Thanks to Andrew von Nagy and Jason Hintersteiner for bringing this to my attention. The 802.11r (FT) default setting in both the Meraki dashboard and Cisco WLC is in fact set to DISABLED. I don’t recall changing this setting, but I must have. My apologies.
At my house I have many duties. I am husband, father, plumber, carpenter, lawn mower, wood-cutter/splitter, etc. The list is long and I enjoy every one of them (most of the time). I am also the CIO. We don’t have a sophisticated ticket system for entering technology problems, but we do have a sophisticated alert system named “Ella.” This system has been online since August 2011 and is very good at letting me know when the “wifi is not working” or the “internet is down.” Ella is my daughter. When Netflix comes to a screeching halt I know of the problem in very short order and there is very little tolerance for downtime. Of course most issues that the end users experience at home (much the same at work) look like a wifi problem but a lot of times are not. Most issues can easily be solved by cycling the power on either the WatchGuard Firewall running pfSense or the cable modem. I have an assistant that I have trained to handle such tasks when I am not around. His name is William and he is my nine-year old son. He used to be a reliable network monitoring system like his sister but sports have replaced technology for the time being.
This brings me to a recent issue that we experienced on the home front. It WAS a wifi issue…kinda. My wife brought me her work issued MacBook Air which would not connect and was asking for WPA2 Enterprise credentials. The MBA was one of the first and hasn’t been updated in a very long time (OS X 10.8). It should be noted that I offer up three different flavors of wifi at the house; Cisco, Meru, and Meraki. Each iteration offers one SSID of which her MBA would not connect to any. Each SSID uses the same WPA2-PSK passphrase and runs the most current version of code on the back-end. Of course my wife made it very clear to me that “it works just fine at work” in her classroom (also Meru). All other devices were working fine including both of our iPhones and my Dell with Intel 7260. I mulled it over for a few minutes but could not figure out why her MBA continuously asked for WPA2 Enterprise credentials on all of my SSIDs. A quick Google search didn’t reveal anything obvious and a station log remained empty on the Meru controller. The only thing that stood out in my mind was that I recently updated my Meru controller and turned on all the latest bells and whistles. She had only ever been connected to the Meru SSID so I started there. I created a very generic SSID named affectionately “ForYourDumbMac” and configured it very similar to the others but left most settings default; all legacy rates enabled, same WPA2-PSK passphrase, etc. The MBA connected to the new SSID on the first try! I started flipping switches on “ForYourDumbMac” one by one until the MBA would no longer connect and I was prompted for WPA2 Enterprise credentials. Lo and behold the last switch that was flipped before the MBA stopped working was to enable 802.11r (Fast BSS Transition). I toggled 802.11r back off and the MBA happily connected again. For those of you not in the know, 802.11r allows for a more speedy transition while roaming between APs. This is of course a very basic explanation and a more detailed explanation of 802.11r can be found in this CWNP whitepaper written by Devin Akin: https://www.cwnp.com/uploads/802-11_rsn_ft.pdf .
Once I was able to determine that 802.11r was causing the issue I turned it off (which is the default setting) on the original Meru SSID and the MBA connected right away. Further research turned up a chart (right) that showed 802.11r was first supported in OS X Yosemite 10.10.
EDIT – The following sentence is incorrect. The default setting for 802.11r is DISABLED.
I checked both the Cisco controller and Meraki dashboard and they both had 802.11r (FT) enabled by default for PSK SSIDs but not 802.1x SSIDs.
So I had to do the one thing that I hate to do. I had to tailor\dumb-down the entire network (albeit my small home network) to support a single client. But you know the saying, “happy wife…happy life.”