DHCP issues in WLC

Hi all ,
We are using 5508 WLC with 7.4.100.0 version and AP's are 3600 .we have configured internal DHCP lease for the clients . We have one SSID with  802.1x auth WPA2/AES encryption .
The problem is some 35 of our laptop is not getting IP address  oftenly from WLC .Remainig clients are getting IP with no problem .Any bug on this?
Thanks,
Regards,
TS.

Hi Vijay,
You are running on the very first release of 7.4 code & that came with lots of bugs. So it is highly recommended to upgrade your WLC software to either 7.4.110.0(7.4MR1) or 7.4.111.x (7.4MR2 pre-release) available through TAC
https://supportforums.cisco.com/docs/DOC-37334
I am sure your issue will get fixed by one of this upgrade.
Also make sure your WLC FUS also get upgraded to 1.7.0.0 if it is not already in that version.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/fus_rn_1_7_0_0.html
HTH
Rasika
***** Pls rate all useful responses *****

Similar Messages

  • WLC DHCP issue with 6500

    Hi,
    I configured WLC as DHCP server and is working fine when connected to 3750 core switch. The AP's and clients are getting IP address.
    When the same WLC is connected to 6500 , the DHCP is not working from WLC . The same port of 6500 switch  is verified by connecting a 3750 switch as dhcp server and AP as well as clients are getting IP.
    DHCP snooping and port security is not enabled in the 6500 and the configuration is simple. The WLC is untagged and the 6500 port is a trunk port with 242 as native VLAN.
    Please help

    Dear Surendra,
    Please see the answers in line.
    1.As per your previous post, if we connect WLC to 3750 core everything works fine.. so in this case, i assume that we have INTERFACE VLAN on the switch and then the management interafce on the WLC are in the same subnet?? correct??
    "Yes , All are in the same Vlan . Interface VLAN and management interface are in same subnet."
    2. Similarly, if we swap the 3750 with 6500, it doesnt work.. in this case.. have you created the interface vlan on the 6500 in the same subnet as that of management interface of the WLC??
    " Yes, the 6500 has vlan interface without IP. The same way we configured 3750 "
    Or
    3.are we not swapping the 6500 and we are connecting the WLC to the WLC to the 6500 and then this 6500 to the 3750??
    "We connected WLC LAP to 3750 and the dhcp of wlc is working fine.. When WLC & AP connected to 6500 , the WLC DHCP is not working. We verified the 6500 port by coonecting 3750 as DHCP server and WLC is connected to 3750 and all were working fine. When WLC is directly connected to 6500 , the LAP is not joing to WLC. When static IP is given to LAP, the LAP joined WLC but the clients were not getting IP."
    4.Layer 2 means... interface VLAN on the switch and the WLC management and the AP DHCP pool are all in the same subnet. correct?
    "Yes all are in the same subnet"
    Thanks for your efforts.
    Regards,
    Savad

  • Wierd DHCP Issue

    Hello All,
    I facing a very wierd  DHCP issue and would like to know your thoughts on it.
    I have my wired clients on vlan 1 and wireless cleints(eap-peap) on VLAN 2.
    We are facing an issue where multiple wired clients who were on access port vlan 1 are receiving IP address from wireless subnet(vlan2) -their DHCP server was the WLC virtual gateway IP address(1.1.1.1). This is causing an outage to few wired clients.
    The WLC trunk does not have vlan 1 allowed on its ports and all APs are in local mode and all on access vlan.
    I'm not entirely sure whats causing this, but only way I think this is possible is  that 'A Client' laptop has his network connections  bridged - his wired nic on VLAN 1 and wireless NIC on vlan 2, acting like a WGB, which is causing new wired clients(vlan1) DHCP broadcast request forwared through the bidge mode laptop to AP--> WLC. Do you think this is possible??
    Havent been able to identify which client is causing this issue yet.
    Has anyone faced a similar issue and anyway to block this through WLC/ACS policy?
    Thanks
    Jino

    Hi,
    Might we consider to make use of network monitor to take a look at the traffics for the 1.1.1.1 address?
    How to use Network Monitor to capture network traffic
    Download link here:
    Microsoft Network Monitor 3.4
    Best regards
    Michael Shao
    TechNet Community Support

  • Monitoring DHCP scope on WLC 5508

    Hi,
    I have DHCP configured on the anchor controller but I don't know when DHCP scope is full on it. Do you have any idea or experience how to monitoring exhausted DHCP scope on WLC 5508?
    Regarding

    Ok but WLC can send syslog messages and base on this we can create an alarm. When DHCP scope is full on the WLC then controller inform us about this:
    DHCP Server: Nov 13 11:34:56.321: %DHCP-3-SEND_OFFER_FAIL: dhcpd.c:278 Unable to send DHCP offer. Could not allocate appropriate ip address from the scope
    *DHCP Server: Nov 13 11:34:56.321: %DHCP-4-ADDR_NOT_ALLOCATED: serverpacket.c:205 No IP addresses to give -- OFFER abandoned -- packet dropped
    *DHCP Server: Nov 13 11:34:52.416: %DHCP-3-SEND_OFFER_FAIL: dhcpd.c:278 Unable to send DHCP offer. Could not allocate appropriate ip address from the scope
    *DHCP Server: Nov 13 11:34:52.416: %DHCP-4-ADDR_NOT_ALLOCATED: serverpacket.c:205 No IP addresses to give -- OFFER abandoned -- packet dropped
    so If only I could detect this sentence from the syslog messages than I could create an alarm.

  • Very weird dhcp issue

    We've started 're-vlanning' our main location here, breaking up depts
    into their own vlans.
    All seems ok so far, aside from a real doozy.
    For the IT vlan, we have one address that will not talk to our web
    content mgmt appliance. It's the 2nd address in our assignable pool,
    and it doesn't matter if it's dhcp or statically assigned, that address
    will not talk to that device.
    That is the *only* device that cannot be reached from this particular
    address in our dept vlan, every other one works fine.
    Any ideas on this?
    Stevo

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    > and it doesn't matter if it's dhcp or statically assigned, that
    > address
    So.... the title of this thread should actually be 'Very weird non-DHCP
    issue', since your own testing confirms this has nothing to do with DHCP?
    If you do a LAN trace on this machine as well as your web content
    management appliance do you see packets on either side? Both sides? If
    not on both sides but you do on the source (workstation) side see
    packets going out, then get LAN traces after each network device
    (switch, router, firewall, etc.) to see when the packets disappear.
    Feel free to post the LAN traces somewhere with descriptions of IPs,
    ports, and what you should be seeing, if you want to post them somewhere
    for review.
    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.18 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
    iQIcBAEBAgAGBQJP4jFPAAoJEF+XTK08PnB55aMP/3Rg9u6LX6jFCXGYuex/oXdS
    NZ/liqfCgjyIcykWWeKGgdtm2I7JZOcFiG8YW2le55mcltvCL1VJW +1VGng4kZER
    0f4hjfyQ3CcQ6HIU3RM6VL5U2Pblb80MsEQe0qo0xgtPXipmjs i7Q0xIv9p0wT7A
    7JMkfgM9tfuI5Yro+BDLfSIkFWicKuKs1sKpNugKalPuyyRrzW IiznoalIKFshon
    a40ETLJVZmngBYfqfeZL9nPNsFlveFNXrDkdbl2WbaprsHtNnA NwZfVUIlc5kOCT
    MknY0GXof4/tk149OVCCLgjEzoRtTIZH0BJTHQwW7ANkWUUNYwi49+Mk46V0o awl
    oe1aA+NK9gl2bWXWLCtTro4ERSVMvkcI0OffytrfcBsqdCKg/g3QPMjV3kiVEULI
    xnSTsqFgOl2qO8qGaL6FJtk39ZBnCwqDPtmoNt93OK4hAhWBuA Xihc+kiQHrwkpO
    O04quZu8qQG6A6qwFDr+r+QqarFR3kielfvi7H6o5iLfZn/sDhvijGOAknJVctH8
    j8fezki9PMznkcT+of2Oe4T99K9fChN2WFSgUKdlpkYSjbkmjP fdbWloou+WBjCm
    7hHwnAbKPPgoN8aPPfw9rG9E+K/0YW2kt4wRu79BEDvF6eMv0UdDPE1qPuw1ttmm
    jg2zzMZDkgIG39A0P3u7
    =+fCy
    -----END PGP SIGNATURE-----

  • 6500 DHCP ISSUE

    Hello All,
    I am having an issue do DHCP from the 6500, and was hoping someone cant help. So, I tried to setup DHCP from the FWSM to the clients and this worked fine with giving out the IP, however the gateway for devices on the inside is supposed to be the 6500, not the FWSM, which is why the clinets wouldn't get out to the internet. Do I need to set up DHCP relay on the FWSM or does anyone know the way I can setup DHCP on the 6500 to give out IP's to the clients. Again just to reiterate, when I setup DHCP on the FWSM the clinets get the IP's but do not get out to the internet and when I setup DHCP on the 6500 the clients do not get an IP. Also I know tghis is a dhcp issue becasue when I assign a static address on the network the clients get out fine. Thanks in advance for the help!
    6500 Config
    ip dhcp pool TEST
       network 1.1.1.0 255.255.255.0
       default-router 1.1.1.1
       dns-server x.x.x.x y.y.y.y
    FWSM Config
    FWSM/TEST# show run
    interface Vlan3
    nameif outside9
    bridge-group 1
    security-level 0
    interface Vlan203
    nameif inside9
    bridge-group 1
    security-level 100
    interface BVI1
    ip address 1.1.1.4 255.255.255.0
    passwd 2KFQnbNIdI.2KYOU encrypted
    access-list INSIDE1_IN extended permit ip any any
    global (outside1) 1 x.x.x.x
    nat (inside1) 1 1.1.1.0 255.255.255.0
    access-group INSIDE1_IN in interface inside1
    route outside1 0.0.0.0 0.0.0.0 1.1.1.1 1
    FWSM/TEST#

    Hello Alain,
    Thanks for your quick response. I attached a Diagram of the layout. Just to let you know this is an FWSM with many virtual contexts and most including this one that are Transparent. I understand that I need an access-list on both ends to specifiy so the FWSM opens it, I am just having issue because the FWSM sees this as unsual traffic and the access-list needs to be on-point to work. Thank you for the response and I'll look forward to hearing back from you.

  • VRF and DHCP issue

    VRF and DHCP issue
    We have a 6500 ( 12.2 (33) SXH5 ) that has a VRF running for our guest network. On this 6500 resides the DHCP pool with a range defined for our guest network. We have a stack of 3750's (12.2 (46) SE) connected to the 6500 with a L3 connection. The 3750's have a local guest VLAN with its gateway defined in a VLAN interface. This VLAN on the 3750 has an IP helper address pointing to an IP within the VRF on the 6500. When debugging DHCP on the 6500, a request is received and sent back out. The client never receives this request.
    If a static IP is applied, the client is able to communicate anywhere within the VRF successfully (including pinging the IP within the helper-address. As many posts have pointed out - there is no VRF <name> under the ip dhcp pool <name> within the 6500. I am just wondering if anyone else has run into this and what their solution was.
    Thanks.

    Hi,
    I have tested the dhcp server and vrf on Cisco 3640 and it is working without VRF under the ip dhcp pool. Please ensure that you have configured routing for the dhcp-relay agent(VLAN facing dhcp client on 3750 in your case).

  • Clear dhcp lease in WLC internal server WLC 6.0.199

    Hi,
    How to clear dhcp lease in WLC 6.0.199 from the IP leased from internal server?
    merci,
    arun

    In 7.0 You can use the cli command (might be there in later 6.0 but I can't test ATM)
    Config dhcp clear-lease then either the up address or all
    Config dhcp clear-lease 192.168.100.0
    Or
    Config dhcp clear-lease all
    If not the only way to clear the leases is a reboot of the WLC.
    Steve
    Sent from Cisco Technical Support iPhone App

  • Wireless dhcp issue after upgrading WLC to 7.6.100

    Hi All,
    We have upgraded our controllers to version 7.6.100. After upgrading, the access points also upgraded their version to 15.2(4)JB3. But, the problem is that after this process the APs do not get IP. It stays on this state:
    *Sep 26 03:55:36.334: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
    Not in Bound state.
    The DCHP configuration is OK, since it is working in other two controllers we have and that we are not upgrading untill this issue is solved.
    If we connect the APs via console and configure a static IP and controller's IP, the AP registers and works fine. But, the access points are located in 20 remote sites, so we would like to avoid going site by site.
    Has anyone suffered this issue and knows how to "recover" those access points?
    Thank you very mucho for your help!

    Hi,
    Thank you for your answer conraddaniel.
    But, our issue was an error on the DHCP. The DHCP server pool for the APs was configured with lease time infinite (on a Cisco 6500). After capturing the packets and debugging on the AP we realized that the AP were receiving wrong values:
    DHCP: Scan: Renewal time: 2147483647
    DHCP: Scan: Rebind time: 536870911
    So, on the AP debugging we saw:
    DHCP: Scan: Renewal time larger than Rebind time
    On Cisco documentation:
    T1 Timer(Renewal) After a certain portion of the lease time has expired, you attempt to contact the server that initially granted the lease in order to renew the lease so its IP address can still be used.
    T2 Timer(Rebinding) If renewal with the original leasing server fails, because, for example, the server was taken offline, then you ideally try to rebind to any active DHCP server and try to extend its current lease with any server that allows it to do so.
    These T1 and T2 timers can be any values, but must be less than the IP address lease duration. T1 Timer must be less than T2. Generally T1 is set to 50 percent of the lease duration and T2 is set to 87.5 percent of the lease duration. Use this rule to set T1 and T2 timers.
    On the previous version of the WLC, the DHCP was configured in the same way and we confirmed that the APs received same times, but they ignored those wrong values.
    The workaround was to modify the lease time of the DHCP pool (1 day). This way, both timers had valid values and the APs accepted the DHCP OFFER. We still do not know why with lease infinite these timers have wrong values (a bug?).

  • DHCP/ARP issue in WLC

    We have an issue where the client PCs are not receiving IP address from DHCP though they get authenticated.  Clients with static IP address don't have any issue.  I get the below DHCP error message from the logs,
    %DHCP-4-INVALID_VLANID_ARP: dhcp_proxy.c:1035 ARP table stores invalid vlan id 0, for the IP Addr 0x85. Expected vlan id for this ip address is 174616833
    And in the ARP table, I see an invalid arp entry for the gateway IP address for a particular VLAN.
    00:0D:BC:2B:76:BF   10.104.113.1     2      0      Host
    While this MAC address should be learned from port 1 and in VLAN 133, it shows as port 2 and VLAN 0.  The ARP entry gets corrected itself when I flush the ARP cache or if I do a ping to the IP from WLC.
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    kwe-wireless                     1    133      10.104.113.2    Dynamic No     No
    WLC Model - 4402
    OS Version - 5.1.151.0

    Well just for information purpose, the v5.x is the worst code version out there. Since you have 4400's, I would upgrade to v7.0.x. Makes ire your AP's are compatible by looking at this list.
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    Sent from Cisco Technical Support iPhone App

  • WLC 5508 HA Anchor DHCP issue

    Hi Cisco Support Community,
    I am currently notice some issues within my WiFi infrastructure.
    Our infrastructure is setup with a 8510 WLC high availability cluster (AP SSO) and a 5508 WLC high availability cluster (AP SSO) as mobility anchor within the DMZ zone.
    The issue I noticed is that if there is a switchover on the 5508 WLC high availability cluster the users wont be able to receive a DHCP IP address.
    I already read some of the other threads regarding this topic. (About Mobility Anchor: Policy Manager State = DHCP_REQD) (DHCP Anchor controller problem.)
    But unfortunately I was unable to find any solution for my issue.
    We currently have three SSID´s with anchoring active and I have noticed that only the SSID´s with layer 3 security enabled are affected by this issue.
    The one SSID with PSK and MAC Auth are not affected by this issue.
    I already checked the configuration for the SSID´s between the main controller and the anchor controller the SSID´s are configured the same except the breakout interface.
    Even the described SSID with PSK and MAC Auth configured uses the same breakout interface as one of our layer 3 security enabled SSID´s.
    The configuration works so far only in case of failover the clients connected to one of the SSID´s with layer 3 security enabled are unable to receive a IP address by the DHCP server.
    I also performed some troubleshooting for the client on the anchor side.
    I added part oft the troubleshooting outputs as workingssid.txt and notworkingssid.txt to this thread.
    Maybe one of you guys have some advice for me to address the issue.
    Thanks for your support in advance
    With kind regards
    Benedikt

    As far as your L3 roaming is concerned ,Make sure your using latest and most stable firmware for WLC,
    Make sure Mobility group are same and config on WLCs before switchover happens. Make sure if DHCP is out the network then option 43 is set and you are able to get ip from both WLC manually and able to ping. Make sure AP-manager interface virtual ip is set. Make sure SSO is enabled on both controller.
    Check the following link also.
    https://supportforums.cisco.com/discussion/11662541/layer-3-roaming-and-dhcp
    Please confirm and mark it correct answer if your issue resolved.

  • Client DHCP issues with 4400 WLC

    Authentication to ACS working okay.
    Clients are unable to obtain an IP from DHCP.
    DHCP server is configured on a dynamic interface but is on a different subnet located in a branch office. DHCP scope is running on a 4500 switch in the branch.
    Is it preferable to have DHCP running on the internal WLC or a DHCP server close to the WLC rather than at the remote location?
    TIA

    Usually you don't want to have a dhcp server on a remote site, but it also should work as long as wired users are able to obtain an IP from the remote dhcp server. Preferred, like I said is to have a local dhcp, but if that doesn't work for you, then configuring the wlc to bbe a dhcp isn't a bad think either. Some like to have more control over the dhcp.

  • Device issue with WLC (excluded client)

    I have a single client that is having issues staying connected to my WLC running code 7.0.220.0
    Here are the debugs, it just keeps on looping:
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Adding mobile on LWAPP AP 10:8c:cf:78:93:80(0)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfMsAssoStateInc
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Idle to Associated
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:07.362: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:07.362: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:08.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:08.361: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:09.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:09.362: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 0
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.955: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:13.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:13.965: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:14.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:14.962: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:15.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:15.965: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 1
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:20.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:20.561: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:21.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:21.561: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:22.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:22.562: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 2
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *apfMsConnTask_0: Jul 18 10:41:26.116: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:27.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:27.162: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:28.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:28.162: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:29.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 3
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Blacklisting (if enabled) mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a apfBlacklistMobileStationEntry2 (apf_ms.c:4294) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Exclusion-list (1)
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 44) in 10 seconds
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 START (0) Reached FAILURE: from line 4025
    *dot1xMsgTask: Jul 18 10:41:29.164: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState:      START
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 8
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:39.165: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 46) in 60 seconds
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a apfMsExpireMobileStation (apf_ms.c:5131) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Exclusion-list (1) to Exclusion-list (2)
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [10:8c:cf:78:93:80]
    *apfMsConnTask_0: Jul 18 10:41:51.799: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:52.313: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:53.316: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:54.320: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:55.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:56.326: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.292: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.339: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:00.342: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:01.346: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:02.349: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:03.352: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Received Idle-Timeout from AP 10:8c:cf:78:93:80, slot 0 for STA 00:40:96:b8:78:7a
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Ignoring delete request from AP due to mobile in exclusion list or marked for deletion already
    *apfMsConnTask_0: Jul 18 10:42:08.127: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:08.370: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:09.373: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:10.377: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:11.380: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:12.383: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:27.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:28.438: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:29.441: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:30.445: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:31.448: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.045: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.467: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:37.470: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:38.474: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *osapiBsnTimer: Jul 18 10:42:39.169: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a apfMsAssoStateDec
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a Deleting mobile on AP 10:8c:cf:78:93:80(0)
    Can anyone tell me why this is happening?
    Thank You

    Auth succeeded from AAA server side but there is a problem with 4-way handshake. It is obvious the problem is with the client because it does not reply the message 2 of the handshake.
    What is this client?
    Try upgrading the driver or the firmware. That sort it out.
    Sent from Cisco Technical Support iPad App

  • 2100 wireless LAN controller intermittant DHCP issue does not respond to clients

    Hi everyone,
    I have been struggling with a difficult problem for some time now:
    The cisco 2100 wlan controller I have is configured with a dhcp scope in the same ip address range as its WLAN. The configuration works and on a good day I have up to 200 clients connecting with out issue. In the web interface they display as associated and authenticated
    On a bad day I find I will begin seeing about 50-80% of all new devices that attempt to join the WLAN show up as associated but not authenticated. These clients end up self assigning themselves a 169.254.0.0/16 (APIPA) address
    When my controller / WLAN enters into this state: if clients leave the WLAN they typically fail to get back on and successfully authenticate. By the end of a day around 80-90% of all devices are essentially without Internet access due to this issue.
    Rebooting the controller and or APs typically makes no difference or makes things worse – although sometimes it appears to resolve the issue. The same holds for disabling the entire wlan for about 10 minutes and then re enabling it.
    Im using 1130 cisco aironet APs with the controller. I have checked extensively for interference and congestion – I think I have congestion – some APs typically host 40 to 90 devices. However as mentioned on a good day the wlan will host 200 devices all day without any issue and some APs will host 50 to 70 devices without major issue.
    I can provide more specifics if anyone should need – eg firmware, IP addresses, exact model numbers etc.
    Please let me know if anyone has seen something like this before ?
    I believe the 2100 is rated to handle up to 350 devices and its recommended not to load a 1130 AP with more than 25 devices ??
    Regards
    Matthew

    Hi Amijad, Hi George:
    Thank you both for your time in considering my situation.
    I will think about implementing an independant DHCP server; im really wondering if the equipment is just overloaded
    - What software versoin the WLC uses?
    Product Version.................................. 6.0.199.4
    RTOS Version..................................... 6.0.199.4
    Bootloader Version............................... 4.0.191.0
    Emergency Image Version.......................... 6.0.199.4
    PID: AIR-WLC2106-K9, VID: V05
    - What ports of the WLC are connected to the neighbor swtich? one or more?
    2 ports connect to the neighbor switch on separate vlans
    - port 1 is vlan 0 and hosts the management and ap-management IPs for the wlan controller
    - port 2 is vlan 1 and hosts the wlan
    - the controller has one dhcp scope defined on port 2 for the WLAN
    - What is the security of your WLAN?
    WPA+WPA2
    AES
    PSK
    - Do you have "DHCP required" enabled on the WLAN?
    yes DHCP required is enabled in the WLAN
    please let me know if you have any additional advice.
    regards
    Matthew

  • AP 1140 DHCP Issue

    Hi All
    I am installing a 3750 switch with integrated controller and 12 x Cisco 1140 AP's. I have configured the 3750 WLC with a management and AP Manager IP address along with 3 WLAN profiles and security settings. I am confident that these are correct, and in any case are, I believe, not related to the problem I have.
    None of my AP's would connect to the controller and when I checked the DHCP (Windows Server) server they had not been issued with an IP address. I logged into an AP via the console and saw the following message "Not sending discovery request AP does not have an ip" If I plug a laptop into the port the AP connects to I pick up an IP address without a problem from the DHCP server. This is not a faulty AP issue as none of the AP's are getting an IP address.
    The only other relevant fact is that the Windows DHCP server is on a different subnet (VLAN)though I have enabled DHCP forwarding which obviously works as my laptop gets an IP address.
    I have raised this with Cisco TAC and their first response has been to get me to configure Option 43. I will try this but am not expecting it to work as the only thing this will do is to return the IP address of the controller. My AP's however are not getting any response.
    Any suggestions as to how to resolve would be gratefully received.

    Wouldn't option 43 only work when the AP's are actually getting an IP address?
    Could you post an extended capture of the AP output during the boot and lack of join?
    To make sure you connectivity is what it should be, you could always try manually assigning an IP address to the AP, and also manually tell the AP the controller IP address. If that works, then you likely have a problem with your DHCP server or scope definition. Do you have any MAC assignments/reservations in the DHCP scope? Have you tried reserving the AP IP addresses by MAC address within the relevant DHCP scope?

Maybe you are looking for

  • Roaming Profiles not working when Lenovo Hotkey Client Loader is running on Win 8.1 laptops

    This issue seems to be Windows 8.1 related.  Specifically it is affecting all our X1 Carbon, and T440S laptops running Windows 8.1, but NOT 430S running Windows 7. Basically roaming profiles were creating the proper folder on the file server but the

  • Exporting audio meta data for Speech Analysis.

    Working on a video project that has about 4hrs of recorded audio. Using Premiere Pro CS6/Media Encoder's Speech Analysis I processed all of these audio tracks which added the "Analysis Text" to their metadata. I need to provide all of this text to my

  • Multiple Database in J2ee Application

    Dear sirs, I have a J2ee application which is running in JBOSS Server. The Data tier is MySql. Now the scenario is like this, We are having two clients, and the clients have different sub users. The clients are using two seperate database for the sam

  • So disappointed in Apple

    I love Apple products, but last week, Apple really disappointed me. For the first time, Apple made me regret buying the iPhone. Last week, I preordered an iPhone 5 at a Best Buy store, which should have been delivered on the 21st when Apple released

  • Downloading a PDF option

    Hi. I was wondering if it is possible to share a pdf file but not have the download button? I want to share a file but I don't want to allow the users to be able to download the file to their computer. Thanks in advance for help. Lesli