Continuous Wireless Client Associations and De-authentications

I have a remote site whose wlan consist of a 2112-WLC and twelve 1142N's.  The issue I am seeing is that several clients will associate continuously   throughout the day.  This does not occur for any specific client or ap.  These multiple associations appear to take place every 5-10 minutes most of the time.  I have 4 other sites using the same wireless network equipment and I do not see this problem.  I have verified the ap signal strengths and verified that the noise and interference levels are ok.  Any assistance provided will be very appreciated.

Is enable session time out enabled
WLANS-->ADVANCED-->Look at enable session time out ... what does it say ?

Similar Messages

  • Wireless device associating and disassociating fro...

    HH3 version A arrived recently to replace a faulty HH1 (why didn't I get a version B?), and in the log, one of our wireless devices, even though it's in standby, is associationg and disassociating from the HH every 5 mins or so
    I've switched it from 802.11b/g/n because one of the PCs 'only' has an 802.11g wireless adaptor. 
    From the log
    12:31:51, 25 Sep. (660121.260000) Device disconnected: Hostname: Wii IP: 192.168.1.72 MAC: 00:22:aa:29:d7:da
    12:31:50, 25 Sep. ath0: STA 00:22:aa:29:d7:da IEEE 802.11: Client disassociated
    12:31:40, 25 Sep. (660109.750000) Lease for IP 192.168.1.72 renewed by host Wii (MAC 00:22:aa:29:d7:da). Lease duration: 30240 min
    12:31:40, 25 Sep. (660109.750000) Device connected: Hostname: Wii IP: 192.168.1.72 MAC: 00:22:aa:29:d7:da Lease time: 30240 min. Link rate: 24.0 Mbps
    12:31:40, 25 Sep. (660109.730000) Lease requested
    12:31:39, 25 Sep. ath0: STA 00:22:aa:29:d7:da IEEE 802.11: Client associated
    12:27:51, 25 Sep. (659881.070000) Device disconnected: Hostname: Wii IP: 192.168.1.72 MAC: 00:22:aa:29:d7:da
    12:27:50, 25 Sep. ath0: STA 00:22:aa:29:d7:da IEEE 802.11: Client disassociated
    12:27:40, 25 Sep. (659869.920000) Lease for IP 192.168.1.72 renewed by host Wii (MAC 00:22:aa:29:d7:da). Lease duration: 30240 min
    12:27:40, 25 Sep. (659869.910000) Device connected: Hostname: Wii IP: 192.168.1.72 MAC: 00:22:aa:29:d7:da Lease time: 30240 min. Link rate: 11.0 Mbps
    12:27:40, 25 Sep. (659869.900000) Lease requested
    12:27:39, 25 Sep. ath0: STA 00:22:aa:29:d7:da IEEE 802.11: Client associated
    and the same at 12.21, 12.16, 12.11, etc
    What's going on, and how should I iron it out?

    It looks like an issue with the Wii. You could try altering the settings on the Wii, to give it a static IP address.
    See
    Using static IP addresses on your home network
    It should not keep disassociating with the home hub.Try changing the home hub encryption to WPA only.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • 802.1x Wireless - Enforce user AND machine authentication

    I am using ACS v5.6 and I'd like to confirm that it is not possible to enforce both user and machine authentication against AD before allowing wireless access to Windows 7 clients, using PEAP/MSCHAPv2 and the built-in 802.1x supplicant.
    The only workaround seems to involve MAR (Machine Access Restrictions), which has pretty significant drawbacks.
    I'd rather not have to deploy user and machine certificates.
    All I want to do is allow access to the wireless network only if the device and the user are in AD.
    It's such a simple scenario that I must be missing something.
    Any suggestions are welcome. Thanks in advance for your comments.
    Lucas

    In my opinion, the only solution that works is using NAM and EAP-Chaining with ISE as radius backend, last time i looked in ACS release notes was 5.4, and it didn't have eap-chaining support.
    Using the built-in windows supplicant will only authenticate user or machine at any time, not both. As you discovered, the feature called MAR used to be what was being recommended (mostly because nothing else existed), What most people miss when they say this will work fine with windows supplicant and acs, is the fact that you cannot be sure that when the user authenticates, he is doing it from an authenticated machine, this is mainly due to the shortcomings.of MAR. You should consider migrating to ISE if you are not using any TACACS features on ACS.

  • Wireless Client associated to 2 APs

    I searched for my mac address in WCS and I recieved three results. See the attached screenshot. I am just curious why the second entry show I am associated to AP 00:00:00:00:00:00?
    I do not have an AP named that.
    Running 4.2.130 on all my WLC. Have a mis of WiSM and 4400 Controllers totaling about 10 WLCs.

    As Jeff mentioned, this is due to your client roaming and most likely due to wlc roaming. The information you see is not real time accurate, especially the wlc information of clients. You can see that 10.92.0.111 shows the client as still being authenticated which is not the case. So most likely what happens is the wlc is cached until flushed or cleared, but ap's keep the real time information, so the all zero's just mean that the wlc knows of the client but not yet flushed the old info and when it tries to detect which ap that user is on, there isn't one.... so it produces the all zero's.

  • XI 3.1 Client Tools and LDAP Authentication

    I have Business Objects XI 3.1 SP2 installed.  For the web clients (InfoView) single sign on and LDAP authentication are working correctly.  However when a user tries to log in using LDAP authentication to one of the client tools (Universe Designer, Webi Rich Client, etc) the error "Cannot access the repository (USR0013)" occurs with the following details:
    [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Security plugin error: Failed to set parameters on plugin.(hr=#0x80042a01)
    Are there troubleshooting or setup guides dealing specifically with LDAP authentication with the various client tools?

    Make sure that the File and Printer Sharing for Microsoft Networks component is installed and enabled on your clients.
    Take a look at note 1272536 (http://service.sap.com/notes)
    Regards,
    Stratos

  • Wireless client association hostname

    Hi all, 
    I'm having issue with the above unit. Currently I have 3 units of AIR-SAP2602E-S-K9 with 15.2(2)JB under 1 SSID. Currently all my clients connected to the AP does not have their computer hostname appearing under the client association. What it is showing instead is the hostname of the AP. For eg;
    Device Type
    Name
    IP Address
    MAC Address
    State
    Parent
    VLAN
    ccx-client
    AP-HOSTNAME
    XXX.XXX.XXX.XXX
    Xxx.xXx.Xxx
    EAP-Associated
    self
    1
    Any Idea how I can get the hostname of the clients instead?

    If both the SSID and your client were configured for open, and you still couldn't associate, something doesn't jive. There are a couple of things that can cause an issue like this.
    1) Is the MFP Client Protection "Required" under the advanced tab?
    2) Is the WMM Policy "Required" under the QoS tab?
    3) Is the "Aironet IE" enabled under the advanced tab of the SSID? That can cause problems for some clients.
    Any of those (especially the first two) would cause a similar issue with not being able to associate, as having mismatched encryption types.

  • Cisco aironet 1040: create wireless with wpa2 and mac authentication

    Hi,
    I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
    I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
    Can anyone help me? thanks
    Hi,
    I created a wireless network setting "Open Authentication" and setting a wpa2 key: everything works.
    I would also add the filter mac address and then next to Open Authentication I selected "with mac authentication" but I can not connect. The list of mac is specified in the "Advanced Security".
    Can anyone help me? thanks

    ap#show configuration
    Using 2085 out of 32768 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap
    logging rate-limit console 9
    aaa new-model
    aaa group server radius rad_eap
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login default local
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 syslog
    dot11 ssid Svez
       authentication open mac-address mac_methods
       authentication key-management wpa version 2
    username 00907a0f2a55 password 7 1249554E425C0D542C79257D66
    username 00907a0f2a55 autocommand exit
    username administrator privilege 15 password 7 033449040A0620425A0D15564F42
    username 0025d3db778b password 7 055B565D74481D0D1B52404A09
    username 0025d3db778b autocommand exit
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers tkip
    ssid Svez
    antenna gain 0
    station-role root
    world-mode legacy
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    no keepalive
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address dhcp client-id GigabitEthernet0
    no ip route-cache
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    bridge 1 route ip
    line con 0
    line vty 0 4
    end
    ap#

  • Enabling CLIENT-CERT and FORM authentication in same web-app

    Hi!
    I try to enable same behaviour in WLS 8.1 SP4 as is available in WLS 9.2 (one can define in web.xml to have many <auth-method>s, for example <auth-method>CLIENT-CERT,FORM<auth-method>, which states that first one tries authentication with token (Single Sign On case, for example) and if it is not successful then go to log-in page.
    My steps are as follows in my custom Servlet. We are using IE 6.0 as our web-client. We have configured our auth-method to be FORM, and in the <form-login-page> we have direction to that custom Servlet, which does the handling described below.
    1. If client does not send tokens in request, then set response header:
    response.setHeader("WWW-Authenticate", "Negotiate");
    response.sendError(response.SC_UNAUTHORIZED);
    This works fine and client starts to send his tokens
    2. Now check token, if it is valid, let user in, if not forward him to custom log-in page, for example:
    RequestDispatcher dispatcher = request.getRequestDispatcher("/login/login.html");
    dispatcher.forward(request, response);
    3. Client is forwarded to a log-in page as requested and he gives his credentials. Pushes OK
    log-in page is as defined in edocs:
    <form method="POST" action="j_security_check">
         <table border=1>
              <tr>
                   <td>Username:</td>
                   <td><input type="text" name="j_username"></td>
              </tr>
              <tr>
                   <td>Password:</td>
                   <td><input type="password" name="j_password"></td>
              </tr>
              <tr>
                   <td colspan=2 align=right><input type=submit value="Submit"></td>
              </tr>
         </table>
    </form>
    Now the interesting thing happens (I have investigated TCP traffic at server machine): client (in this case IE) seems to override somehow the credentials (j_password and j_username for HTTP headers, does not send them at all) but keeps on sending this 'Authorize'-field with invalid token instead.
    I have tried a Servlet that does not request WWW-Authenticate at all (in which case client does not start to send 'Authorize'-field). In this case those values are put to HTTP header OK and authentication is able to take place.
    Anyone has any ideas how can I force my clients to send those values from the HTML FORM described above? SHould I set something at response while I do the forward to the custom log-in page. I have tried virtually everything I can imagine (which seems to be not too much :-))...

    Solution found:
    The trick is to return "401" in response if ticket is not valid (do nothing else). This will end the negotiate between client and server
    In your web.xml, forward your 401 code to login page:
    <error-page>
    <error-code>401</error-code>
    <location>/form_login_page.html</location>
    </error-page>
    There might be a more straightforward way to do this (have all the page management within servlet), but I did not have time to investigate it further. This one at least works

  • Concept of association and authentication?

    Hello, hope someone can enlighten me on this.  We have a 5508 WLC with a few WAP's (1131's and 1242's).  Our wireless clients use certificate base authentication against our AD (i.e. both computer cert and user cert are required).  However, from time to time I see clients being associated but not authenticated as reported by the WLC.  Could it be possible, as some literatures indicate that a client can only be "associated" after it's successfully authenticated?  Perhaps I'm not quite clear about the concept.  Thanks in advance.
    Eric

    Hey Eric,
    Clear as mud isn't it
    I like to think of it this way, in the Library at our campus
    there are hundreds of students most are using laptops. If we look at the AP's
    in this area we might see 120 Associations for example but we may only see 65
    Authentications. In this case 55 users laptops have Associated but not gone
    through the Authentication process.
    Here is Cisco's explanation;
    Wireless Client Association
    In the client association process, access points send out beacons announcing one or more SSIDs, data rates, and other information. The client sends out a probe and scans all the channels and listens for beacons and responses to the probes from the access points. The client associates to the access point that has the strongest signal. If the signal becomes low, the client repeats the scan to associate with another access point (this process is called roaming). During association, the SSID, MAC address, and security settings are sent from the client to the access point and checked by the access point. Figure 3-6 illustrates the client association process.
    Figure 3-6 Client Association
    A wireless client's association to a selected access point is actually the second step in a two-step process. First, authentication and then association must occur before an 802.11 client can pass traffic through the access point to another host on the network. Client authentication in this initial process is not the same as network authentication (entering username and password to get access to the network). Client authentication is simply the first step (followed by association) between the wireless client and access point, and it establishes communication. The 802.11 standard specifies only two different methods of authentication: open authentication and shared key authentication. Open authentication is simply the exchange of four "hello" type packets with no client or access point verification, to allow ease of connectivity. Shared key authentication uses a statically defined WEP key, known between the client and access point, for verification. This same key might or might not be used to encrypt the actual data passing between a wireless client and an access point based on user configuration.
    http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=3
    Cheers!
    Rob

  • Client Association,Authentication

    Hey All,
    In regards to the Assoiciation and Authentication I would just like to check that I am getting the process correct:
    1. Authentication( open or shared) this is the client talking to the AP and saying that it is an 802.11 device ( kind of like an ethernet cable being pluged into a wall jack), if it has a PSK then it must have the right details to Auth with the AP. This is Auth'd to the AP but not the network, so no network traffic can pass just yet.
    2. Association the client associates with the BSS/AP and data can now pass over to the AP.
    3. 802.1x Authentication ( EAP) - if required
      In the above Image the Associated status means it passed step 2 and the Auth means in passed 802.1x? 
    If this is the case in the above Image the Authed clients ( blue line) are the clients that have passed 802.1x? and the red line is clients that have passed stage 2?
    Thanks

    Hello,
    In the client association process,  access points send out beacons announcing one or more SSIDs, data rates,  and other information. The client sends  out a probe and scans all the channels and listens for beacons and  responses to the probes from the access points. The client associates to the access point that has  the strongest signal. If the signal becomes low, the client repeats the scan to associate with  another access point (this process is called roaming). During  association, the SSID, MAC address, and security settings are sent from  the client to the access point and  checked by the access point. Figure  3-6 illustrates the client  association process.
    Figure 3-6 Client  Association
    A wireless clients association to a selected access point  is actually the second step in a two-step process. First, authentication  and then association must occur before an 802.11 client can pass traffic through the access  point to another host on the network. Client  authentication in this initial process is not the same as network  authentication (entering username and password to get access to the  network). Client authentication is simply  the first step (followed by association) between the wireless client and access point, and it establishes  communication. The 802.11 standard specifies only two different methods  of authentication: open authentication and shared key authentication.  Open authentication is simply the exchange of four "hello" type packets  with no client or access point  verification, to allow ease of connectivity. Shared key authentication  uses a statically defined WEP key, known between the client and access point, for verification. This  same key might or might not be used to encrypt the actual data passing  between a wireless client and an access  point based on user configuration.
    http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=3

  • Dot11 associations table, client associated with 0.0.0.0

    I'm having an issue where wireless client association seam to fail to get IP address, but acctually don't...
    MAC Address    IP address      Device        Name            Parent         State    
    0016.eaae.c896 0.0.0.0         unknown       -               self           EAP-Assoc
    001f.e178.c6d8 192.168.27.192  unknown       -               self           EAP-Assoc
    This happens only "sometimes", especially when the clients (laptops) wake up from sleep mode.
    Although the association shows IP 0.0.0.0, the state is "EAP-Assoc" and I can confirm that the client passed RADIUS authentication, received IP from DHCP and can ping the gateway.
    The wireless network is made up by autonomous/standalone access-points (Cisco aironet 1100, 1130, 1200, 1040).
    Network access is PEAP, WPA/AES, dot1x, multiple Vlans...
    All access-points have an access-list at the radio IN that is dropping all IP broadcasts.
    When I remove the ACL, everything appear to be fine (at least all the times that I checked), but when the ACL is active the issue doesn't always come up.
    I must understand what is going on because this ACL (although it's not very common) has proven it's value by saving 30-40% CPU usage on access-points...
    Does anyone know how the "dot11 associations" table is built??
    Maybe some tips on how to troubleshoot the issue.
    thanks in advance

    As an answer to your early quetsions (that I don't know why we did not answer it yet):
    Assoc table is mainly built from information in association frames.
    Assoc frames have no idea about IP addresses so how the APs know the IP? Not from assoc frames of course.
    Each vendor may have different way to know the IP (they can look into the header of the IP traffic of that special client or they an look into dhcp communication).
    summarizing the issue so far:
    - The issue happens ONLY with the ACL in place.
    - It does not happen with all clients.
    - It happens ONLY when the clients in power save mode.
    - It happens with same clients if they use static ip address even if they are not in power save mode (please confirm or amend this sentence to be more accurate).
    Why power save mode do not show the IP? - > answering this quetion almost solves the problem.
    what is common among the problematic clients? - > need to know this in order to isolate further.
    Is it AP hardware/software related? -> helps to isolate further.
    I said that it could possibly be related to information elements but not necessarily.
    There are information element that transfer Power Save capability between clietns and the AP. I have no idea though how those can be related.
    More information about information elements can be found in the IEEE standard downloadable from here:
    http://standards.ieee.org/getieee802/download/802.11-2007.pdf
    go to section :
    7.3.2 Information elements
    in page 99.
    I tried to read about power save and tried to link that with our issue with no hope.
    It could possibly a bug or so that when PS is used the AP behaves differently.
    HTH
    Amjad

  • Wireless client disconnecting

    Hi All,
    We have a WLAN setup with 1 AP 1230 assigned as a WDS, and the 16 APs configured as Infrastructure AP. Off late, I am experiencing a problem where all my clients are getting disconnected frequently. I have checked the logs and the logs indicate the follwoing:
    %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B42) received from 0013.ced4.bd48.
    Oct 24 12:45:42 172.20.166.22 5673: Oct 24 07:15:42.428: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 48 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.
    Oct 24 12:45:42 172.20.166.22 5674: Oct 24 07:15:42.429: %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B43) received from 0013.ced4.bd48.
    Oct 24 12:45:42 172.20.166.22 5675: Oct 24 07:15:42.430: %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x19B44) received from 0013.ced4.bd48.
    Oct 24 12:45:42 172.20.166.22 5676: Oct 24 07:15:42.430: Too many MIC failures.
    I need a solution to overcome this problems. Please let me know if you need any further information, to help me provide a solution.
    regds,
    Mahesh

    Good afternoon Mahesh...
    Similar to a CRC, TKIP uses Message Integrity Check(MIC) to ensure protection of the payload and headers. Presently the Michael algorithm is used to accomplish this function. Essentially these messages are early warning signs of RF interference, hardware failure and or an active attack.
    The initial error message of TKIP_MIC_FAILURE is rather harmless, as there is no effect to surrounding clients. It simply states that the AP has received a packet which failed its integrity check. MIC replaced WEP's CRC-32 checksum for improved security. You will NOT see this issue in LEAP as it does not utilize MIC.
    TKIP_MIC_FAILURE_REPEATED, however is another story. If you see this log entry on an access point, you will want to respond quickly. This is stating that a workstation has sent X number of MIC failures in a certain number of seconds. As stated by the 802.11i standard, the access point goes into a blackout period. ( Cisco's default is 60 second blackout period), what this does is disassociates all wireless clients associated with the access point and puts the radio in a type of hold where it does not allow any associations until the blackout is lifted.
    The offending client and those associated with the access point do not receive any sort of error. All the user will notice, is that their laptop's wireless has been disconnected. If the user's laptop is able to access another AP it will attempt to connect to it, if behaving and configure correctly. What we have seen in at our facility is the offending client will continue to cause TKIP errors and bring down the AP it just connected to.
    Is there a Band-Aid to this problem?
    Interface dot11radio x
    countermeasure tkip hold-time 0
    This is NOT a solution, its simply a fix to keep your APs from going into blackout. Again I would only use this if you had a larger volume of laptops with malfunctioning nics than your local techsupport could handle.
    There are two typical causes for these errors, hardware problems and RF issues. RF changes even at 5ft, if you are able to go to multiple areas of your facility (saying you have a large facility) and take still shoot out errors, you likly have a hardware issue. Replace the card and your good to go.
    While upgrading to the latest IOS is always the best messure even when not facing problems you will likly not see a decrease/increase.
    hope this helps.... Simply put , research if its a single laptop... If it is, attempt to replace the nic.. We had one laptop which even after reloading the IOS, swapping the cards, etc it kept commiting the units. We kept the harddrive and sent the laptop off and was RMA'd. New laptop came in, put the old hdd back in, no problems.
    We have not noticed a link between driver version nor firmware...

  • WCS reponds slow when generating the Client Association reports

    Hello,
    I have set a Wireless Network in of our client's corporate office - which consists of one WLC4404, 42 x 1131AG Access Points. WCS is used to mainly to monitor the AP reachability and Client Association and Deassociations from the WLAN.
    When i click on Run Now of the Client Association reports; the report is generated successfully. But when i try to view other pages such as Monitor>Network Summary - the WCS stops responding and it takes approximately 7 mins to display the Monitor>network Summary page. At this time i have observed that the server is reachable during the continous ping and the Server CPU utilization remains to 8% and Memory utilization remains to 1.56GB.
    Error Message: Error getting dataa from Server. Make sure you have connectivity and the Server is UP.
    Server used is a Standard Server HP Proliant ML110 with 1.86GHz Intel Xeon CPU and 2GB RAM. Operating System used is Win 2003 Server with SP1.
    Please can one help me solving this problem.
    Regards,
    Keshava Raju

    Sorry, i missed out to mention - WCS V4.1 is used for monitoring the WLAN.

  • Wireless Client List keeps getting strange addresses

    I am having some issues with the wireless client list in my Linksys E3000 wireless router. I want to use the wireless client list and enter the MAC addresses of the devices that I want to have access. Any where from 5 minutes to a couple days, more MAC's have been added to the list, from devices that don't off hand belong there (not mine). Sometimes, some of the devices that I have put there, will be removed and replaced with the others. Those that are replaced then do not have access. There are about 18 common MAC's that show up.
    As an experiment, after many times of replacing these stray MAC's, I tried putting all of the stray MAC's in and restricting them from access. That was good for about 24 hours and the list was misteriously deleted from the restricted list. There is no common thread between time or devices connected.
    The following is a list of devices as they appear. Most will reappear after being deleted from the list:
    0A:60:76  Unknown
    00:FF:30  Unknown
    00:25:F0 Suga Electronics Limited
    00:1F:16 Wistron Corporation
    70:1A:04 Liteon Tech Corp.
    0C:60:76 Hon Hai Precision Ind. Co.,Ltd.
    00:1F:16 Wistron Corporation
    70:1A:04 Liteon Tech Corp.
    00:26:22 COMPAL INFORMATION (KUNSHAN) CO., LTD.
    08:00:27 cadmus computer systems
    90:E6:BA ASUSTek COMPUTER INC.
    00:23:CC Nintendo Co., Ltd.
    00:16:44 Liteon Tech Corp.
    F0:B4:79  Unknown
    00:1E:8C ASUSTek COMPUTER INC.
    00:26:9E Quanta Computer Inc
    08:00:27 cadmus computer systems
    00:10:75 Maxtor Corp. (was: creative design solutions,inc.)
    I have assigned IP's to the devices that I want connected.
    I have reset to factory settings.
    I have the current firmware. I even reinstalled the current firmware.
    I have scanned for viruses and malware.
    I am using WPA2 security.
    The only hardwired computer that I am on now is running Windows 7. All other computers are running W7. All computers are up to date. All antivirus and malware soft is up to date. All other devices, (cameras, drives, printers, etc.) have firmware up to date.
    Any suggestions?

    Here is the issue:
    If I use Permit, MAC's are added to the list which eventually fills up and starts knocking off the one's that I want there.
    If I use Prevent, the MAC's that have appeared in the Permit list will start disappearing from the Prevent list.
    I have WPA2 Personal encryption on. Remote access turned off.
    If I have the Prevent list on with Remote access off, how are these stray MAC's being removed.
    If I have the Permit list on with Remote access off, how are these MAC's being added and removing the correct one's.

  • Syslog command for Clients associations

    Hello.
    For WLC 5508 software version 7.0.235.0, Does anyone know which command is needed to get the WLC send syslog messages everytime a wireless client associate and desassociate?
    Greettings.

    I believe of you set your staking level to debug or informational, it will show that info.
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for