64E573C}
    Current driver version:
    Driver date: 5-9-2023
    DevNode flags: 0x180200a

    As we use mostly Intel WiFi endpoints, I think Sophos will point the finger at Intel. Intel at the device manufacturer and so on.

    iPhones also had this connection issue. They also use that 802.1X SSID.

    I'm not interested in blaming, I 'd like to know if we can change APX WiFi settings that act like a workaround.

    As written earlier, on our grown AP55C infrastructure this has never been an issue.