Lan connection timeout after ASA reload
hi guys
i have 2 asa 5520 HA .
i have a problem ..
whenever reload this asa my lan users for tcp and udp and icmp connection is time out , and i force restart users pc , and after restart ok ...
but without restart my connection timeout
please help .
Hi,
It seems to suggest somekind of problem between the ASA firewalls as the "comm failure" is listed.
What does the "show failover" command show?
Have you checked both the GigabitEthernet0/2 and GigabitEthernet0/3 links on both units and the network between the ASA units through those interfaces? I think you should go through those interfaces and the network segment between the ASAs and confirm that there is a working Failover/Statefull link between the ASAs.
Did you log into the Standby ASA and check the output of "show conn". If you got connections active through the Active ASA and the Standby ASA does not have anything in its connection table then you have a problem with the Failover setup.
- Jouni
Similar Messages
-
Connection Timeout after updating to 10.6.6
Dear Friends
I've got Macbook Pro mid 2010, when I was on 10.6.5 there was no problem connecting to Wi-Fi but after the magic update, I always got "Connection Timeout". another thing to add, I can connect to any network via windows 7 I installed on my macbook.
Message was edited by: mutant59My two cents is that I have had some type of network problem since install Snow Leopard. I even went back wiped drive and did clean install. Seems their is a problem but not sure if its multiple problems or just one. Safari seems to load pages at a crawl at times. I did several speed tests and found the WIFI connection noticeably slower (about half) compared to my Windows Vista computers running WIFI. Even though my MacBook has N version connection and the Vista ones G.
I have tried different DNS servers and nothing seems to help. The router is the second one I tried. I had a Linksys wrt54 then bought a Belkin F5d8236-4 and both have no effect on the problem. Even a different browser did not help. I have simply determined that Apple needs to fix something in Snow leopard. -
Connection timeout after 7.6.4
I recently updated my time capsule to version 7.6.4. Immediately after that my MacBook would not connect to my network and constantly says connection timeout. I have reset the SMC have rebooted everything at least twice. I have reset the settings in the time capsule and created a new network. I have also downgraded back to 7.6.3. All to no avail. The MacBook is a 2.4 Ghz intel core 2 duo. The time capsule is about 3 years old. I should also mention that my ipad and iPhones will connect to the time capsule.
I have also purchased a new time capsule and the MacBook connects to it flawlessly. I am at a loss as to what to do. Any help would be appreciated.
ThanksDo the setup in full isolation from the network.. using ethernet.
Start with downgrading to 7.6.1 which really is better than either of the later firmware as far as wireless was concerned.
Factory reset the TC. This is important to completely remove the old setup.
Setup wireless but I am not sure how you are mixing wireless here.. if you have a new TC.. are you roaming or extending the network.. or using two entirely different wireless setups??
I would ensure that your wireless is simply working on a channel different to the new TC.. and the only way to do that is for you to set it manually.. Auto can mess this up by selecting adjacent channels. It does not work perfectly.
Use wireless names that are short, no spaces and pure alphanumeric. Different to your previous setup if you were already following this rule.
Set up a different name for 5ghz so you can control both 100%
Set wireless channels .. for 2.4ghz try 11, 6, 1 in turn.
For 5ghz set to say 40 and again 150.. a few channels either side of that.. but recognise the new AC will use a lot of channels .. you need to be very far away from the channels it is using .. 80mhz is used by AC.
The Apple website is much worse after Maintenance than before.. it now says it has failed to post and try again.. voila.. two posts.. sorry.. this is entirely Apple's idea of a fix. -
Connection timeout after upgrade to 10.6
Hi!
I am unable to connect to any wireless network via airport after i upgraded to 10.6. (both open and WEP ones).
When trying to connect i immediately get "connection timeout". By trying again i see airport trying to connect, after 5 secs i get "connection timeout again".
I have tried the following:
- delete all preferred networks from the list
- delete all airport passwords from keychains
- turn off/on airport
- restart computer
Nothing worked so far for me. However when i went to a friends place today i experienced the same problem. I deleted the keychain entry, did a restart and all of a sudden i was connected.
Having tried all of the above in different combinations i still have no clue.
thanks for your help,
dawandeh
ps: currently i use an external usb wlanadapter which connects without any problems to all the networks i tested.My two cents is that I have had some type of network problem since install Snow Leopard. I even went back wiped drive and did clean install. Seems their is a problem but not sure if its multiple problems or just one. Safari seems to load pages at a crawl at times. I did several speed tests and found the WIFI connection noticeably slower (about half) compared to my Windows Vista computers running WIFI. Even though my MacBook has N version connection and the Vista ones G.
I have tried different DNS servers and nothing seems to help. The router is the second one I tried. I had a Linksys wrt54 then bought a Belkin F5d8236-4 and both have no effect on the problem. Even a different browser did not help. I have simply determined that Apple needs to fix something in Snow leopard. -
Tcp Connection timeout on ASA for vpn traffic
Hello All
I need an answer please.
I wanted to give tcp conenction timeout as unlimited for some IPs coming through VPN.
So, I created an access-list defining the traffic for which I want this tcp timeout.
Then a class map, policy map, entered set timeout to '0'
Applied it under default service-policy, which is applied as global (by default).
My doubt is should I apply the service policy on the interface or the global will work.
Just a silly doubt
Thanks in advance.Hi,
I think it should work just fine if you attach it to the default "policy-map" configuration that you have attached globally on the ASA.
You might want to configure the timeout value as something long rather than setting it as unlimited.
- Jouni -
Re: Can't Connect: Connection Timeout?
What could be the possible reason for getting "connection timeout" after failing to connect to the internet? After going to Network Prefs, clicking on my network, being prompted for my WPA security password and getting the message "connection failed, " this is replaced with connection timeout?
Reset my modem and AEBS (unplugged and plugged back in), and was able to connect.
Any relation to whether or not, under the Airport tab of Network Prefs, "Disconnect from wireless networks when logging out" is checked or not? I don't have it checked, and don't remember having it checked, but someone on the Airport Discussion boards said it should be checked?
What other possible reasons fro getting a connection timeout? MY ISP says there is nothing from their side that would timeout my connection.After reading this entire thread, I conclude that I am having the same problems. Here's what I'm seeing:
* The problem only happens when using WPA; switching my WAP to WEP or no security makes all my Mac's consistently connect just fine.
* When the problem occurs, I am prompted for the WPA password; when I type in the password and click "connect", it alternates between "Connection timeout" and "Invalid password" (I'm positive that the password is correct; it's short, simple, and I'm using the "show password" checkbox to verify that it's correct).
* My Intel 10.5.2 MBP usually connects ok (airport card -- 802.11b/g).
* My PPC 10.5.2 iMac usually connects ok (airport card -- 802.11b/g, sometimes it asks for the WPA password once even though it's stored in my keychain).
* My Intel 10.5.2 24" iMac rarely connects ok (airport extreme card -- 802.11b/g/n, with the symptoms above).
* Windows laptops connect just fine.
* There seem to be several different WAPs discussed on this thread; I'm wondering if there is some kind of WPA protocol issue in 10.5.2 because I can consistently WPA connect just fine to a Linksys WRT54GL, but I see the symptoms described above with Cisco Aironet 1131AG's.
To reiterate: the problem most consistently occurs on an Intel iMac with an airport extreme card with OS X 10.5.2 when connecting to my Cisco Aironet 1131AG when WPA is enabled. It definitely does not occur when WEP or no wireless security is enabled. It rarely happens with a PPC iMac and an Intel MBP, both with OS X 10.5.2 and airport cards (regardless of network security settings and WAP used). -
Timeouts and connection problems after 5.1(2) upgrade
AIM/chat and some other programs are having timeout/connection problems after upgrade to 5.1(2). I am using S241 also. The connection problems stopped when the IPS was set to bypass. Rebuilt IPS and left sigs at default settings and problem is still happening. I am not seeing any of the IPs that are having the problem in the Event Viewer or on the Events in the IDM.
Any known issues with the 5.1(2) that would cause this type of problem?I don't know specifically, but I did notice that 5.1(3) was released today.
-
I'm trying to connect to my home wifi with my imac gh5. After I enter the password it says connection timeout or password incorrect. I know there's no issue with the connection but I don't know what else to do. Does anyone know how to fix this problem?
What is the make & model of your home Wi-Fi router that you are attempting to connect your G5 iMac to? Which exact model of iMac do you have?
What wireless security type is your router using: WEP, WPA, or WPA2? If you temporarily disable wireless security, can the iMac connect to it now? -
ASA TCP Idle Connection Timeout Suspense
Hello I upgraded our Cisco ASA 5520 with a Cisco ASA 5585. Though both ASA were configured with default TCP Idle Connection Timeout values people are now starting to complaint that idle SSH connections are being terminated. This is proper behavior but they were claiming it didn't occur with the old firewall. Our users are setting keepalives for 1800 seconds to get around this before I can bump the setting to infinite (setting 0). Is there a bug with the feature in older ASA OS?
Hi,
Before looking for a bug I would check the ASA logs (hopefully you are storing them to a separate Syslog server) and see why the connections are torn down (Teardown reason) and how long have they been on the ASAs connection table before they were torn down.
You also have the option to perform traffic capture on the ASA for the traffic in question and confirm why or which party terminates the connection.
I guess you can use the MPF on the ASA to configure separate idle timeouts for just these SSH Connections if you do not want to touch the global timeout values.
I have not run into any problems with the timeout settings on the older softwares. In the newer softwares (8.3+) I have run into these problems. In those situation the ASA has not removed the connection that have reached the timeout value. I have seen connection that have been idle for over 1000h.
- Jouni -
No network LAN-connection after iOS 5.1.1update
Today i tried to solve a big issue after updating my AppleTV's to 5.1.1 (actual version: AppleTV3,1_5.1_10A406e_Restore.ipsw). After updating my Apple TV´s, they could not connect to the Apple activation server. No Home Sharing was adjustable and also logging in iTunesStore was not possible. The update I have done via LAN cable, and I changed nothing in my network configuration. The network (networkadress via DHCP) is indeed set up by default in the AppleTV automatically. Nevertheless, nothing went. Then I removed the network cable and made a reset of the AppleTV and tried to connect via Wi-Fi. With Wi-Fi, he finds the activation server and everything works as it should. Home Sharing, iTunes, streaming. However, once the network cable is plugged in and the Apple TV is restarted, it is again not possible to get access the iTunesStore. Home Sharing is not possible. The networkcable are fine. Both MacBook, as well as my TVs have internet connection over the same network cable. If I unplug the network cable from the AppleTV again, anything goes. Only via WLAN, but it's just too slow to stream data from my Mac. I have this "strange behavior" on 3 AppleTV 3.Gen., which are in the apartment. The previous iOS-Version on the same network cables, worked great. Can anyone reproduce the problem? Or have I now 3 bricked devices? I tried to downgrade over itunes. But this is not possible anymore. I installed 3 times the update. But nothing goes. Please can anybody help me.
I found another link titled "Apple TV Death after update" and found several links that have proven to work to restore to the previous version. Here is my post:
"I had originally replied to a post titled "No network LAN-connection after iOS 5.1.1 update". That has been my issue after updating to 5.1. Wirless worked for me but iTunes match and Podcasts were slow to respond. I finally downgraded to the previous version (5.0.2). So far, my ATV3 has been operating exactly as it did out of the box. No more activation failed message, and all components of ATV are functioning flawlessly on my whole home LAN network.
I also wonder what Apple was thinking for releasing this update without adaquate testing. I can forgive them for Maps, but not this. ATV has been around long enough for all of the kinks to be worked out and any updates to just plain work. I did like the new menu displays in apps and how you could rearrange the program icons on the home screen.
Perhaps they will get it right. Some day. But until they show proof that any future updates are correct and provide detailed instructions on how to revert back to a previous version, I will be very leary of updating. Spending a week reading message boards on how to do a simple resotre is not my idea of how to spend my weekends.
As a side note, I am a PC, so to restore from an .ispw file located on your system, you must press the Alt & Shift keys togather, then click the Restore button, and a window will pop-up so you can select the location for the restore file."
Directions to restore:
"Yes you can. I am a PC. Download the .ipsw file and save to your desktop. Unplug the LAN, HDMI and power cable. Connect the usb cable from your laptop to the ATV. If iTunes does not automatically launch, start it. After iTunes is running, plug in the power cable to the ATV. iTunes will recognize the ATV and will open the restore window in iTunes.
Press the Alt and Shift keys togather, then click on the Restore button. A file window will open so you can navigate to the desktop (or where ever you saved the file). Select the AppleTV3,1_5.-.2_9B830_Restore.ipsw file. iTunes will start the restore process.
When you see the message that it has completed the restore, unplug the usb cable and power cable. Reconnect the LAN and HDMI cable then plug in the Power cable in that sequence.
Follow the setup procedure again and all should be as it was before." -
Causing some network problem after connecting the new ASA to my network
Hi everyone,
Hope you can help on this issue.... It is strange to me...but may not be to you
Currently, I have a subnet connects to my primary network. All the internet travel thru a router there in turn thru a pair of ASA failover firewall (ie Subet -> router -> Subnet ASA -> Pirmary network ASA -> Primary network router -> Internet).
Now we try to setup a internet pipe so the subnet can go to internet by its own. So...for security purpose, we put another new ASA in between.the subnet and the new internet. This will be the first, and the old path to Interent would be the back up route.
NOW
I have not even make any route cahgnes on the router yet. What I did was to connect the new ASA to the subnet. Again, I do not change any routes, or any gateway settings on all the computers yet in the subnet!! I just connect the asa. That is it...please remember this.
However, problem happens. I have a application server in the same subnet.... that keeps kick out users. I also have continuous ping to it... I saw that the server has requesdted time out...it did not come back up until about 10 to 20 seconds later. The server, in fact, is a cluster server. Although I can ping the physical server, I cannot ping the virutal server.
In order to fix the problem, I really need to unplug the new ASA from the network, and reload the cluster server. Then it starts to work.
ANother symptom is that...people complaint the log on is obviously slower than usual.
May I ask why the new ASA will cuase this trouble?? Again, no routes on the router have been change. And all PCs in the subnet are still using old gateway, and did not nkow about the new ASA.
Any ideas would be great!! Very strange to me. Thank you very much for your help.
RiderfaizFirst guest would be proxy ARP.
Proxy ARP is enabled by default on the ASA. The new ASA might be proxy ARPing for whatever reason.
OR the new ASA might have been configured with an ip address that belongs to another device by mistake. -
Cannot re-boot after enabling K8T Neo LAN Connection
I've tried to enable the K8T Neo LAN controller in BIOS so that I can connect a Wireless Router to my PC. However, when I do this, the PC will not boot and I have to disable the LAN controller.
On booting-up the BIOS seems to be looking for an ethernet controller and a message states that either the device is not plugged in or the cable is faulty ! Why should enabling the onboard LAN controller affect the device the BIOS boots from ?
Can I plug a Wireless Router directly into the RJ45 LAN connection on the K8T Neo and if so, how ?
Thankyou for any helpful adviceCheck to make sure you are not set to boot from network. Unfortunately I can't remember the exact name or where it is located, but it may help.
Quote from: Geps on 07-July-05, 22:52:17
as you say: a WIRELESS router is WIRELESS, how could you plugin a cable from a wireles router. or does it also have rj45 conectors?
if you want to use the wirreles function, you will need to buy a wirrles lan adapter (usb) for your pc
I have never seen a wireless router without rj45 connectors. (WAP yes, router no).
Good Luck
Jeremy -
Connectivity Issues Cisco ASA 5515 in Transparent Mode
Hi,
we´re having problems with one transparent mode setup at one customer site. The ASA is equiped with a CX Module, but we´re not using it, so far in the service policy rules it was enabled and matched all traffic, but in "monitor only" mode. There is a global acl that allows any-any-IP.
Firewall-Info:
- ASA Version 9.1(2)
- Interfaces gi0/0 + gi0/2 without any interface errors
The ASA 5515x is configured as a "bump in the wire". In general our setup is working but with beginning of the installation of the firewall the customer faces following connection issues, without the firewall no problems:
- Connections to SAP-Servers behind the MPLS begin to drop, affected all users
- Incoming monitoring sessions (ping/snmp) from central management are facing ping timeouts, connection timeouts
- http downloads are stopping, Customer: it will stop responding and the download will fail.
In general the customer describes it this way: "We do not have the best connection here so once we connected the firewall all the problems are magnified"
I recognized, that we unconfigured the default inspection during initial setup and reconfigured this entry for the cx module. So the the default inspection with all the settings are not present any more... How important are these settings? One phenomen is, that I´ve seen a large numbers of concurrent connections that increased over time. And we already had that situation, that the firewall reached the max-conn count.
Should I try to reconfigure the default inspection, as it ships from factory? And whats the best way to check for problems? What can be the reason for the dropping connections?
I attached a network plan and the firewall config, hopefully, that somebody has an idea. Of course I can provide additional information...
Best Regards
SebastianHi Vibhor,
thanks for your reply. Does this also affect the traffic, even the setting is set to "Monitor Only" ?
Is it recommend to configure the default-inspection rule as a default setting?
Further Question: I´ve read sth. about, that service policy rules must be "reloaded" to take effect, after they have been changed. Is that right and how do I reload them?
Here is an output from sh asp drop, do I have to care about certain values? This values result from two connected users doing some downloads over a 2Mbit connection.
ciscoasa# show asp drop
Frame drop:
Invalid encapsulation (invalid-encap) 10
First TCP packet not SYN (tcp-not-syn) 114
TCP failed 3 way handshake (tcp-3whs-failed) 3
TCP RST/FIN out of order (tcp-rstfin-ooo) 18
Dst MAC L2 Lookup Failed (dst-l2_lookup-fail) 33
L2 Src/Dst same LAN port (l2_same-lan-port) 260
FP L2 rule drop (l2_acl) 2958
Interface is down (interface-down) 9420
No management IP address configured for TFW (tfw-no-mgmt-ip-config) 117
Dropped pending packets in a closed socket (np-socket-closed) 66
Thanks
Sebastian -
Lan connectivity Issue on autonomous AP with throttles
Hello,
I encounter a strange problem on several AP 1242 in version 12.4(25d)JA1 of a customer :
He has 10 autonomous AP covering a factory and is using them for laptop connectivity and TOIP with mainly 7921 Cisco Wifi Phones.
The phones are configured to use only 802.11a.
The APs loose LAN connectivity randomly and therefore the clients don't work anymore.
The AP are connected on a 2960 and a 3560 wich are in turn connected on a 3750 wich route the trafic.
After checking spanning-tree no loops are present.
When I check the counters on the AP involved I see the "trhottles" and "ignored" counters incrementing on the fa0 link of the AP impacted wich mean I think it can't handle the incoming traffic. This incoming traffic seems not to be too big however. I can see drops on the switch interface connecting the AP.
There is a lot of roaming on the AP due to people walking in the factory with their wifi phones.
Here is a view of the fa0 counters :
AP1242-LOGIST#sh int fa0
FastEthernet0 is up, line protocol is up
Hardware is PowerPCElvis Ethernet, address is 001d.a1ce.26e2 (bia 001d.a1ce.26e2)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, MII
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/160/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 81000 bits/sec, 53 packets/sec
5 minute output rate 29000 bits/sec, 26 packets/sec
7447113 packets input, 674891974 bytes
Received 286839 broadcasts, 0 runts, 0 giants, 549631 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 549631 ignored
0 watchdog
0 input packets with dribble condition detected
4422100 packets output, 609868806 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
1 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Here is a small part of logs concerning roaming, i don't see errors or log indicating that something is wrong nor in the switches log :
Jun 6 12:57:27.007: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001E4A3EE15D 001e.4a3e.e15d Associated KEY_MGMT[WPAv2 PSK]
Jun 6 12:57:42.499: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 12:58:02.620: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 12:58:03.653: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 12:59:15.564: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50
Jun 6 12:59:15.564: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 12:59:41.905: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 442b.0355.ab28 Reason: Previous authentication no longer valid
Jun 6 12:59:54.728: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP442B0355AB28 442b.0355.ab28 Associated KEY_MGMT[WPAv2 PSK]
Jun 6 13:01:12.541: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 13:02:35.841: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001e.4a3e.d875 Reason: Previous authentication no longer valid
Jun 6 13:02:36.489: %DOT11-6-ASSOC: Interface Dot11Radio0, Station ec85.2f7c.c837 Associated KEY_MGMT[WPAv2 PSK]
Jun 6 13:03:29.256: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50
Jun 6 13:03:29.256: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 13:04:32.754: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001E4A3ED875 001e.4a3e.d875 Associated KEY_MGMT[WPAv2 PSK]
Jun 6 13:06:47.858: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001e.4a3e.e15d Reason: Previous authentication no longer valid
Jun 6 13:07:18.107: %DOT11-6-ROAMED: Station 001f.6c7a.5101 Roamed to 001d.a2bb.15b0
Jun 6 13:07:18.107: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001f.6c7a.5101 Reason: Sending station has left the BSS
Jun 6 13:07:38.109: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 13:07:42.031: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50
Jun 6 13:07:42.031: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 13:07:46.489: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001F6C7A5101 001f.6c7a.5101 Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 13:08:27.712: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]
Jun 6 13:08:44.502: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 13:08:44.572: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Associated KEY_MGMT[WPAv2 PSK]
Jun 6 13:08:56.778: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50
Jun 6 13:08:56.779: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS
Jun 6 13:09:17.874: %DOT11-6-ROAMED: Station 001f.6c7a.5101 Roamed to 003a.9a92.8d70
Jun 6 13:09:17.874: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001f.6c7a.5101 Reason: Sending station has left the BSS
The AP are configured as follow :
Current configuration : 5184 bytes
! No configuration change since last restart
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1242-LOGIST
logging rate-limit console 9
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone gmt+1 1
clock summer-time gmt recurring last Sun Mar 2:00 last Sun Oct 3:00
dot11 syslog
dot11 vlan-name Data vlan 11
dot11 vlan-name Voix vlan 14
dot11 vlan-name Webguest vlan 5
dot11 ssid WLAN_data
vlan 11
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 10600C0E261B173C252203797479633F371A29
dot11 ssid WLAN_voice
vlan 14
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 080F49592A1500203B2D25567A7A7622263C0C
dot11 ssid Webguest
vlan 5
authentication open
mbssid guest-mode
dot11 wpa handshake timeout 1000
dot11 arp-cache
dot11 priority-map avvid
dot11 phone
power inline negotiation prestandard source
class-map match-all _class_voice0
match ip dscp ef
class-map match-all _class_voice1
match ip dscp cs3
policy-map voice
class _class_voice0
set cos 6
class _class_voice1
set cos 3
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 11 mode ciphers aes-ccm
encryption vlan 14 mode ciphers aes-ccm
ssid WLAN_data
ssid WLAN_voice
ssid Webguest
mbssid
power client 17
channel 2472
station-role root
dot11 qos class voice local
admission-control
admit-traffic narrowband max-channel 75 roam-channel 6
dot11 qos class voice cell
admission-control
no cdp enable
infrastructure-client
interface Dot11Radio0.5
encapsulation dot1Q 5
no ip route-cache
no cdp enable
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
no cdp enable
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
interface Dot11Radio0.14
encapsulation dot1Q 14
no ip route-cache
no cdp enable
bridge-group 14
bridge-group 14 subscriber-loop-control
bridge-group 14 block-unknown-source
no bridge-group 14 source-learning
no bridge-group 14 unicast-flooding
bridge-group 14 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 11 mode ciphers aes-ccm
encryption vlan 14 mode ciphers aes-ccm
ssid WLAN_data
ssid WLAN_voice
ssid Webguest
no dfs band block
mbssid
channel dfs
station-role root
interface Dot11Radio1.5
encapsulation dot1Q 5
no ip route-cache
no cdp enable
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
interface Dot11Radio1.11
encapsulation dot1Q 11
no ip route-cache
no cdp enable
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
interface Dot11Radio1.14
encapsulation dot1Q 14
no ip route-cache
no cdp enable
bridge-group 14
bridge-group 14 subscriber-loop-control
bridge-group 14 block-unknown-source
no bridge-group 14 source-learning
no bridge-group 14 unicast-flooding
bridge-group 14 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
no cdp enable
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.5
encapsulation dot1Q 5
no ip route-cache
no cdp enable
bridge-group 5
no bridge-group 5 source-learning
bridge-group 5 spanning-disabled
interface FastEthernet0.11
encapsulation dot1Q 11
no ip route-cache
no cdp enable
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
interface FastEthernet0.14
encapsulation dot1Q 14
no ip route-cache
no cdp enable
bridge-group 14
no bridge-group 14 source-learning
bridge-group 14 spanning-disabled
service-policy input voice
service-policy output voice
interface BVI1
ip address 10.17.10.5 255.255.255.0
no ip route-cache
ip default-gateway 10.17.10.254
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging trap warnings
logging 10.15.51.115
no cdp run
bridge 1 route ip
line con 0
line vty 0 4
sntp server 10.15.1.50
sntp broadcast client
end
Does someone ever experienced a similar problem ?
When I shut radio interfaces they're is no more problems on the LAN. Can this be an overlapping coverage issue ?
Can someone please give me advices on how to troubleshoot this issue ?
Thank you in advance as I'm a bit stuck.
Best Regards,Hi Scott,
Thanks for your reply.
Do you think this can be the origin of the issue my customer encounters or is it only to be standard ? As this change will have to be made on all clients, if there is a chance it solves the problem I will do it ASAP, if not I will delay it in a less busy period :-)
Can the constant roaming associations and dissasociations overload the AP and make it stop responding on the LAN or is it only a throuhput problem ?
Thanks in advance for your answer.
Best Regards, -
Untrusted VPN Server Blocked after a reload
Hi
I have an ASA5510 in failover, after a reload, a message "Untrusted VPN Server Blocked" appears after the first attempt to connect to the VPN, if we uncheck the "Block connections to untrusted servers" in preference settings the profile is updated and the connection is successful.
If I disconnect the VPN and try again it appears another profile.
I try this step for another link, but the result is the same for me
Try the following steps,
1. Click on Anyconnect Client profile
2. Edit Anyconnect_Group profile
3. Edit Server list
4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )
5. Host display: Remote.exmaple.com and FQDN: Remote.example.com
** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert
(( *.example.com )) and it should match any URL you give
Does anyone knows what could be the cause of this problem?
RegardsRicardo,
it sounds like you don't have a certificate installed on the ASA, so the ASA uses a non-persistent self-signed certificate.
This doc explains how to create a persistent self-signed certificate:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
Better still would be to purchase a 'real' certificate from a 3rd party CA, the doc below has more details on how to do this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml
hth
Herbert
Maybe you are looking for
-
All-day events become 3-day events
When I sync my iPhone All-day events from iCal are shown as 3-day events in iPhone. Any ideas anybody?
-
Can't print from tablet...sometimes
Hello, The other day I got the printer to talk to my tablet. Today, however, it's spotty. Sometimes it does, sometimes it doesn't. most of the time it doesn't even give me an error...it just doesn't print. Occasionally I am told the HP plugin is
-
Closed Lid Mode in Boot Camp...
Hey guys. Before I go and splurge on a 24" external display...will it be possible to use something like closed lid mode under boot camp? Will also want to be able to use a bluetooth mouse and keyboard cheers
-
I'm designing a ring of fire for a client and have used -Image -Adjustments -Hue and Saturation to color my layers, which were originally just a dotted white ring. I then duplicated the layer and added an overlay lighting effect several times to get
-
Mountain Lion Toolbar not displaying properly
Hi all, I'm running Mountain Lion 10.8.2 on an iMac with Preview 6.0.1 (765.4). In Preview, I cannot see the icons on the toolbar buttons. The toolbar buttons are there and functional, but their identifier icons are blank so I cannot tell which butto