DOT1X-3-MAX_EAPOL_KEY_RETRANS???

Similar Messages

• %DOT1X-3-MAX_EAPOL_KEY_RETRANS messages

  I habe been seeing lots of this message on WLC log.
  All of them refer to mobile phones.
  *dot1xMsgTask: Mar 25 16:57:27.787: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 8c:00:6d:5c:4e:35
  Is it necessary a specific configuration for mobile phones ?

  In fact i do not have a specific wlan for mobile phones.
  I have a wlan where all wi-fi clients can login
  (Cisco Controller) >show wlan 1
  WLAN Identifier.................................. 1
  Profile Name..................................... impa-nwl
  Network Name (SSID).............................. impa-nwl
  Status........................................... Enabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Disabled
  Network Admission Control
    Radius-NAC State............................... Disabled
    SNMP-NAC State................................. Disabled
    Quarantine VLAN................................ 0
  Maximum number of Associated Clients............. 0
  Number of Active Clients......................... 105
  Exclusionlist Timeout............................ 60 seconds
  Session Timeout.................................. 1800 seconds
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ wifi-clients
  Multicast Interface.............................. Not Configured
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  Static IP client tunneling....................... Disabled
  Quality of Service............................... Silver (best effort)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  WMM UAPSD Compliant Client Support............... Disabled
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Enabled
        WPA (SSN IE)............................... Enabled
           TKIP Cipher............................. Enabled
           AES Cipher.............................. Enabled
        WPA2 (RSN IE).............................. Enabled
           TKIP Cipher............................. Enabled
           AES Cipher.............................. Enabled
     Auth Key Management
           802.1x.................................. Disabled
           PSK..................................... Enabled
           CCKM.................................... Disabled
           FT(802.11r)............................. Disabled
           FT-PSK(802.11r)......................... Disabled
  FT Reassociation Timeout......................... 20
  FT Over-The-Air mode............................. Enabled
  FT Over-The-Ds mode.............................. Enabled
  CCKM tsf Tolerance............................... 1000
     CKIP ......................................... Disabled
     Web Based Authentication...................... Disabled
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Local Authentication................... Disabled
     H-REAP Learn IP Address....................... Enabled
     Client MFP.................................... Optional
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  SIP CAC Fail Send-486-Busy Policy................ Enabled
  SIP CAC Fail Send Dis-Association Policy......... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled
   Mobility Anchor List
   WLAN ID     IP Address            Status

• AIR-LAP1242G-E-K9 do not work with AIR-CT5508-K9 while AIR-LAP1142N-E-K9 do

  Hello,
  we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version                  6.0.188.0.
  AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.
  However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.
  The APs and controllers are connected to the LAN campus.
  Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-vz.122-33.SXI1.bin on it.
  APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.
  Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.
  I performed some troubleshooting steps.
  - As we have some other controllers available over WAN, I  tested the 1242 AP  with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version                  6.0.188.0 over WAN and this worked always okay.
  - I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.
  - I also brought the second controller down to eliminate potential issue with having two of them up.
  - The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.
  - I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.
  - As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options  under Security/AP Policy,but this did not help.
  - I also tried to reboot the controller, no improvement.
  - The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.
  I can reproduce this, can also send debugging logs if needed.
  Any idea on what could be wrong is highly appreciated.
  Thank you.
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  AIR-LAP1242G-E-K9 10.0.13.28 log
  *Mar  1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
  *Mar  1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0
  *Mar  1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)
  *Mar  1 00:00:09.809: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
  *Mar  1 00:00:09.874: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Mon 02-Nov-09 18:42 by prod_rel_team
  *Mar  1 00:00:09.874: %SNMP-5-COLDSTART: SNMP agent on host wuen4028 is undergoing a cold start
  *Mar  1 00:00:09.964: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Mar  1 00:00:09.967: bsnInitRcbSlot: slot 1 has NO radio
  *Mar  1 00:00:10.191: %SSH-5-ENABLED: SSH 2.0 has been enabled
  *Mar  1 00:00:10.191: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:10.430: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:00:10.818: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
  *Mar  1 00:00:11.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:18.315: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.0.13.28, mask 2 55.255.255.0, hostname wuen4028
  *Mar  1 00:00:28.988: Logging LWAPP message to 255.255.255.255.
  *Mar  1 00:00:31.456: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
  *Mar  1 00:00:31.495: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:32.457: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:32.457: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
  *Mar  1 00:00:38.810: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
  *Mar  1 00:00:47.811: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
  *Mar  1 00:00:56.812: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
  *Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).
  *Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246
  *Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 11 07:52:25.441: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.13.5 peer_port:  5246
  *Feb 11 07:52:25.443: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5
  *Feb 11 07:52:25.443: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5
  *Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
  *Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5
  *Feb 11 07:52:30.441: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5
  *Feb 11 07:52:30.442: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5
  *Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
  *Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5
  *Feb 11 07:52:47.644: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
  *Feb 11 07:53:23.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
  *Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).
  *Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246
  *Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.
  *Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
  *Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
  *Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
  wuen4028#
  AIR-CT5508-K9 10.0.13.5 log
  *Feb 11 09:00:54.824: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
  omplete DTLS handshake with peer 10.0.13.28
                                             *Feb 11 08:59:53.798: %DOT1X-3-MAX_EA
  P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for
  client 00:1f:3b:93:dd:4f
  *Feb 11 08:59:51.197: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:c0:a8:e1:b1:71
  --More-- or (q)uit
  *Feb 11 08:59:21.212: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
  rector: Could not find valid channel lists for 802.11bg
  *Feb 11 08:58:39.766: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
  omplete DTLS handshake with peer 10.0.13.28
                                             *Feb 11 08:57:06.131: %RRM-3-RRM_LOGM
  SG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel
  lists for 802.11bg
  *Feb 11 08:56:24.504: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c
  omplete DTLS handshake with peer 10.0.13.28
                                             *Feb 11 08:55:09.693: %DOT1X-3-MAX_EA
  P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for
  client 00:1f:3b:93:dd:4f
  *Feb 11 08:54:51.040: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
  rector: Could not find valid channel lists for 802.11bg
  *Feb 11 08:53:56.493: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
  sions exceeded for client 00:1f:3b:93:dd:4f
  *Feb 11 08:53:34.497: %DTL-3-OSARP_DEL_FAILED: dtl_arp.c:1380 Unable to delete a
  n ARP entry for 10.0.13.28 from the operating system. ioctl operation failed
  *Feb 11 08:52:35.936: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
  rector: Could not find valid channel lists for 802.11bg
  *Feb 11 08:52:26.492: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
  sions exceeded for client 00:1f:3b:93:dd:4f
  *Feb 11 08:50:07.680: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
  sions exceeded for client 00:1f:3b:93:e6:57
  *Feb 11 08:48:37.458: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:1f:3b:93:e6:57
  *Feb 11 08:47:37.438: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis
  sions exceeded for client 00:1f:3b:93:e6:57
  *Feb 11 08:47:34.438: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:16:44:1d:0f:53
  *Feb 11 08:46:32.422: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-ke
  y M3 retransmissions exceeded for client 00:16:44:1d:0f:53
  *Feb 11 08:46:06.790: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:1f:3b:95:61:bd
  *Feb 11 08:46:06.789: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor
  ted for client 00:1f:3b:95:61:bd
  *Feb 11 08:46:06.210: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:1f:3b:93:e6:57
  *Feb 11 08:45:34.304: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident
  ity request retries (3) exceeded for client 00:1f:3b:95:61:bd
  *Feb 11 08:45:34.303: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor
  ted for client 00:1f:3b:95:61:bd
  *Feb 11 08:45:01.298: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di
  rector: Could not find valid channel lists for 802.11bg
  *Feb 11 08:44:38.076: %SIM-3-PORT_UP: sim.c:9547 Physical port 2 is up!.
  *Feb 11 08:44:38.037: %SIM-3-PORT_UP: sim.c:9547 Physical port 1 is up!.
  --More-- or (q)uit
  *Feb 11 08:44:38.009: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'cliWebInitParms.cfg'
  *Feb 11 08:44:37.980: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'rrcEngineInitParms.cfg'
  *Feb 11 08:44:37.980: %CNFGR-3-INV_COMP_ID: cnfgr.c:2105 Invalid Component Id :
  Unrecognized (81) in cfgConfiguratorInit.
  *Feb 11 08:44:37.928: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'rfidInitParms.cfg'
  *Feb 11 08:44:37.915: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'dhcpParms.cfg'
  *Feb 11 08:44:37.903: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'bcastInitParms.cfg'
  *Feb 11 08:44:37.834: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'rrmInitParms.cfg'
  *Feb 11 08:44:27.331: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'apfInitParms.cfg'                                            
  *Feb 11 08:44:27.226: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:903 Could not add Mobili
  ty Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, I
  P: 0.0.0.0
  *Feb 11 08:44:27.023: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'mmInitParms.cfg'
  *Feb 11 08:44:27.013: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'aaaapiInitParms.cfg'
  *Feb 11 08:44:27.011: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'pemInitParms.cfg'
  *Feb 11 08:44:26.898: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'dot1xInitParms.cfg'
  *Feb 11 08:44:26.868: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'capwapInitParms.cfg'
  *Feb 11 08:44:26.718: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'spamInitParms.cfg'
  *Feb 11 08:44:25.650: %SSHPM-3-FREAD_FAILED: sshpmlscscep.c:1395 Error reading f
  ile /mnt/application/lscca_pem.crt
  *Feb 11 08:44:06.435: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con
  figuration file 'sshpmInitParms.cfg'  

  Thanks for such quick response and suggestions.
  Yes, I seem not to to be 100% perfect as for the list of troubleshooting steps I took.
  I had already tried the two commands you mentioned. I tried again, this time with some other 1242, but these do not help.
  Yes, I was already thinking that this could be in theory a licensing issue. The controller is bougth with 25 licenses.
  In the beginnign I had one 1142 on it and tried to enable 1242s which did not work. Now I have five 1142s on it, as this worked okay, I guess it could not be a licensing issue.
  I think that I can see in the log files that the machines communicate to each other, L2 or L3 paths seem to be working okay. I forgot to mention that I am using option 43 on the DHCP server, so the AP clearly finds its way to the controller. What's more both APs and the controllers are in the same VLAN, so they are in the same broadcast domain.
  Below is sho ver from the AP. The AP seems to have Certificate type - manufacture installed, so I guess there should not be a problem with the certificate, especially knowing that the AP works with other controllers over WAN.
  My guess these messages seen on AP especially "Invalid event 38 & state 3 combination" might tell us what's wrong.
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  *Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.
  *Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246
  *Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
  *Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
  Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Mon 02-Nov-09 18:42 by prod_rel_team
  ROM: Bootstrap program is C1240 boot loader
  BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)
  AP9caf.ca00.1c78 uptime is 17 minutes
  System returned to ROM by power-on
  System image file is "flash:/c1240-k9w8-mx.124-21a.JA2/c1240-k9w8-mx.124-21a.JA2"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-LAP1242G-E-K9    (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FCZ135082GH
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from power-on
  LWAPP image version 6.0.188.0
  1 FastEthernet interface
  1 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 9C:AF:CA:00:1C:78
  Part Number                          : 73-11479-01
  PCA Assembly Number                  : 800-30493-01
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC13484GYY
  Top Assembly Part Number             : 800-29589-03
  Top Assembly Serial Number           : FCZ135082GH
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-LAP1242G-E-K9
  Configuration register is 0xF
  AP9caf.ca00.1c78#

• Cisco Flex 7500 controller with client disconnects

  Hey All,
  There will be alot of info in this post, hopefully all helpful, more info the better right!  If you require anymore info to help me out to not hesistate to request it.
  We have been having some issues with clients connecting and disconnecting several times a day and having to manually reconnect from the icon on their taskbar. We have about 380 APs, and 200+ more to deploy that we have and are licensed for but are having some issues that we want to resolve first obviously.
  Some locations our setup is a bit more complex than this with multiple SSIDs and vlans, but this issue is everywhere so i will keep it to our simple setup for now:
  AP Models: AIR-LAP1042N-A-K9, AIR-CAP1602I-A-K9 (Most locations do not have a mix of both, most have 1042s)
  Running a single SSID - WPA/WPA2 with: WPA - TKIP and WPA2 - AES on the same SSID. 
  They talk back to a Cisco Flex 7500 Series through a tunnel (should not be any port blocking preventing communication)
  We are running from what i understand a bad firmware version (7.6.100.0) and during our next maintenance window i am going to try and get them to change to a more stable firmware version.
  Data Rates of 1,2,5.5,11 Mbps are disabled
  TPCv1 coverage running
  Automatic Power Assignment
  I will not focus on the a/n/ac network as most of our devices are connecting to WPA due to the config they already have.
  Ideally i would like to get rid of WPA all together but i am not 100% in control of the decisions to get the started and people here like to delay things lol.
  It is hard to say if the issue is specific to a model as we have so few 1602Is, and it is just at our main office.  I have not heard many complaints but i have noticed i will now and then get a limited or no connectivity settings on my wireless icon on my PC.  I use hard-wired so i don't really notice if it is not working.
  In most locations it looks like the controller is doing a decent job at selection channels to use. I did find one spot where it had on 11 APs down a long hallway, and did not use channel 6 once. I statically set that location to stagger the channels to see what kind results we had and am still waiting to hear on that as they complained the most out of all of our locations. In some cases 3 APs in a row were on channel 1 in the hallway, in alot of casses 1 was 2 times in a row as well as 11 so there was alot of overlap.
  I am attaching my show sysinfo and show wlan 17 for that informtion, some of the other settings i have changed today that were previously enabled/set different are:
  Disabled Cisco Aironet IE
  Set channel automatic rescan from 10 mintues to 12 hours as i can image if it is changing the channels alot it can lead to disconnects.
  Some of the main things we get in our message log are:
  *dot1xMsgTask: Oct 16 15:17:36.943: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M5 retransmissions exceeded for client 84:85:06:0b:a6:33 
      - Not sure why we get this as we have a PSK and do not have local eap enabled.....
  *apfMsConnTask_6: Oct 16 15:19:01.753: #APF-3-AID_UPDATE_FAILED: apf_80211.c:6570 Error updating Association ID for REAP AP Clientc8:f9:f9:2b:fd:50 - AID 4
  *apfMsConnTask_6: Oct 16 15:19:01.753: #LWAPP-3-INVALID_AID2: spam_api.c:1462 Association identifier 4 for client 18:9e:fc:4d:9e:87 is already in use by 8c:2d:aa:b7:70:5e
      - There is a bug for this log, but according to the bug our 7.6.100.0 is not effected
  Here is my show sysinfo:
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.100.0
  RTOS Version..................................... 7.6.100.0
  Bootloader Version............................... 7.6.101.2
  Emergency Image Version.......................... 7.6.101.2
  Build Type....................................... DATA + WPS
  System Name...................................... Cisco_cf:17:26
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1295
  Redundancy Mode.................................. Disabled
  IP Address....................................... 10.156.50.100
  System Up Time................................... 52 days 5 hrs 54 mins 25 secs
  System Timezone Location......................... (GMT -4:00) Altantic Time (Canada)
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... CA  - Canada
  --More-- or (q)uit
  Operating Environment............................ Commercial (10 to 35 C)
  Internal Temp Alarm Limits....................... 10 to 38 C
  Internal Temperature............................. +22 C
  Fan Status....................................... OK
  RAID Volume Status............................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 13
  Number of Active Clients......................... 1584
  Burned-in MAC Address............................ 70:81:05:CF:17:20
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Present, OK
  Maximum number of APs supported.................. 600
  Here is my Show wlan 17
  WLAN Identifier.................................. 17
  Profile Name..................................... AirCCRSB
  Network Name (SSID).............................. AirCCRSB
  Status........................................... Enabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Disabled
  Network Admission Control
  Client Profiling Status
      Radius Profiling ............................ Disabled
       DHCP ....................................... Disabled
       HTTP ....................................... Disabled
      Local Profiling ............................. Disabled
       DHCP ....................................... Disabled
       HTTP ....................................... Disabled
    Radius-NAC State............................... Disabled
    SNMP-NAC State................................. Disabled
    Quarantine VLAN................................ 0
  Maximum number of Associated Clients............. 0
  Maximum number of Clients per AP Radio........... 200
  Number of Active Clients......................... 1768
  Exclusionlist Timeout............................ 60 seconds
  Session Timeout.................................. 28800 seconds
  User Idle Timeout................................ Disabled
  Sleep Client..................................... disable
  Sleep Client Timeout............................. 12 hours
  User Idle Threshold.............................. 0 Bytes
  NAS-identifier................................... Cisco_cf:17:26
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ management
  Multicast Interface.............................. Not Configured
  WLAN IPv4 ACL.................................... unconfigured
  WLAN IPv6 ACL.................................... unconfigured
  WLAN Layer2 ACL.................................. unconfigured
  mDNS Status...................................... Disabled
  mDNS Profile Name................................ unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  Static IP client tunneling....................... Disabled
  Quality of Service............................... Silver
  Per-SSID Rate Limits............................. Upstream      Downstream
  Average Data Rate................................   0             0
  Average Realtime Data Rate.......................   0             0
  Burst Data Rate..................................   0             0
  Burst Realtime Data Rate.........................   0             0
  Per-Client Rate Limits........................... Upstream      Downstream
  Average Data Rate................................   0             0
  Average Realtime Data Rate.......................   0             0
  Burst Data Rate..................................   0             0
  Burst Realtime Data Rate.........................   0             0
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  WMM UAPSD Compliant Client Support............... Disabled
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Disabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Global Servers
     Accounting.................................... Global Servers
        Interim Update............................. Disabled
        Framed IPv6 Acct AVP ...................... Prefix
     Dynamic Interface............................. Disabled
     Dynamic Interface Priority.................... wlan
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     FT Support.................................... Disabled
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Enabled
        WPA (SSN IE)............................... Enabled
           TKIP Cipher............................. Enabled
           AES Cipher.............................. Disabled
        WPA2 (RSN IE).............................. Enabled
           TKIP Cipher............................. Disabled
           AES Cipher.............................. Enabled
                                                                 Auth Key Management
           802.1x.................................. Disabled
           PSK..................................... Enabled
           CCKM.................................... Disabled
           FT-1X(802.11r).......................... Disabled
           FT-PSK(802.11r)......................... Disabled
           PMF-1X(802.11w)......................... Disabled
           PMF-PSK(802.11w)........................ Disabled
        FT Reassociation Timeout................... 20
        FT Over-The-DS mode........................ Enabled
        GTK Randomization.......................... Disabled
        SKC Cache Support.......................... Disabled
        CCKM TSF Tolerance......................... 1000
     WAPI.......................................... Disabled
     Wi-Fi Direct policy configured................ Disabled
     EAP-Passthrough............................... Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Disabled
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     FlexConnect Local Switching................... Enabled
     flexconnect Central Dhcp Flag................. Disabled
     flexconnect nat-pat Flag...................... Disabled
     flexconnect Dns Override Flag................. Disabled
     flexconnect PPPoE pass-through................ Disabled
     flexconnect local-switching IP-source-guar.... Disabled
     FlexConnect Vlan based Central Switching ..... Disabled
     FlexConnect Local Authentication.............. Disabled
     FlexConnect Learn IP Address.................. Enabled
     Client MFP.................................... Optional
     PMF........................................... Disabled
     PMF Association Comeback Time................. 1
     PMF SA Query RetryTimeout..................... 200
     Tkip MIC Countermeasure Hold-down Timer....... 60
     Eap-params.................................... Disabled
  AVC Visibilty.................................... Disabled
  AVC Profile Name................................. None
  Flow Monitor Name................................ None
  Split Tunnel (Printers).......................... Disabled
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  SIP CAC Fail Send-486-Busy Policy................ Enabled
  SIP CAC Fail Send Dis-Association Policy......... Disabled
  KTS based CAC Policy............................. Disabled
  Assisted Roaming Prediction Optimization......... Disabled
  802.11k Neighbor List............................ Disabled
  802.11k Neighbor List Dual Band.................. Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled
  Multicast Buffer................................. Disabled
   Mobility Anchor List
   WLAN ID     IP Address            Status
  802.11u........................................ Disabled
  MSAP Services.................................. Disabled
  Local Policy
  Priority  Policy Name

  As long as you take the configuration backup downgrading from 7.6.100.0 to 7.4.121.0 should be fine. Because this is Flexconnect deployment, make sure you review the release notes thoroughly as config like vlan mapping is impacted it is painful to reconfigure.
  I still think moving to 7.6MR3 & once 8.x get stable going for that code is a good plan. Though 7.4.121.0 is assure wave it does not mean it has no bugs.(remember that prior to this 7.4.110.0 was assure wave & it deferred in quick time) . I would say 8.x going to be the code staying for long time period, so ultimately you have to be there.
  In 8.x there are few FlexConnect improvements,one being AP won't reload when you change from local mode to FlexConnect.
  HTH
  Rasika
  **** Pls rate all useful responses ***

• WLC 5508 - wlan stability problems

  Hi.
  I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).
  They have been working but sometimes clients detect conectivity problems with the wlan.
  Here is the message log I can obtain from the controller:
  Nov 09 12:16:31.886: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32Previous message occurred 7 times.Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*apfReceiveTask: Nov 09 11:51:30.788: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *spamApTask2: Nov 09 11:51:20.144: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.23.1.118*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67*apfReceiveTask: Nov 09 11:50:40.672: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:38.625: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:35.531: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:31.068: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:29.257: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:28.707: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  Can somebody help me to understand these messages?
  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  3)
  *dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67
  Thanks

  1)
  *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
  //APs are rebooting. don't panic, check the up time of AP. This message seen when AP rebooted/freshly joined and waiting for wlc to assign channel.
  2)
  Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
  //It is cosmetic and can be ignored.
  3)
  *dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32
  //Keys M1-M5 used for wireless auth, here client having struggle completing the auth process.
  get output of, WLC>debug client

• WLC-5508 (7.0.98.0) - logs

  We are seeing the below logs on the 5508 controllers running on 7.0.98, can someone help me with the resolution
  <134>Airespace_01: *apfProbeThread: Mar 05 14:53:46.938: %APF-6-PROC_DOT11_MAC_MGMT_DATA_FAILED: apf_80211.c:7138 Could not Process 802.11 MAC mgmt Data. Invalid toDs/fromDs bit set - packet ignored. [...It occurred 36 times/sec!.]
  The above log occured around 60,000 times in last 7 days (not for the same client) - a quick google search led me to CSCtf38685 Bug
  Resolution-- Upgrade ( please let me know if this not the correct or if there is a work around for this)
  <132>Airespace_01: *apfMsConnTask_2: Mar 05 16:39:44.178: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:2998 Failed to process an association request from 00:17:23:0a:a5:40. WLAN:8, SSID:XXXXX. mobile in database timed out
  The above log occured around 15,000 times in last 7 days (not for the same client)
  Resolution- Increase the user Idle Timeout value ( default 300 sec)-- Please let me know if this is not the correct resolution
  <133>Airespace_01: *mmListen: Mar 05 17:11:43.787: %OSAPI-5-OSAPI_INVALID_TIMER: timerlib.c:542 Failed to retrive timer
  The above log occured around 19,000 times in last 7 days (not for the same client)
  Resolution-- Upgrade ( please let me know if this not the correct or if there is a work around for this)
  <132>Airespace_01: *apfOrphanSocketTask: Mar 05 17:51:11.325: %APF-4-REGISTER_IPADD_ON_MSCB_FAILED: apf_foreignap.c:1283 Could not Register IP Add on MSCB. MSCB still in init state. Address:cc:08:e0:ca:62:70
  The above log occured around 5,000 times in last 7 days (not for the same client)
  Resolution- Reboot the controller-- We rebooted the controller but that didn't fix the issue- any other work around
  131>Airespace_01: *dot1xMsgTask: Mar 05 17:51:03.312: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 00:17:23:0e:9c:34
  I have only one SSID that have 802.1x enabled and there are no clients associated with that SSID, is there a way to check which SSID the clients in the above log are trying to get on to?
  Thanks for your help....
  Siddhartha       

  Thanks Scott,
  We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
  we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.98.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... N/A
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
  Build Type....................................... DATA + WPS
  System Name...................................... Airespace_01
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.0.0.201
  Last Reset....................................... Power on reset
  System Up Time................................... 9 days 2 hrs 57 mins 21 secs
  System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
  Is the below Upgrade Path make sense ?
  1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
  2. Upgrade the secondary controller and reboot
  3. Failover the APs to secondary controller and test
  Siddhartha

• No Web Authentication - but excluded client with reason code 4

  Hello,
  we are using a WLC 4400 with Software Version 5.0.148.0 and WCS Version 5.0.56.2.
  Access Points are AIR-LAP1131AG-E-K9.
  We have problems with one client (Windows XP SP3). The computer loses the wireless connection all the time, but we don't know why. Duration of the connections are different.
  So there are a lot of minor alarms saying “Client which was associated with AP, interface '0' is excluded. The reason code is '4(Web Authentication failed 3 times.)'.”
  But the wireless lan which is used by the client is not configured with Web Authentication!! It is only using MACFilter. That's very strange! (There is another wireless lan configured with Web Authentication.)
  The minor alarms are created by different Access Points, amongst others by the Access Point where the client is connected to! (All Access Points radiate all wireless lans.)
  Regarding to this client the SyslogServer often says:
  Sep 17 16:01:57.187 1x_ptsm.c:404 DOT1X-3-MAX_EAPOL_KEY_RETRANS: Max EAPOL-key M1 retransmissions exceeded for client LOCAL USE 0 ERROR CONDITION
  Sep 17 16:02:07.885 1x_ptsm.c:511 DOT1X-3-PSK_CONFIG_ERR: Client may be using an incorrect PSK LOCAL USE 0 ERROR CONDITION
  Last week I tried the trouble shooting of the WCS with the following effect:
  Time :09/18/2009 19:01:39 Message :Controller association request message received.
  Time :09/18/2009 19:01:39 Message :Association request received from a client has an invalid RSN IE.(One reason could be mismatch in WPA2 algorithm).
  Time :09/18/2009 19:01:39 Message :Received reassociation request from client.
  Time :09/18/2009 19:01:39 Message :The wlan to which client is connecting requires 802 1x authentication.
  Time :09/18/2009 19:01:39 Message :Client moved to associated state successfully.
  Time :09/18/2009 19:01:39 Message :802.1x authentication message received, static dynamic wep supported.
  Time :09/18/2009 19:01:39 Message :802.1x authentication was completed successfully.
  Time :09/18/2009 19:01:39 Message :Client has got IP address, no L3 authentication required.
  I think the problem is hidden at the client but I don't know what it could be. The PSK can not be incorrect because the client is able to connect to the wireless lan but later loses the connection.
  Does somebody has an idea or knows the error messages?!
  Greetings lydia

  Hi,
  I'm exactly with the same problem! Can you please tell me if you were able to solve this?
  Thank you!
  Best regards,

• WLC 5508 centrally switched client errors

  Hello,
  I am having trouble with a newly configured install.  Basically it seems that my centrally switched guest SSID is not functioning.  As you change AP groups, which should change the interface associated with the SSID and also the dhcp client address, the client is retaining the original dhcp address from whichever AP group they first associated with. 
  I also have a locally switch WPA2 SSID at each location which is working fine.  Clients are able to change dhcp address correctly as they move between AP groups.  It just doesn't seem to be working on the guest network, which is odd because it was working earlier in the install.  It has only started having issues yesteday afternoon. 
  It does not always coincide with the guest errors but I am generating these logging errors:
  *DHCP Socket Task: Aug 17 15:09:23.526: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'may89-guest_vb_122'. Marking interface dirty.
  The interface above is assigned to the guest SSID in one of the AP group.  I assume this has something to do with it but I've been over my DHCP assignments on the core switch, local switch, controller, and dhcp server and can find no issue with the configuration.....Also the fact that it was working earlier this week.
  I also seem to be generating a high amount of:
  *dot1xMsgTask: Aug 17 14:46:22.844: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  I am not sure why as I am not using DOT1X at all.  The guest is a pass-thru and the WPA2 network is just WPA + WPA2 with TKIP and AES.  No DOT1X anywhere on the controller...

  I think I might know what to do.  Could I just create an interface group for each controller and place all of my individual guest interfaces within that group.  Then I could just assign that interface group to each of my AP groups so every AP group would have access to all of the guest interfaces on the controller.  I think the reason it is not currently working is because the AP group at my location is set to a specific interface and the ip addresses when I roam are from different interfaces not set for the AP group.  I am basically being blocked by the AP group/guest interface because my ip address belongs to the wrong interface. 
  I think an interface group would solve that problem.  The only other issue would what if I roam to an AP group on the other controller.  Could I just set up a mobility group and place both controllers in that group?  If they both have the UP status in the same mobility group would that allow inter-controller roaming?

• Windows XP Home on WLC 4402

  Hi,
  I have a WLC 4402 Wireless LAN Controller with multiple 1231 AP on LWAPP. WLAN has security setting on WPA+WPA2 with PSK share key. All computers in domain are fine, wireless connections are steady. I have a group of students use Netbook on Windows XP Home SP3 got connection and drop situation. Event ID on XP has continuous 4201 and 4202 cases, and on WLC log I have also continuous log as
  *Apr 19 10:35:44.046: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 00:26:5e:eb:fd:0a
  I understand XP Home has no certificate from Domain environment therefore I didn't setup any AAA server service. How can this problem be resolved? Keep trying on security combination, but no luck. Please Help. Thanks.
  Attachment is WLC configuration file without encryption.

  Hi, Kayle
  Thanks for quick reply. Its not ASUS EeePC but ASUS s10e. The wireless LAN device is Broadcom 802.11g. I check with Lenono System Update, no newer driver available. Thanks.

• Syslog errors on Wireless..

  Folks - I am trying to determine if the huge amount of client side errors I see in our logs is normal.  We setup WCS a couple of years ago, and I have been having a constant battle with trying to resolve alot of, what appear to me, client side errors.  I have tried tweaking the controllers logging, but my syslog still gets hundreds of messages like those below -  So, I am just curious - is this normal, or do I have a much much bigger issue?
  2011-06-15 00:00:30
  Local0.Error
  10.1.1.151
  WISM1: *dot1xMsgTask: Jun 15 00:00:30.306: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:23:15:47:54:28
  2011-06-15 00:01:57
  Local0.Error
  10.1.1.151
  WISM1: *dot1xMsgTask: Jun 15 00:01:57.906: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client 00:23:4d:3e:6c:9b
  2011-06-15 00:03:27
  Local0.Error
  10.1.1.151
  WISM1: *dot1xMsgTask: Jun 15 00:03:27.708: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (21) exceeded for client 00:24:d6:1d:55:b2
  2011-06-15 00:03:54
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:03:55.061: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:23:15:62:7b:14
  2011-06-15 00:05:15
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:05:15.139: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:23:15:61:e6:28
  2011-06-15 00:05:15
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:05:15.139: %LOG-3-Q_IND: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:23:15:62:7b:14
  2011-06-15 00:06:50
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:06:50.230: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:23:15:62:74:1c
  2011-06-15 00:06:50
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:06:50.230: %LOG-3-Q_IND: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:23:15:61:e6:28
  2011-06-15 00:06:50
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:06:50.235: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:23:15:62:72:38
  2011-06-15 00:06:51
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:06:51.112: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:23:15:62:74:1c
  2011-06-15 00:06:51
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:06:51.131: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:23:15:62:72:38
  2011-06-15 00:08:33
  Local0.Error
  10.1.1.151
  WISM1: *Dot1x_NW_MsgTask_0: Jun 15 00:08:33.329: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:24:d6:1d:5d:1e
  2011-06-15 00:09:30
  Local0.Error
  10.1.1.151
  WISM1: *dot1xMsgTask: Jun 15 00:09:30.513: %LOG-3-Q_IND: 1x_eapkey.c:708 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; len 24, key type 1, client 00:24:d6:1d:5d:1e
  2011-06-15 00:09:30
  Local0.Error
  10.1.1.151
  WISM1: *dot1xMsgTask: Jun 15 00:09:30.513: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client 00:23:4d:3e:6f:39

  This is roaming breaking because of possibly :
  -bad coverage between APs
  -interference/high load
  Little you can do from a config perspective apart from analyzing where those happen and see if they are indeed related to coverage or whatsoever

• Handhelds disconnects randomly

  Hi,
  We have a 4404 WLC. Handhelds are disconnecting randomly. I am getting :
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  *Dec 17 14:32:02.151: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client 00:0b:6b:af:1b:as
  these logs. I set the EAPOL key timeout ve retries to maximum values but still getting the logs.
  We use like 30 handhelds. 7-8 of them disconnects randomly. The handhelds are reconnecting after 15 minutes which is along time for us. I have looked at the handheld logs it retransmits the key and gets timeout. I have tested the field with 3 handhelds while roaming. None of them disconnected but sometimes handhelds disconnects. Maybe this happens on same handhelds. I will look for it.
  I have searched the forum but couldn't find any solution. I use agressive load balancing. WPA/WPA PSK for authentication.
  Software Version                 6.0.196.0
  Any trick on handhelds or on WLC side that can be done?
  I found this article = http://intermec.custhelp.com/app/answers/detail/a_id/9432
  Will try to set these setting on the handhelds. Maybe some of you experience the problem.

  These bugs should be related to both 5508 and 4400, pls. see Cisco's software advisory:
  http://www.cisco.com/web/software/Wireless/Deferral/Software_Advisory_6_0_196_0.html
  You can try both versions to see if the bugs be fixed. If your problem still not fix after upgrade, you have to open debug(debug client xxx) in WLC, use some wireless analyzing tools to capture the packets and check what happened during the disconnection(always remember to use NTP to sync all the related equipments' time). And of course, call Cisco TAC.
  Before that, you definately should do some site survey to see if there's any coverage hole, also do some testing especially with simple environment as suggested by George. For example, firstly choose open, no ecryption for the WLAN, no session time out, no aironet extention, no dhcp(using static IP), enable low data rate such 1M/2M, etc. then test it, if problem disappear, then add more parameters towards your final enviroment to see which parameter cause the disconnection. If problem still exist, you need to check Intermec wlan driver, call TAC.

• Wireless Controlers 4402 + SSID

  We have 2 controlers wireless 4402 and we have 1 ssid on it with security WPa-tkip , The ssid is CXXX
  Now, I want to add another SSID , like CYYY,  I did it and it seems to work ok
  But now, The IT told me that since I add that second SSID on the controlers .
  All the RF are always  getting disconected.
  Here's the message log on one of my controlers
  WLAN requiring WPA and/or WPA2.MobileStation: 00:1e:ec:50:0c:67, SSID:C097,AP: 00:16:46:2c:37:50.
  *Mar 02 11:42:25.693: %APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2234 Could not process the RSN and WARP IEs. station not using WPA or WPA2 on WLAN requiring WPA and/or WPA2.MobileStation: 00:1e:ec:50:0c:67, SSID:C097,AP: 00:16:46:2c:37:50.
  *Mar 02 11:41:30.798: %APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2234 Could not process the RSN and WARP IEs. station not using WPA or WPA2 on WLAN requiring WPA and/or WPA2.MobileStation: 00:1e:ec:50:0c:67, SSID:C097,AP: 00:16:46:2c:37:50.
  *Mar 02 11:41:30.597: %APF-1-PROC_RSN_WARP_IE_FAILED: apf_80211.c:2234 Could not process the RSN and WARP IEs. station not using WPA or WPA2 on WLAN requiring WPA and/or WPA2.MobileStation: 00:1e:ec:50:0c:67, SSID:C097,AP: 00:16:46:2c:37:50.
  On my other controlers , I have this error log
  *Mar 05 14:54:24.408: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:9f:93
  *Mar 05 14:54:24.407: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:9f:a7
  *Mar 05 14:53:34.556: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:a0:d9
  *Mar 05 14:53:30.545: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:a0:d9
  *Mar 05 14:53:26.534: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:a0:d9
  *Mar 05 14:53:22.523: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:0b:6b:77:a0:d9
  Do you have any idea.

  Thanks for the reply.
  You're asking me :  When you created the new SSID, did you also create and mapped that SSID to a different interface/vlan?  Just trying to picture how you have it setup.
  Yes, I did that already and that part is working ok, With an AP , I could configure my laptop and connect on that new SSID.
  For the other device , None of them have the new SSID and it's security.
  Make sure you either choose WPA or WPA2, tkip or AES.  Set the encryption to WPA-TKIP only and verify the configuration on the end device.  If you get that working and others are complaining, then look at their settings.  When you created the new SSID, did you also create and mapped that SSID to a different interface/vlan?  Just trying to picture how you have it setup.

• Client drops - Tuning EAP timers?

  I have had some clients complaining (laptop users) about being dropped from the WiFi and this appears to correlate with the events in the WLC log for DOT1X-4-MAX_EAPOL_KEY_RETRANS for those clients.
  Drops are more frequent when the network and neighbours networks are under load during the day.
  What would your advice be on tuning this? I based my settings off a guide found here:
  https://supportforums.cisco.com/document/46101/eap-timers-wireless-lan-controllers
  The way I interpret this is that the settings present a bit of a tradeoff between the risk of being dropped and the time it takes to get back in if you are dropped.
  We have a WLC 2500 with 2700 APs running 7.6.130.0.
  Below are the current settings that we have set:
  Edit: Table did not paste correctly
  Local Auth Active Timeout1 (in secs) "300"
  Identity Request Timeout (in secs) "5"
  Identity request Max Retries "12"
  Dynamic WEP Key Index "0"
  Request Timeout (in secs) "30"
  Request Max Retries "2"
  Max-Login Ignore Identity Response "enable"
  APOL-Key Timeout (in milliSeconds) "1000"
  EAPOL-Key Max Retries "2"
  EAP-Broadcast Key Interval(in secs) "3600"
  Local Auth Active Timeout1 (in secs)
  Identity Request Timeout (in secs)
  Identity request Max Retries
  Dynamic WEP Key Index
  Request Timeout (in secs)
  Request Max Retries
  Max-Login Ignore Identity Response
               disable             enable          
  EAPOL-Key Timeout (in milliSeconds)
  EAPOL-Key Max Retries
  EAP-Broadcast Key Interval(in secs)

  I should have mentioned that this is on WPA2 also.
  What I'm told is that the drops may occur 2-3 times per day by some users. Other's don't have this issue or aren't bothered enough by it to notice. There is no definite correlation between equipment or area although proximity to APs does influence this (drops are more likely with increased distance) but we still have users without such drops at the same location as users experiencing them. Drops only seem to occur during busy office hours and not outside of them despite this being a 24/7 access office with a considerable amount of people staying late.
  I could probably attempt a cli client debug capture and see if something else shows up although the problem is not very frequent so it will be a long day.
  Another question would be what is withing the tolerances of how WiFi should perform in this situation. Is it reasonable for this to happen in a WiFi congested spot.
  Entries for an affected client in wlc-syslog set to debug (not the cli debug tool) may look like this during a day for the mac aa:bb:cc:aa:bb:cc:
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:57:34.645: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:57:41.045: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:57:47.045: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:58:25.265: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:58:32.065: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc
  Cisco_ac: 3c:44: *dot1xMsgTask: Mar 13 11:58:38.065: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M1 retransmissions exceeded for client aa:bb:cc:aa:bb:cc

• Clients Disconnecting

  We aeem to have an issue where certain clients (looks only like win7) keep disconnecting from the WIFI. We have APs running in FlexConnect mode and registered to a remote controller. XP clients seem to be ok.
  Anyone come across this, or know where to even start troubleshooting?

  Also in the logs getting the following when clients are disconnected. I don't think it will be security related as it works on other sites which all use the same remote controller / SSIDs. Any ideas?
  %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client
  %DOT1X-3-INVALID_REPLAY_CTR: 1x

• LAP drops client connections

  Hello! we have WLC 5508 (6.0.188.0) and some converted APs   AIR-AP1141N-E-K9. Everything works fine except one moment:
  1 of this converted APs is located beyond the office building, but it is still connected to our local network as if it was located within the office (there is a fiber channel between our cisco core switch and a switch, to which that 1 LAP is connected)
  The trouble is that users can't have the normal wi-fi on that beyond LAP. I see few successful pings to the "associated" client then drops, again a little success, than long drops.
  Logs from the WLC:
  Feb 15 10:04:53 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:17.702: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  Feb 15 10:04:57 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:22.104: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  Feb 15 10:36:14 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:42:38.859: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:354 Invalid replay counter from client xx:xx:xx:xx:xx:xx - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01
  Feb 15 10:37:07 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:32.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  Feb 15 10:37:12 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:37.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  Feb 15 10:37:16 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:40.888: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx
  Feb 15 10:37:21 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:45.661: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  Feb 15 10:37:23 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:47.540: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx
  Feb 15 10:37:26 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:50.461: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
  What could it be? Is it possible that some noises or whatever could cause it? The building with this problematic LAP is a kind of film studio...

  oh, I badly explained what I need again(((
  I don't need only 2.4 Ghz now. I cited just to remind why I was doing this:
  "  I was making an experiment of changing Radio Policy on a WLAN for SSID, to which only Apple users are connecting. I had chosen "802.11a only", then "802.11a/g" only, but finally I left "All" as it was before.   "
  And now I am faced this problem :
  "  But now Apple devices choose only radio 802.11g or 802.11a to connect to, although they could choose 802.11n before my experiments! " Now all that devices have only 54 Mbps as a Current Tx RateSet. They need 144 Mbps, which they had before, while connecting with radio 802.11n
  Any ideas?