Problem Concurent client WLC 5508
Hi All support,
i have running cisco wlc 5508 with software upgrade 7-4-100-0.aes and 24 cisco 1552 AP with mode mesh, concurent client only show 185 clients but if we using dual load wlc ( Whitout mobility group, if using mobility group clients still stuck concurent) clients can get online 150 on wlc01 and 130 on wlc02 ,total client we have is 300 client.for more information we using feature passive client on this network. any body can help ??
regards,
Sigit H.W
this is debug iapp :
*iappSocketTask: Mar 18 11:13:09.419: [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.419: [0496] 00 00 00 00 00 27 22 16 13 f9 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0512] 00 00 00 02 00 00 00 00 00 00 01 46 b8 17 01 00
*iappSocketTask: Mar 18 11:13:09.420: [0528] 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0544] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0576] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0592] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0608] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0624] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0656] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0672] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0688] 00 00 27 22 40 a8 81 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0704] 01 00 00 00 00 00 00 00 a8 b9 19 01 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0720] 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0736] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0752] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:09.420: [0768] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.785: IAPP Rx Frame (1633)
*iappSocketTask: Mar 18 11:13:10.785: [0000] d0 c2 82 e3 ae c4 2c 36 f8 73 e6 80 81 00 00 0b
*iappSocketTask: Mar 18 11:13:10.785: [0016] 08 00 45 00 05 cc d3 da 40 00 ff 11 28 8a 0a 9d
*iappSocketTask: Mar 18 11:13:10.785: [0032] 32 6d 0a 9d 32 15 3e 69 14 7f 05 b8 00 00 00 20
*iappSocketTask: Mar 18 11:13:10.785: [0048] 03 20 bb 9f 00 00 01 04 00 00 00 00 00 00 01 08
*iappSocketTask: Mar 18 11:13:10.785: [0064] 00 00 2c 36 f8 73 e6 80 2c 36 f8 73 e6 80 2c 36
*iappSocketTask: Mar 18 11:13:10.785: [0080] f8 73 e6 80 00 00 aa aa 03 00 40 96 00 00 06 03
*iappSocketTask: Mar 18 11:13:10.785: [0096] 32 8b 2c 36 f8 73 e6 80 2c 36 f8 73 e6 80 00 00
*iappSocketTask: Mar 18 11:13:10.785: [0112] 39 00 05 ed e1 cf 0a 30 08 00 00 27 22 40 a4 df
*iappSocketTask: Mar 18 11:13:10.785: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0144] 00 00 a0 05 00 00 00 00 00 0c 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0208] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0224] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0256] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0272] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0288] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0304] 00 00 00 00 00 00 00 00 27 22 84 89 30 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a3
*iappSocketTask: Mar 18 11:13:10.786: [0336] 06 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0352] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0368] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0384] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0416] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0432] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0448] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0464] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0496] 00 00 00 00 00 27 22 40 a8 57 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0512] 00 00 00 00 00 00 00 00 00 00 00 00 aa 0d 01 00
*iappSocketTask: Mar 18 11:13:10.786: [0528] 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0544] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0576] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0592] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0608] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0624] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0656] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0672] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0688] 00 00 27 22 2c a9 c6 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0704] 00 00 00 00 00 00 00 00 00 a2 06 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0720] 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0736] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0752] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:10.786: [0768] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: IAPP Rx Frame (1633)
*iappSocketTask: Mar 18 11:13:12.554: [0000] d0 c2 82 e3 ae c4 2c 36 f8 73 04 20 81 00 00 0b
*iappSocketTask: Mar 18 11:13:12.554: [0016] 08 00 45 00 05 cc 00 50 40 00 ff 11 fc 17 0a 9d
*iappSocketTask: Mar 18 11:13:12.554: [0032] 32 6a 0a 9d 32 15 30 44 14 7f 05 b8 00 00 00 20
*iappSocketTask: Mar 18 11:13:12.554: [0048] 03 20 bb fa 00 00 01 04 00 00 00 00 00 00 01 08
*iappSocketTask: Mar 18 11:13:12.554: [0064] 00 00 2c 36 f8 73 04 20 2c 36 f8 73 04 20 2c 36
*iappSocketTask: Mar 18 11:13:12.554: [0080] f8 73 04 20 00 00 aa aa 03 00 40 96 00 00 06 03
*iappSocketTask: Mar 18 11:13:12.554: [0096] 32 8b 2c 36 f8 73 04 20 2c 36 f8 73 04 20 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0112] 39 00 05 ed 00 00 0a 30 08 00 00 27 22 40 a8 f0
*iappSocketTask: Mar 18 11:13:12.554: [0128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0144] 00 00 b0 14 01 00 00 00 00 12 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0208] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0224] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0256] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0272] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0288] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0304] 00 00 00 00 00 00 00 00 27 22 16 a3 f7 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad
*iappSocketTask: Mar 18 11:13:12.554: [0336] 10 01 00 00 00 00 24 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0352] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0368] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0384] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0416] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0432] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0448] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0464] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0496] 00 00 00 00 00 27 22 40 a9 37 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0512] 00 00 00 00 00 00 00 00 00 00 00 00 b1 13 01 00
*iappSocketTask: Mar 18 11:13:12.554: [0528] 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0544] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0576] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0592] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0608] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0624] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0656] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0672] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0688] 00 00 27 22 40 a9 fd 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0704] 00 00 00 00 00 00 00 00 00 b2 16 01 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0720] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0736] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0752] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*iappSocketTask: Mar 18 11:13:12.554: [0768] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(Cisco Controller) >debug iapp all disable
Similar Messages
-
WLC-5508 - Software Update issue
Hi,
I'm having a little problem with a WLC-5508, It has the 6.0.199.4 image version and when I try to update it with any of the new versions the controller prompt this error: "% Error: Code file transfer failed - Error while writing output file". I think the controller has no enough memory to copy the file.
I ran the show memory statistics and the free system memory tells It has enogh space. So I don't know what to do, I read all the configuration manual but I can not find any slution. The probles is that I need to asosiate 8 new AP-2602 and with this old software version they are not compatible.
If anyone knows a posible solution, it would help me a lot.
Thanks!!You can not directly upgrade the ios, kindly consult the following cisco link
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
"It is not possible to directly upgrade to the 7.4.100.0 release from a release that is older than 7.0.98.0"
you have to complete the work in two step i.e 6.x to 7.0.x and then to 7.4 -
Wlc 5508 inaccessible after upgrade to version 8
dear all,
I have a problem after upgrading wlc 5508,
at first after upgrade everything works fine, but while waiting for APs to rejoin, wlc suddenly inaccessible either via SSH, telnet or console
I have restart the wlc with no luck
LED indicator for SYS and ALR are off
any suggestion will be highly appreciated
thanks
regardsIf the appliance failed in the first month after delivery, you might be able to squeeze off an RMA.
If the appliance failed in the first year after delivery, I don't care what is written in the "warranty", you can't do anything until you have a valid Service Contract. -
Hello!
I am having problem in configuring wlc 5508, in a security option i applied mac-filtering and it works fine.
Now I need to configure ip-mac address binding, i tried both with gui and cli method but it is not working. While configuring mac-filtering on gui there is a option to define ip address, after defining xx.xx.xx.xx ip address for device xx it is not peaking particular ip from the pool.
mac-filtering is still working with out issue.
Also tried with cli.....
Looking through the configuration guide i tried every possible ways but couldn't get any resolution.
mac-binding, mac-filtering is enable,
What will be the possible causes of this?
does it support mac-ip binding in its local database?
I would be thankful in your any suggestions and advises!
NikhilThanks for reply David,
Currently user are authenticate from mac address and we want IP-MAC base authentication in cisco 5508 controller.
we are facing some problem that in stead of ip-mac pair only mac address is authenticate.
can u guide me that how can i authenticate IP-MAC pair in cisco 5508 controller?
or Is this possible on Cisco 5508 controller as it is showing ip address field in GUI option?
i am waiting your reply. -
WLC 5508 - wlan stability problems
Hi.
I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).
They have been working but sometimes clients detect conectivity problems with the wlan.
Here is the message log I can obtain from the controller:
Nov 09 12:16:31.886: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32Previous message occurred 7 times.Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!*apfReceiveTask: Nov 09 11:51:30.788: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *spamApTask2: Nov 09 11:51:20.144: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.23.1.118*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67*apfReceiveTask: Nov 09 11:50:40.672: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:38.625: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:35.531: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:31.068: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:29.257: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:28.707: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg *apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
Can somebody help me to understand these messages?
1)
*apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
2)
Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
3)
*dot1xMsgTask: Nov 09 11:50:44.878: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client e0:ca:94:93:be:67
Thanks1)
*apfReceiveTask: Nov 09 11:50:24.065: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
//APs are rebooting. don't panic, check the up time of AP. This message seen when AP rebooted/freshly joined and waiting for wlc to assign channel.
2)
Nov 09 11:55:24.682: [ERROR] pemTimers.c 330: invalid interface name (john_doe) in mscb!!!
//It is cosmetic and can be ignored.
3)
*dot1xMsgTask: Nov 09 12:16:10.286: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 00:26:c6:12:e8:32
//Keys M1-M5 used for wireless auth, here client having struggle completing the auth process.
get output of, WLC>debug client -
WLC 5508 Problem with #DOT1X-3-INVALID_REPLAY_CTR
Hi all,
I have WLC 5508 with version 7.4.110.0 and with 13 AccessPoints.So 12 of this AP are AIR-LAP1142N-E-K9 and 1 is AIR-CAP3602I-E-K9.
Logs of my WLC are:
*Dot1x_NW_MsgTask_1: Jan 11 01:15:05.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 90:c1:15:c6:c3:49 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_4: Jan 11 01:09:41.015: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 5c:0a:5b:c1:16:34 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_3: Jan 11 01:03:32.269: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
*Dot1x_NW_MsgTask_3: Jan 11 01:03:32.266: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
*Dot1x_NW_MsgTask_0: Jan 11 01:03:31.648: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 24:77:03:67:01:48 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_5: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:da:c1:cd - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_2: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client cc:78:5f:29:cc:82 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_4: Jan 11 01:03:31.633: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 08:11:96:55:81:c4 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_0: Jan 11 01:03:31.631: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 84:3a:4b:56:36:50 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_1: Jan 11 01:03:31.630: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:e2:d4:91 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_0: Jan 11 00:59:52.593: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client a0:88:b4:60:20:f8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*apfRogueTask_3: Jan 11 00:59:32.168: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 2, Requested containment level 4
*apfRogueTask_3: Jan 11 00:58:38.635: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 1, Requested containment level 4
*Dot1x_NW_MsgTask_0: Jan 11 00:50:06.885: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_0: Jan 11 00:50:06.883: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 02
*dot1xMsgTask: Jan 11 00:49:05.842: #DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:618 Client c8:e0:eb:19:2a:97 may be using an incorrect PSK
*apfRogueTask_3: Jan 11 00:40:42.576: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 3, Requested containment level 4
*Dot1x_NW_MsgTask_3: Jan 11 00:40:17.471: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client c4:43:8f:f1:8c:8b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_4: Jan 11 00:40:03.368: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client f0:d1:a9:8e:1a:dc - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_1: Jan 11 00:39:30.528: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:d8:84:09 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
I already go to this link to check the Description of errors-
http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
Appreciate all feedback. Thank you.Hi Ruben,
a) After successful dot1x authentication, session keys are derived from pairwise master key.
b) When the AP transmits a key to a station by default, it expects a response back within a set timeframe.
c) If the station does not respond, the AP increments the counter and retransmits the key.
d) If the AP receives a response to first message just after the retransmission of the key, a mismatch occurs in the counter.
This in most of the cases will be a client driver problem.
Solution :
1) try to increase the EAPOL-Key Timeout ( config advanced eap ).
2) Upgrade the client driver.
*****Help out other by using the rating system and marking answered questions as "Answered"***** -
WLC 5508 - Clients disconnecting
I am running WLC 5508 7.2.111.3 with some 2602i AP.
Last week one user reported his new macbook pro 2013 was encountering connectivity issues.His older macbook pro 2009 was working perfectly.
The user is sitting in the middle of 2nd floor having equal distance from second's floor access points.
The problem is that his Macbook pro 2013 was persistently trying to associate with 3rd's floor Access Points. Whatever i tried to do (deauthenticate user,rebooting 2nd & 3rd floor APs) the connection was persistent to 3rd floor Access Point. Even when i tried to install an Access Point in the user's office his Macbook Pro 2013 refused (!!!) to leave 3rd's floor Access Points.However his Macbook pro 2009 was always connected to the nearest Access Point (either to 2nd floor Access Points or to the newly installed access point in his office).
This week i had two visitors in 4th floor reporting that their Laptops (Sony Vaio) were doing very slow with the wireless.
When i tried to troubleshoot i found in the controller that their laptops were associating with 4th floor Access Points and after a minute they were disconnected and trying to associate to Ground Floor (!) Access Points. Of course they couldn't establish a connection and then associated again with 4th floor access points and after a while disconnected and trying to associate to Ground Floor Access Points
I tried to debug client with Sony Vaio and saw in the controller the following message
*apfMsConnTask_7: Mar 24 10:42:15.473: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:5481 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:*********, Category:7.
I also see a lot of these messages for other clients.
*apfMsConnTask_3: Mar 19 12:03:54.243: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:5275 Failed to process an association request from c8:6f:1d:24:0e:7d. WLAN:5, SSID:************. mobile in database timed out.
Am i hitting any bug similar or equal to CSCue53980?have you tried with open authentication ( no security ) ? Check if client is able to associate then
-
WLC 5508 WPA Authentication Problems
Hello,
We have a WLC 5508 with 7.4.100.0 Firmware.
We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
The strange thing is that the problem is solved restarting the Access-points.
Anyone had this problem previusly?
Thanks in advance.I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
Cisco Recommended and not recommended Authentication Settings
Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
These images provide examples of incompatible settings for TKIP and AES:
Note: Be aware that security settings permit unsupported features.
These images provide examples of compatible settings: -
Windows Sharing problem from WLC 5508 to wired LAN
Dear All,
I'm having problem with windows sharing (file/printer sharing) from Wireless lan client which is connected to AP3500 and
WLC 5508 then to Nexus 7010. It's already using ip command, for example \\192.168.84.65
WLC os version 7.0.116.0 (using AP groups)
Nexus os version 4.2(6)
The weird thing is i can connect using windows sharing from wired LAN to wireless user however not vice versa.
for better explanation, here are the scenarios
1. Wireless lan to wired LAN using windows sharing - failed
1. Wired LAN to Wireless lan using windows sharing - success.
I've been analyzing by making sure that all the to end, there would be no firewall within source pc(s) and destination pc(s) and also
the ACL inside Nexus.
Been dying here to find solution for this, due to the customer is using it for file and printer sharing service.
Anyone has idea to solve this problem, i'm looking forward for any suggestion coming.
Arrai.Peer to peer within wlc is using default setting which is allowed and as you may know, peer to peer permission only related between wireless client not wired one. CMIIW.
-
We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.
I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:28.553: e0:91:53:60:1f:e4 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [3c:ce:73:c5:1e:b0]
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 Deleting mobile on AP 3c:ce:73:c5:1e:b0(0)
On doing a manual re-connect, got the following logs:
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Association received from mobile on AP b8:62:1f:e9:9f:30
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific IPv6 override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying IPv6 Interface Policy for station e0:91:53:60:1f:e4 - vlan 15, interface id 14, interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1276)
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [b8:62:1f:e5:6a:90]
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Updated location for station old AP b8:62:1f:e5:6a:90-0, new AP b8:62:1f:e9:9f:30-0
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfProcessAssocReq (apf_80211.c:4268) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Probe to AAA Pending
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 20) in 10 seconds
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Initializing policy
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP b8:62:1f:e9:9f:30 vapId 7 apVapId 2
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfPemAddUser2 (apf_policy.c:213) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from AAA Pending to Associated
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Sending Assoc Response to station on BSSID b8:62:1f:e9:9f:30 (status 0) Vap Id 2 Slot 0
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 apfProcessRadiusAssocResp (apf_80211.c:1957) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Associated to Associated
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*Apr 15 17:01:39.953: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4166, Adding TMP rule
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo F
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 Sent an XID frame
*Apr 15 17:01:40.807: e0:91:53:60:1f:e4 Orphan Packet from STA - IP 169.254.201.128
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP DISCOVER (1)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP OFFER (2)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.240: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 316, port 13, encap 0xec03)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP REQUEST (3)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP requested ip: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Reached PLUMBFASTPATH: from line 4972
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo Frames = NO,
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Assigning Address 10.6.2.160 to mobile
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 Added NPU entry of type 1, dtlFlags 0x0
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Sending a gratuitous ARP for 10.6.2.160, VLAN Id 15
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP processing DHCP INFORM (8)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
show client e0:91:53:60:1f:e4 (after re-connect)
(Cisco Controller) >show client detail e0:91:53:60:1f:e4
Client MAC Address............................... e0:91:53:60:1f:e4
Client Username ................................. N/A
AP MAC Address................................... b8:62:1f:e9:9f:30
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
BSSID............................................ b8:62:1f:e9:9f:31
Connected For ................................... 105 secs
Channel.......................................... 11
IP Address....................................... 10.6.2.160
Association Id................................... 8
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 65535
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Diff Serv Code Point (DSCP)...................... disabled
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
U-APSD Support................................... Disabled
Power Save....................................... OFF
Current Rate..................................... m7
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ students
VLAN............................................. 15
Quarantine VLAN.................................. 0
Access VLAN...................................... 15
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 1
Fast BSS Transition........................ Not implemented
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 36509
Number of Bytes Sent....................... 32902
Number of Packets Received................. 300
Number of Packets Sent..................... 66
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Key Msg Timeouts............. 0
Number of Data Retries..................... 95
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 1
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -66 dBm
Signal to Noise Ratio...................... 29 dB
Nearby AP Statistics:
APSOEBFF_COR3(slot 0) .....................
antenna0: 50 seconds ago -91 dBm................. antenna1: 50 seconds ago -76 dBm
APSOEAFF_FAC(slot 0) ......................
antenna0: 108 seconds ago -89 dBm................ antenna1: 108 seconds ago -87 dBm
APSOEBGF_FAC(slot 0) ......................
antenna0: 50 seconds ago -82 dBm................. antenna1: 50 seconds ago -71 dBm
APSOEBGF_STAFF(slot 0) ....................
antenna0: 49 seconds ago -74 dBm................. antenna1: 49 seconds ago -58 dBm
WLAN config
WLAN Identifier.................................. 9
Profile Name..................................... STAFF
Network Name (SSID).............................. STAFF
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 32
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ staff
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
HELPPPP!We have 75 evenly distributed AP's servicing the 500 odd users. Found the below traps on WLC. I was making some changes in the WLAN settings at the time:
Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:8c:a9:82:5d:d2:dc Base Radio MAC :3c:ce:73:c6:fe:00 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
106 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:58:94:6b:f2:24:c8 Base Radio MAC :c8:f9:f9:4c:01:30 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
107 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:72:dc:0b Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
108 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:00:26:c7:7d:12:76 Base Radio MAC :3c:ce:73:c4:79:80 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
109 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:75:1f:93 Base Radio MAC :c8:f9:f9:2b:85:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
110 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:ac:72:89:58:8e:b9 Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
111 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:bc:77:37:26:cd:e3 Base Radio MAC :3c:ce:73:c5:1f:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
112 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:ac:72:89:25:ea:e0 Base Radio MAC :3c:ce:73:c6:77:70 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
113 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:00:24:2c:6a:85:3d Base Radio MAC :3c:ce:73:c6:6a:50 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
114 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:68:5d:43:61:16:51 Base Radio MAC :3c:ce:73:f6:0c:20 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
115 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:7c:d1:c3:8a:64:f6 Base Radio MAC :3c:ce:73:c4:74:20 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2 -
WLC 5508 HA Problem Soft.ver 7.4.100
Dear Support,
we are using two WLC 5508 software ver.7.4.100 with first 50AP license and in the next day we add 50AP license again to the primary WLC. when we activate HA base in the following guiden http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html but when we doing test the failover we found a couple log message on the Secondary WLC like below and not for long time all AP on the Secondary WLC was drop off.
1. DP Critical Error
2. *RRM-DCLNT-2_4: May 23 07:43:53.204: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG: Could not retrieve RRM Coverage Measurement DataKey BSSID:34:db:fd:dd:3e:20,Key SlotId:0
*RRM-DCLNT-2_4: May 23 07:43:53.164: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG: Could not retrieve RRM Coverage Measurement DataKey BSSID:34:db:fd:dd:3e:20,Key SlotId:0
*RRM-DCLNT-2_4: May 23 07:43:52.854: #RRM-3-RRM_LOGMSG: rrmTables.c:682 RRM LOG: Could not retrieve RRM Coverage Measurement DataKey BSSID:2c:36:f8:72:fc:c0,Key SlotId:0
I also send a complete log for both problem above and enclose it with pdf file. need you advice and assistance,
regard, afriansyahI agree go to version 7.4.121.0 I has some strange issues on prior releases. Personally I am running 7.6.120.0 right now but that's mainly due to support for the 3702 access points.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html#pgfId-74573
that's a good guide just to double check yourself just in case. - -
Upgrade WLC 5508 to 7.4.121.0 problem
After I upgraded WLC 5508 from 7.2.111.3 to 7.4.121.0, all 3602i APs don't associate with the controller. All APs were working/associating with controller on 7.2.111.3 at same setting. IP address of APs are setup as DHCP.
The error message is "AP couldn't get IP address".
Any one has this type of problem when you upgrade WLC 5508 from 7.2.111.3 to 7.4.121.0.
Thanks,Hi,
This doesn't look like software issue.
You have to check why the APs are not able to get ip address. Try connecting a PC to a swtich port where one of these APs are connected and see if you are able to get IP on PC.
Also check if the DHCP server is reachable and if there are IP address in the pool assigned for APs.
HTH,
Thanks & Regards,
Ishant
*** Please rate the post if you find it useful *** -
WLC 5508, DHCP Problem after Update Cisco ASA(DHCP-Server)
Hello,
our Problem is, our Apple Devices get no ip adress from our Cisco ASA Cluster(ASA 9.1.2) over Wireless(Cisco WLC 5508). All other devices(Windows, Android,...) work correct, without problems. Our WLC is in HA-Mode.
Does anybody have an Idea?
Thank you very much and Best regards,
StefanHello again,
I hope this case is the solution.
https://supportforums.cisco.com/message/3942112#3942112
I will let you know after downgrade.
Best regards,
Stefan -
WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?
Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5? So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
thanks
EricI think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
E.G.
Vlan 10
interface vlan 10
ip address 10.0.10.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 secondary
Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right. -
WLC 5508 + NPS MS-CHAP v2 Auth problems
Hi,
I am having a lot of trouble trying to set up a Cisco WLC 5508 to use NPS on Windows Server 2008 as it's authentication.
When a client attempts to connect to the WLAN, the authentication is denied on Windows 7/Vista/XP, however, on Mac/iOS clients, it asks to accept the certificate (this is a public cert, issued by Entrust - however, it is a wildcard cert..), but then it will connect.
So I have two questions:
1/ Why won't the windows clients authenticate? If I set up the WLAN profile on the windows machine, and I deselect "Validate server certificate", then they connect just fine....
2/ Is it possible to make it so the user is not prompted to accept the certificate? Why can't this certificate be validated locally by the client?
Thanks,
JoshLooks like it might have been an issue with that certificate, I don't know.
Either it didn't like the wildcard, or it didn't like the intermediate/root CA.
I downloaded a Comodo Trial SSL and plugged that in - works like a charm now!
Maybe you are looking for
-
Where is Expiry date & Rule that is triggered in CRMXIF_ORDER_SAVE_M
Hi All, I am trying to troubleshoot an issue in the idoc CRMXIF_ORDER_SAVE_M. Segment name is E101CRMXIF_APPOINTMENT_XT under E101CRMXIF_BUSTRANS. 1st node should be populated with Expirydate. But it is populating the approve date. When I try to debu
-
V8.2 "Not Responding" when updating XY Graph Prpoerties
LabVIEW 8.2 running on Windows XP crashes (slows to mouse clicks then gets reported as "Not Responding") when I try to format the plot properties (color, weight, etc) on a multi-plot XY Graph.
-
How do you connect sequences so that they are smooth
when connecting sequences how do we make it a smooth transition from one sequence to the next??
-
Como dar uma idéia para a apple?
Hello folks at Apple. Well you could create a system that asks password to turn off the iPhone. Thus, in case of theft, the thief could not turn the unit off (since he does not know the password), and it would help us in locating the unit as it is st
-
EBP - User Unable to search Vendors
Hi. I have a user, when she login to EBP and and search for a vendor while shopping , it gives no list. This is only for this perticular user, other users are fine. I have seen in PPOMA_BBP but cannot find any reason. What could be the problem and wh