WLC 2504 Connectivity Problems

Similar Messages

• Client got not connection to wlan over wlc 2504 on 802.11b/g

  Hi everybody,
  We are using a wlc 2504 with 7.6.100.0 and AP 1532e.
  I have the strange observacion that only clients with 802.11n (2.4GHz) can connect to the WLAN. Clients thats works only with 802.11b/g, they can't connect to the WLAN. Affected are all machines which want to connect with 802.11b/g.
  This is a MESH WLAN with 5GHz backhaul and 2.4GHz for the user.
  During the debugging found the following:
  *apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *spamApTask6: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: New PMKID: (16)
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAPOL Header:
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00000000: 02 03 00 5f                                       ..._
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:42.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:44.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:44:44.650: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:46.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 1
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
  *dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0  cur: 1
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Re-applying interface policy for client
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE  statusCode is 0 and status is 0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 suppRates  statusCode is 0 and gotSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Central switch is TRUE
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is  0
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *spamApTask6: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: New PMKID: (16)
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAPOL Header:
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00000000: 02 03 00 5f                                       ..._
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:54.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:56.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:44:58.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 2
  *dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
  *dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
  *apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0  cur: 1
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Re-applying interface policy for client
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE  statusCode is 0 and status is 0
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 suppRates  statusCode is 0 and gotSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Central switch is TRUE
  *apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is  0
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *spamApTask6: May 09 11:45:03.772: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: New PMKID: (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAPOL Header:
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00000000: 02 03 00 5f                                       ..._
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:05.849: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:07.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:09.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 3
  *dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Blacklisting (if enabled) mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
  *dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Reached FAILURE: from line 5274
  *dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0  cur: 1
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Re-applying interface policy for client
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
  *apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE  statusCode is 0 and status is 0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 suppRates  statusCode is 0 and gotSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Central switch is TRUE
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is  0
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
  *apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_4: May 09 11:45:15.691: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *spamApTask6: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: New PMKID: (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAPOL Header:
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00000000: 02 03 00 5f                                       ..._
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
  *apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
  *apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0  cur: 1
  *apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Re-applying interface policy for client
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE  statusCode is 0 and status is 0
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 suppRates  statusCode is 0 and gotSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Initializing policy
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Central switch is TRUE
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
  *apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is  0
  *apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
  *apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
  *apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
  *spamApTask6: May 09 11:45:15.878: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: New PMKID: (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAPOL Header:
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00000000: 02 03 00 5f                                       ..._
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879:      [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:18.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:20.049: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0  mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
  *dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
  *dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
  *osapiBsnTimer: May 09 11:45:22.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 0
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
  *dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
  *osapiBsnTimer: May 09 11:45:32.048: 00:1b:77:b4:34:e0 apfMsExpireCallback (apf_ms.c:625) Expiring Mobile!
  *apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 apfMsExpireMobileStation (apf_ms.c:6632) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Disassociated
  *apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds
  Thanks for any advice

  In some of the big name brands of wireless, there is "no such thing" as 802.11n on a 2.4 Ghz.  No such thing because Cisco won't allow you (any more) to do channel bonding of 2.4 Ghz.  It doesn't make any sense to bond an already restricted 2.4 Ghz non-overlapping channel (three) and squeeze this number down to two.  
  Can you check to ensure that the data rates for 802.11b are enabled?  Maybe someone disabled data rates from 1 Mbps to 11 Mbps.

• Iphones, Ipads face problem while shifting between diffrent WLAN on WLC 2504

  Dear All,
  I just create second SSID for different WLAN on my WLC 2504, all client other then Apple devices are successfully able to connect  to new SSID a dnd can swap between two SSIDs but apple device unable to shift to new SSID, if any apple device is not connected to to any of SSID (Fresh connection) then that device is able to connect either of SSID but then unable to swap to other SSID. I enable Fast Transition on WLC as well but no improvement. can any one help me to sort out this issue
  WLAN 10.10.10.0/24  SSID1
  WLAN 10.10.20.0/24  SSID2
  Thanks & Regards
  Zohaib

  Issue resolved :) by configuring fast SSID changing
  got help on following link
  https://supportforums.cisco.com/discussion/11527996/difficulty-apple-ios-devices

• 2504 controller + 2602 APs = wireless clients connectivity problems

  Hello, everybody!
  I have a connectivity problems of wireless clients. The symptoms are:
  1) Some clients receive 169.254.x.x., instead a correct DHCP addresses, less in a minute connection drops, and in controller's "Monitor" > "Clients" tab these clients are marked as "Excluded".
  2) Most of the clients receive the correct addresses from DHCP (192.168.2.x), but also loose connection soon.
  3) Wireless clients with correct addresses can't ping each other, gateway and an address of the controller's dynamic interface (all of them are in same subnet).
  4) And the most suspicious problem is that some machines are unable to connect to APs after several attemps to do that. I mean, I configure controller and change some options, trying to understand, whether they were applied or not and constantly connect and disconnet certain PC to the SSID. After five or ten attempts I can't connect to the SSID. During these attempts, the others PCs stay connected, without interruptions, and they could be reconnected again. It's like some kind of port security works, but I'm not sure...
  Do you have any ideas which options should I configure?
  My configuration:
  I have three interfaces on the controller: virtual, management (default) and dynamic (it is set to the WLAN)
  I have one SSID, WPA/WPA2, AES/TKIP, authentication PSK.
  My clients are a/b/g/n, all are permitted on the controller. No custom security policies were applied.
  All the devices are in a single room: controller, one AP and different clients: desktop, notebooks, iPad, Nokia Lumia, etc.
  I have an internal DHCP Server on the controller and it works perfectly well.
  I can provide all the screenshots required from web-interface of the controller...
  Many thanks in advance for all ideas that you have about these problems...

  Hi, there!
  The problem was solved.
  1) APIPA address receives only single machine with Win8 - I think there are some firewall issues
  2) Other devices have been loosing connection because they were mobile devices, like iPad and Lumia. If you keep working with it, it doesn't drop the connection
  3) The dynamic interface address and gateway address were inaccessible because i had not used an appropriate port on the controller. =)))) Firstly, it was just a guess, but it proved.
  Now, everything works with WPA2, AES, PSK...
  It is a very good day!)
  The only question remains: why I can't connect machines, which have a static IP? During the controller initialization, I said "yes" for permitting static IPs...
  Guys, many thanks for your help!

• Acs 5.3 and wlc 2504 config with restricted network access

  Hello,
  i submit you the following issue that i'm actually facing:
  i must configure a secured wireless network with access restriction based on SSID. the equipements are : cisco wlc 2504 (soft 7.3) cisco secure acs aplliance 1121 (soft 5.4) .
  the users that will connect to the network are regrouped by identity groups, each identity group having it's own SSID. Clearly each group of users must access only one SSID.
  i followed the procedure below to configure it:
  -- creating user identity groups;
  -- creating users and assigning them to the groups;
  --- creating authorization profiles for each SSID under policy element/ authorization and permission/network access/authorization profiles and putting the Airespace-Wlan-Id(the SSID number) in the radius tab.
  --- assigning the authorization profiles to the identity groups under access policies.
  after all these config the users can access the network using there userid/password configured. But the problem is Every user can access every SSID, seems like the restriction is so not very well configured.
  i found some documentation on this kind of config but the version of ACS used seems older than the one that i use, so menu are very different.
  Please can someone provide with the right steps to follow to achieve this kind of config.
  tkx in advance

  Yes.. you only have to add the end filter like what I posted... as far as the calling station id in the WLC security tab, it doesn't matter because that is not used when using 802.1x.  I would also try to not enable everything that you have just to start from the basic and make sure it works first.  The WAP Authentication Method might or might not work for you.  Uncheck that for now and when you have a successful authentication, look at the monitor log and see what radius attributes are being sent, because those attributes is what you can use to build your policies.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Cisco WLC 2504 webportal for Server 2008 R2 DC LDAP or RADIUS

  HI,Friends.
  I want to get my mobile or Notebook clients connecting to wireless and use my Domain users ,Cisco WLC 2504 to authenticate via LDAP or  RADIUS to our Windows Server 2008 Domain Controllers
  question:
  one,i can use my domain one Organizational Unit ,such as cn=use01,ou=test,dc=lzh,dc=com. now, noly user01 can logon on web, But how I make all my domain users can use web log it ? 
  I was using radius authentication or ldap certification to do web authentication ?which is good. ？？？
  I specified child ou, ou its users superiors can not be landed on

  hi ,Scott Fella
  Thank you,I am very happy to receive your reply,  I finally binding domain user authentication LDAP authentication done successfully. but You say the combination of nps I did not do the radius authentication is successful, I do not know where the problems.
  the err:
  <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">11</User-Name><Service-Type data_type="0">1</Service-Type><NAS-IP-Address data_type="3">10.10.10.253</NAS-IP-Address><NAS-Port data_type="0">1</NAS-Port><NAS-Identifier data_type="1">WLC-CNNEWCITY</NAS-Identifier><NAS-Port-Type data_type="0">19</NAS-Port-Type><Vendor-Specific data_type="2">00003763010600000001</Vendor-Specific><Calling-Station-Id data_type="1">10.12.0.11</Calling-Station-Id><Called-Station-Id data_type="1">10.10.10.253</Called-Station-Id><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Authentication-Type data_type="0">1</Authentication-Type><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
  <Event><Timestamp data_type="4">07/27/2014 18:33:36.845</Timestamp><Computer-Name data_type="1">PDC-CQ</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 10.10.10.1 07/27/2014 09:41:28 5</Class><Fully-Qualifed-User-Name data_type="1">cnnewcity.com/user/test/11</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Client-IP-Address data_type="3">10.10.10.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WLC</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CNNEWCITY\11</SAM-Account-Name><NP-Policy-Name data_type="1">Connections to other access servers</NP-Policy-Name><Authentication-Type data_type="0">1</Authentication-Type><Packet-Type data_type="0">3</Packet-Type><Reason-Code data_type="0">66</Reason-Code></Event>
  then,You gave two figures is that what you mean? what's the meaning it that services-type =login ?

• AP not joining WLC 2504

  Hi all
  my customer has a 2504 WLC, and has problems to join APs (There are no aps joined to the controller at this moment).
  What are the Bold lines tell me?
  in the debug I see the following:
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
  *spamApTask0: Oct 10 09:20:06.019: apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.020: apType = 38 apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.020: Unknown AP type. Using Controller Version!!!
  *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
  *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
  *spamApTask0: Oct 10 09:20:06.021: apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: apType = 38 apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: Unknown AP type. Using Controller Version!!!
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.031: 58:f3:9c:7a:22:30 DTLS connection not found, creating new connection for 10:37:24:116 (41508) 10)
  *spamApTask0: Oct 10 09:20:16.498: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
  *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Allocated index from main list, Index: 55
  *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Using CipherSuite AES128-SHA
  *spamApTask0: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS keys for Control Plane are plumbed successfully for AP 10.37.24.116. Inde6
  *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS Session established server (10.37.24.11:5246), client (10.37.24.116:41508)
  *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 Starting wait join timer for AP: 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:78:d1:10 Join Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:7a:22:30 Deleting AP entry 10.37.24.116:41508 from temporary database.
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 spamProcessJoinRequest : RAP, Check MAC filter
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 In AAA state 'Idle' for AP 58:f3:9c:78:d1:10
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Mesh AP username 58f39c7a2230.
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 Join Request failed!
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 State machine handler: Failed to process  msg type = 3 state = 0 from 10.37.248
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Failed to parse CAPWAP packet from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.519: XóxÑ
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Finding DTLS connection to delete for AP (10:37:24:116/41508)
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Disconnecting DTLS Capwap-Ctrl session 0x179437d8 for AP (10:37:24:116/41508)
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 CAPWAP State: Dtls tear down
  *spamApTask0: Oct 10 09:20:16.520: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
  *spamApTask0: Oct 10 09:20:16.520: 58:f3:9c:78:d1:10 DTLS keys for Control Plane deleted successfully for AP 10.37.24.116
  *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10 DTLS connection closed event receivedserver (10.37.24.11/5246) client (10.37.2)
  *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10

  Hi all, the AP was in Mesh (Bridge) mode and could not connect to the controller
  Ok, how to find out that a AP is in bridge mode, without a join (No Access to the AP).
  go to monitor > statistics > AP Join
  you will see the AP here that tries to connect (clear the list before)
  if the ethernet MAC Address is the same as the Base radio MAC, than the AP is in bridge mode.
  normally ( in local mode) the Ethernet MAC Address reflects the APname
  To allow the AP to join, add in the Authorization list the APName mac Address!
  See: http://supertekboy.com/2014/01/13/cisco-lightweight-access-point-will-not-join-to-a-wireless-lan-controller/
  The case is solved now.

• Configure a second Wlan on WLC 2504

  Hello,
  I  created a topic about this problem on the learningnetwork cisco site too. You can find it here: https://learningnetwork.cisco.com/thread/73201.
  The problem is:
  We have the Cisco WLC 2504 with a couple of access points. On this WLC we have a network connection via a radius server for our employees. The DHCP server for this connection is the server you see on the drawing. The connection from the switch to the WLC is connected on port 1 of the WLC. This connection works like a charm.
  Now I want to create a second network (which is divorced from our internal network) for our guests, but it doesn’t work till now. What we have at the moment is:
  A connection from the firewall via the router to the internet
  A connected cable from the firewall to the WLC on port 2
  A configured interface (port 2) on the WLC
  A configured Wlan on the WLC (it is possible to connect to the guest Wlan with a static ip)
  The SSID of the guest network is broadcasted via the AP’s which also broadcast the internal network SSID
  The problem I have now is:
  I have no connection between the WLC Port 2 (192.168.10.2) and the firewall (192.168.10.1). When I try to ping the firewall (192.168.10.1) I get a no reply received message.
  How can I get this working? I hope someone can help me with this. Thanks in advance!
  Screenshots:
  Guest interface
  Network layout
  Show int sum
  Show wlan sum
  Wlan general
  Wlan advanced

  Frank,
  The issue is that the WLC will not route between VLANs.  In order for the scenario that Rasika recommended to work, the switch needs to be a layer 3 switch or needs a layer 3 device attached to it to route between the VLANs.
  In my WLC, I have a guest interface as well:
  The gateway listed in the VLAN 50 Interface on my L3 Switch:
  I then have a route established on my switch to send that traffic to my ASA:
  Due to that, I can ping the ASA from my WLC:
  Of course, my WLAN for guests only has access to the guest Interface Group:
  Try these changes on your switch (or other Layer 3 Device) and let us know if it worked for you.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• AP1121 can'T join WLC 2504

  Hi there,
  It's me again... same devices which making trouble.
  I have an allready configured WLC 2504 running in the network. Every LAP i add to the network joins imidiatly to the Controller.
  But not the AP1121G AP.
  It fails the Handshake everytime and the Controller shows me an failmessage at the statistics in the GUI.
  GUI Message:
  RADIUS authorization is pending for the AP
  CLI Debug:
  *spamApTask0: May 23 17:29:18.258: 00:11:20:6e:2b:14 Allocated index from main list, Index: 16
  *spamApTask0: May 23 17:29:18.259: 00:11:20:6e:2b:14 DTLS keys for Control Plane are plumbed successfully for AP 192.168.1.100. Index 17
  *spamApTask0: May 23 17:29:18.259: 00:11:20:6e:2b:14 DTLS Session established server (192.168.1.10:5246), client (192.168.1.100:1716)
  *spamApTask0: May 23 17:29:18.260: 00:11:20:6e:2b:14 Starting wait join timer for AP: 192.168.1.100:1716
  *spamApTask0: May 23 17:29:18.263: 00:11:20:6e:2b:14 Join Request from 192.168.1.100:1716
  *spamApTask0: May 23 17:29:18.264: 00:11:20:6e:2b:14 Deleting AP entry 192.168.1.100:1716 from temporary database.
  *spamApTask0: May 23 17:29:18.264: 00:11:20:6e:2b:14 AP with same name AP0011.206e.2b14 exist. Using default name AP0011.206e.2b14 for this AP.
  *spamApTask0: May 23 17:29:18.265: 00:11:20:6e:2b:14 In AAA state 'Idle' for AP 00:11:20:6e:2b:14
  *spamApTask0: May 23 17:29:18.266: 00:11:20:6e:2b:14 State machine handler: Failed to process  msg type = 3 state = 0 from 192.168.1.100:1716
  *spamApTask0: May 23 17:29:18.267: 00:11:20:6e:2b:14 Failed to parse CAPWAP packet from 192.168.1.100:1716
  *spamApTask0: May 23 17:29:18.267:
  *spamApTask0: May 23 17:29:18.267: 00:11:20:6e:2b:14 Finding DTLS connection to delete for AP (192.168.1.100/1716)
  *spamApTask0: May 23 17:29:18.268: 00:11:20:6e:2b:14 Disconnecting DTLS Capwap-Ctrl session 0x1458bd60 for AP (192.168.1.100/1716)
  *spamApTask0: May 23 17:29:18.268: 00:11:20:6e:2b:14 CAPWAP State: Dtls tear down
  *spamApTask0: May 23 17:29:18.268: 00:11:20:6e:2b:14 DTLS keys for Control Plane deleted successfully for AP 192.168.1.100
  *spamApTask0: May 23 17:29:18.270: 00:11:20:6e:2b:14 DTLS connection closed event receivedserver (172:16:58:250/5246) client (192.168.1.100/1716)
  *spamApTask0: May 23 17:29:18.270: 00:11:20:6e:2b:14 Entry exists for AP (192.168.1.100/1716)
  *spamApTask0: May 23 17:29:18.272: 00:11:20:6e:2b:14 No AP entry exist in temporary database for 192.168.1.100:1716
  *spamApTask0: May 23 17:29:18.272: 00:11:20:6e:2b:14 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  192.168.1.100:1716)since DTLS session is not established
  *spamApTask0: May 23 17:29:18.277: 00:11:20:6e:2b:14 Received LWAPP JOIN REQUEST from AP 00:11:20:6e:2b:14 to 84:78:ac:b3:73:c0 on port '1'
  *spamApTask0: May 23 17:29:18.278: 00:11:20:6e:2b:14 incomingRadJoinPriority = 1

  Problem solved
  Hey guys, i solved the problem. It wasn't the firmwareversion. I downgraded the WLC and the problem still exists.
  Problem reason: The AP1121G series doesn't  has a MIC - Manufactured Installed Certificate - which is compatible/ accpeted by the WLC 2504 and it's parameters for the RADIUS server. Maybe it has no MIC, i don't know.
  So you need the SSC - Self Signed Certificate - for the join authentication.
  Solution:
  1. Logon to GUI or CLI of the WLC.
  2. Enable "Accpet Self Signed Certificate"
            GUI: Security > AP policy
            CLI: (Cisco Controller) >config auth-list ap-policy ssc enable
  3. Look for the SSC Hash of the AP:
            CLI: (Cisco Controller) >debug CAPWAP events enable
            There you'll find an event which is called e.g.:
       Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: SSC Key Hash is 9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
  4.Add the ap manually to the controller
            GUI Security> AP policy > Add               There you have to set the right parameters, ap MAC, Cert. type: "SSC"           and the Key.
            CLI:    
            (Cisco Controller) >config auth-list add ssc 00:0e:84:32:04:f09e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
  5. Maybe you should reboot the ap.
  And it's done

• Why LAP1131AG and LAP11412 cannot to join WLC 2504?

  I have WLC 2504, Cisco LAP1131AG and then Cisco LAP1142N. Why LAP1131AG and LAP11412 cannot to join WLC 2504?
  this is error code at the Cisco LAP1131AG
  *Sep 12 19:30:27.730: %CAPWAP-3-ERRORLOG: Go join a capwap controller 
  *Sep 12 19:30:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.10 peer_port: 5246
  *Sep 12 19:30:57.001: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
  *Sep 12 19:31:27.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.100.10:5246
  *Sep 12 19:31:32.083: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Sep 12 19:31:32.083: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
  *Sep 12 19:31:32.085: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Sep 12 19:31:32.117: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !! 
  *Sep 12 19:31:32.118: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Sep 12 19:31:33.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Sep 12 19:31:33.112: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Sep 12 19:31:33.117: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Sep 12 19:31:34.104: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Sep 12 19:31:34.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Sep 12 19:31:34.142: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Sep 12 19:31:34.147: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
  *Sep 12 19:31:34.152: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Sep 12 19:31:35.141: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Sep 12 19:31:35.146: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Sep 12 19:31:35.170: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Sep 12 19:31:36.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  this is version LAP1131AG
  AP0018.18fc.fd58#sh version 
  Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(25e)JAO6, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Fri 22-Aug-14 10:07 by prod_rel_team
  ROM: Bootstrap program is C1130 boot loader
  BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
  AP0018.18fc.fd58 uptime is 9 minutes
  System returned to ROM by power-on
  System image file is "flash:/c1130-k9w8-mx.124-25e.JAO6/c1130-k9w8-mx.124-25e.JAO6"
  and then this is version WLC2504
  (Cisco Controller) >show sysinfo 
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. PIC 16.0
  Build Type....................................... DATA + WPS
  System Name...................................... Cisco_47:19:c4
  System Location.................................. 
  System Contact................................... 
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
  IP Address....................................... 192.168.100.10
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 0 hrs 36 mins 45 secs
  System Timezone Location......................... 
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  --More-- or (q)uit
  Configured Country............................... ID  - Indonesia
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +34 C
  External Temperature............................. +40 C
  Fan Status....................................... 4100 rpm
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ 24:E9:B3:47:19:C0
  Maximum number of APs supported.................. 5
  IP Address management WLC : 192.168.100.10/24
  IP Address LAP1142N :192.168.100.102/24
  IP Address LAP1131AG : 192.168.100.101/24
  Can anyone help my problem?

  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected]
  cisco AIR-LAP1142N-A-K9 (PowerPC405ex) processor (revision A0) with 90102K/40960K bytes of memory.
  Processor board ID FGL1439S15W
  PowerPC405ex CPU at 586MHz, revision number 0x147E
  Last reset from reload
  LWAPP image version 7.6.130.0
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: C8:4C:75:79:EB:E9
  Part Number                          : 73-12836-03
  PCA Assembly Number                  : 800-33767-03
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC14234D8Z
  Top Assembly Part Number             : 800-33775-02
  Top Assembly Serial Number           : FGL1439S15W
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-LAP1142N-A-K9  
  cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
  Processor board ID FTX1026T46E
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from power-on
  LWAPP image version 7.6.130.0
  1 FastEthernet interface
  2 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:18:18:FC:FD:58
  Part Number                          : 73-8962-09
  PCA Assembly Number                  : 800-24818-08
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC102513DE
  Top Assembly Part Number             : 800-25544-06
  Top Assembly Serial Number           : FTX1026T46E
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-LAP1131AG-A-K9  
  Configuration register is 0xF

• WLC 2504 - Ap join fails with "Unknown AP type. Using Controller Version!!!"

  Hi,
  I haven't encountered this problem before. On my WLC 2504 I've tried now software versions 8.0.100.0, 7.6.130.0 and 7.4.121.0 (as per recommendation from other supportforum-posts), but still get this debug error when I'm trying to join ap models 1142 and 2602:
  (Cisco Controller) >debug capwap errors enable 
  (Cisco Controller) >*spamApTask5: Jan 02 02:11:46.549: Unknown AP type. Using Controller Version!!!
  *spamApTask0: Jan 02 02:11:46.550: 88:43:e1:78:10:08 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 5,joined Aps =0
  *spamApTask5: Jan 02 02:11:56.670: f8:66:f2:14:4e:c1 Deleting AP 10.68.254.101 which has not been plumbed
  *spamApTask5: Jan 02 02:11:56.673: f8:66:f2:14:4e:c1 DTLS connection was closed
  (Cisco Controller) >
  Does anyone know what is failing here? Surely the ap's should be "known" in these software versions? 
  Best
  Bent Eskil

  Hi I have the same issue, today i rebooted the controller after that no Access Point is joining the controller.  While debug i can see same logs as given above. I have configured option 43 and 60 as well on cisco switch. Pool commands are:
  ip dhcp pool Room-1
   host 192.168.30.113 255.255.255.0
   client-identifier 0188.1dfc.f7cb.30
   default-router 192.168.30.3
   domain-name mina.local
   option 43 hex f108.aca8.1e68
   dns-server 192.168.30.1 4.2.2.2
   option 60 ascii "Cisco AP c3702
  I have checked the time and country code all fine but still Access point are not joining. Can you help me out to figure out the issue.
  Thanks

• WLC 2504 sudden network instability

  Hello,
  we're running a WLC 2504 with two SSIDs on it. It is connected to to a small PoE switch. Standard untagged vlan. A handfull APs connected to it. No DHCP, the APs have all static IP addresses.
  All of a sudden we're having a number of issues with the network connection:
  APs restarting
  The APs restart every now and then reporting that their IP is being used by another device. Looking through the logs there are two MAC addresses that are reported as using the APs IP address. These two MAC addresses have unknown vendor IDs.
  Warning: AP with Base Radio MAC f8:72:ea:7c:9d:e3 has found  its IP Address 0.2.146.0 being used by a machine with MAC
  Address  04:c6:f8:40:00:00 (The other mac that is reported is 04:cc:90:40:00:00)
  AP 'AP5', MAC: 0c:68:03:dd:1b:80 disassociated previously due to Link Failure.  Uptime: 4 days, 00 h 48 m 50 s . Reason: Capwap WTP Event request.
  So: There are two MACs that use the IP addresses of 7 APs?!?! And there is no vendor to be found for these MACs?
  Ping timouts on the webGUI and CLI
  I have a ping running on the IP for managing the device. This is running fine for ages. As soon as I connect via webGUI or CLI I lose packets. Get timeouts etc. some packets get through some don't. More of the latter. So ping is fine but any other traffic seems to be impacted heavily.
  What we have done for troubleshooting
  Checked duplex/speed settings of the interfaces. Everything ok.
  Connected to another switchport. Same.
  Changed the IP address of the management port. Same.
  Swapped places with a laptop with the same IP address --> Worked fine.
  Plugged in a completely new device, installed the latest firmware (7.6) and uploaded the config from the other one. Same.
  Restarted the default gateway for the subnet the controler is on.
  So now we're at the end of our knowledge. It seems to be a non-physical network issue, but we're a small team and no one has changed anything they say :-/
  Any ideas what we could check next?
  Kat

  Hello,
  thanks for your suggestions. It's hard to find those two MAC addresses. As they seem to be virtual I cannot get a hint from the vendor ID. A show mac-address table on the switch the WLC is connected to doesn't show those two
  I found an error in the WLC AP config. AP1 had the same IP as AP5 and a wrong netmask. I changed that. Unfortunately that doesn't solve our problem.
  Here are some more messages from the WLC's log:
  AP 'AP3', MAC: 0c:68:03:dd:34:00 disassociated previously due to Link Failure.  Uptime: 4 days, 15 h 04 m 15 s . Reason: Capwap WTP Event request.
  AP Disassociated. Base Radio MAC:0c:68:03:dd:34:00
  AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:0c:68:03:dd:34:00  Cause=Heartbeat Timeout Status:NA
  AP 'AP3', MAC: 0c:68:03:dd:34:00 disassociated previously due to Link Failure.  Uptime: 4 days, 15 h 00 m 45 s . Reason: Capwap WTP Event request.
  RF Manager updated TxPower for Base Radio MAC: 0c:68:03:dd:34:00 and slotNo: 0.  New Tx Power is: 2
  AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:0c:68:03:dd:16:e0  Cause=Max Retransmission Status:NA
  IDS Signature attack detected. Signature Type: Standard, Name: Deauth flood,  Description: Deauthentication flood, Track: per-signature, Detecting AP Name:  AP7, Radio Type: 802.11b/g, Preced: 9, Hits: 500, Channel: 6, srcMac:  C2:9F:DB:21:47:60
  This is the sh run-config of our WLC including one AP:
  >show run-config
  System Inventory
  NAME: "Chassis"    , DESCR: "Cisco 2500 Series Wireless LAN Controller"
  PID: AIR-CT2504-K9,  VID: V01,  SN: PSZ17381EPZ
  Burned-in MAC Address............................ 50:17:FF:27:12:80
  Maximum number of APs supported.................. 15
  System Information
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.4.110.0
  Bootloader Version............................... 1.0.18
  Field Recovery Image Version..................... 1.0.0
  Firmware Version................................. PIC 16.0
  Build Type....................................... DATA + WPS
  System Name...................................... UK-BRI-WFAPC
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
  IP Address....................................... 172.17.128.12
  Last Reset....................................... Power on reset
  System Up Time................................... 4 days 0 hrs 46 mins 6 secs
  System Timezone Location.........................
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +20 C
  External Temperature............................. +25 C
  Fan Status....................................... 4000 rpm
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 3
  Number of Active Clients......................... 6
  Memory Current Usage............................. Unknown
  Memory Average Usage............................. Unknown
  CPU Current Usage................................ Unknown
  CPU Average Usage................................ Unknown
  Burned-in MAC Address............................ 50:17:FF:27:12:80
  Maximum number of APs supported.................. 15
  AP Bundle Information
  Primary AP Image    Size
  ap1g2            9568
  ap3g1            11288
  ap3g2            11196
  ap801            7164
  ap802            8568
  c1130            5072
  c1140            9416
  c1250            6944
  c1520            8044
  c602i            3736
  Secondary AP Image    Size
  ap3g1            5792
  ap801            5192
  ap802            5232
  c1100            3084
  c1130            4964
  c1140            4992
  c1200            3364
  c1240            4812
  c1250            5504
  c1310            3136
  c1520            6404
  c3201            4324
  c602i            3716
  Switch Configuration
  802.3x Flow Control Mode......................... Disable
  FIPS prerequisite features....................... Disabled
  secret obfuscation............................... Enabled
  Strong Password Check Features:
       case-check ...........Enabled
       consecutive-check ....Enabled
       default-check .......Enabled
       username-check ......Enabled
  Network Information
  RF-Network Name............................. RFGROUP
  Web Mode.................................... Disable
  Secure Web Mode............................. Enable
  Secure Web Mode Cipher-Option High.......... Disable
  Secure Web Mode Cipher-Option SSLv2......... Disable
  Secure Web Mode RC4 Cipher Preference....... Disable
  OCSP........................................ Disabled
  OCSP responder URL..........................
  Secure Shell (ssh).......................... Enable
  Telnet...................................... Disable
  Ethernet Multicast Forwarding............... Disable
  Ethernet Broadcast Forwarding............... Disable
  AP Multicast/Broadcast Mode................. Multicast   Address : 0.0.0.0
  IGMP snooping............................... Disabled
  IGMP timeout................................ 60 seconds
  IGMP Query Interval......................... 20 seconds
  MLD snooping................................ Disabled
  MLD timeout................................. 60 seconds
  MLD query interval.......................... 20 seconds
  User Idle Timeout........................... 300 seconds
  ARP Idle Timeout............................ 300 seconds
  Cisco AP Default Master..................... Disable
  AP Join Priority............................ Disable
  Mgmt Via Wireless Interface................. Disable
  Mgmt Via Dynamic Interface.................. Disable
  Bridge MAC filter Config.................... Enable
  Bridge Security Mode........................ EAP
  Mesh Full Sector DFS........................ Enable
  AP Fallback ................................ Enable
  Web Auth CMCC Support ...................... Disabled
  Web Auth Redirect Ports .................... 80
  Web Auth Proxy Redirect  ................... Disable
  Web Auth Captive-Bypass   .................. Disable
  Web Auth Secure Web  ....................... Enable
  Fast SSID Change ........................... Disabled
  AP Discovery - NAT IP Only ................. Enabled
  IP/MAC Addr Binding Check .................. Enabled
  CCX-lite status ............................ Disable
  oeap-600 dual-rlan-ports ................... Disable
  oeap-600 local-network ..................... Enable
  mDNS snooping............................... Disabled
  mDNS Query Interval......................... 15 minutes
  Port Summary
             STP   Admin   Physical   Physical   Link   Link
  Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE 
  1  Normal  Forw Enable  Auto       1000 Full  Up     Enable  N/A    
  2  Normal  Forw Enable  Auto       100 Full   Up     Enable  N/A    
  3  Normal  Forw Enable  Auto       1000 Full  Up     Enable  Enable  (Power Off)
  4  Normal  Disa Enable  Auto       Auto       Down   Enable  Enable  (Power Off)
  AP Summary
  Number of APs.................................... 7
  Global AP User Name.............................. Not Configured
  Global AP Dot1x User Name........................ Not Configured
  AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
  AP7                  2     AIR-CAP1602I-E-K9     f8:72:ea:e4:9a:81  default location  1        GB       1
  AP1                  2     AIR-CAP1602I-E-K9     f8:72:ea:7c:9d:e3  default location  1        GB       1
  AP3                  2     AIR-CAP1602I-E-K9     f8:72:ea:e4:9c:57  default location  1        GB       1
  AP6                  2     AIR-CAP1602I-E-K9     f8:72:ea:e4:9a:90  default location  1        GB       1
  AP2                  2     AIR-CAP1602I-E-K9     f8:72:ea:7c:9b:63  default location  1        GB       1
  AP4                  2     AIR-CAP1602I-E-K9     f8:72:ea:e4:9a:9b  default location  1        GB       1
  AP5                  2     AIR-CAP1602I-E-K9     f8:72:ea:e4:9a:cb  default location  1        GB       1
  AP Tcp-Mss-Adjust Info
  AP Name              TCP State  MSS Size
  AP7                  disabled   -
  AP1                  disabled   -
  AP3                  disabled   -
  AP6                  disabled   -
  AP2                  disabled   -
  AP4                  disabled   -
  AP5                  disabled   -
  AP Location
  Total Number of AP Groups........................ 0   
  Site Name........................................ default-group
  Site Description.................................
  NAS-identifier................................... UK-BRI-WFAPC
  AP Operating Class............................... Not-configured
  RF Profile
  2.4 GHz band.....................................
  5 GHz band.......................................
  WLAN ID          Interface          Network Admission Control          Radio Policy
  1               corporate            Disabled                          None
  2               dirtynetwork         Disabled                          None
  3               dirtynetwork         Disabled                          None
  AP Name             Slots  AP Model             Ethernet MAC       Location          Port  Country  Priority
  AP7                  2     AIR-CAP1602I-E-K9    f8:72:ea:e4:9a:81  default location  1     GB       1
  AP1                  2     AIR-CAP1602I-E-K9    f8:72:ea:7c:9d:e3  default location  1     GB       1
  AP3                  2     AIR-CAP1602I-E-K9    f8:72:ea:e4:9c:57  default location  1     GB       1
  AP6                  2     AIR-CAP1602I-E-K9    f8:72:ea:e4:9a:90  default location  1     GB       1
  AP2                  2     AIR-CAP1602I-E-K9    f8:72:ea:7c:9b:63  default location  1     GB       1
  AP4                  2     AIR-CAP1602I-E-K9    f8:
  RF Profile
  Number of RF Profiles............................ 0
  Out Of Box State................................. Disabled
  RF Profile Name                    Band     Description                         11n-client-only
  AP Config
  Cisco AP Identifier.............................. 15
  Cisco AP Name.................................... AP7
  Country code..................................... GB  - United Kingdom
  Regulatory Domain allowed by Country............. 802.11bg:-E     802.11a:-E
  AP Country code..................
  ................ GB  - United Kingdom
  AP Regulatory Domain............................. -E
  Switch Port Number .............................. 1
  MAC Address...................................... f8:72:ea:e4:9a:81
  IP Address Configuration......................... Static IP assigned
  IP Address....................................... 172.17.128.24
  IP NetMask....................................... 255.255.128.0
  Gateway IP Addr.................................. 172.17.128.1
  Domain...............
  Name Server......................................
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Disabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ default location
  Cisco AP Floor Label............................. 0
  Cisco AP Group Name.............................. default-group
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address.................. Not Configured
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ....
  ............................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... Local
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ..
  ....................... kern
  S/W  Version .................................... 7.4.110.0
  Boot  Version ................................... 15.2.2.0
  Mini IOS Version ................................ 7.4.1.37
  Stats Reporting Period .......................... 180
  Stats Collection Mode ........................... normal
  LED State........................................ 
  Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-CAP1602I-E-K9  
  AP Image...............................
  .......... C1600-K9W8-M
  IOS Version...................................... 15.2(2)JB2$
  Reset Button..................................... Enabled
  AP Serial Number................................. FGL1725W7F7
  AP Certificate Type.............................. Manufacture Installed
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system loggi
  ng host..................... 255.255.255.255
  AP Up Time....................................... 3 days, 23 h 26 m 50 s
  AP LWAPP Up Time................................. 0 days, 00 h 14 m 12 s
  Join Date and Time............................... Tue Jan 28 18:11:43 2014
  Join Taken Time.................................. 0 days, 00 h 11 m 41 s
  Attributes for Slot  0
      Radio Type................................... RADIO_TYPE_80211n-2.4
      Administrative State ........................ ADMIN_ENABLED
      Operation State ............................. UP
      Radio Role .................................. ACCESS
      Radio Mode .................................. Local
      CellId ...................................... 0
      Station Configuration
        Configuration ............................. AU
  TOMATIC
        Number Of WLANs ........................... 3
        Medium Occupancy Limit .................... 100
        CFP Period ................................ 4
        CFP MaxDuration ........................... 60
        BSSID ..................................... 0c:68:03:dd:16:e0
        Operation Rate Set
          1000 Kilo Bits........................... MANDATORY
          2000 Kilo Bits........................... MANDATORY
          5500 Kilo Bits........................... MANDATORY
          11000 Kilo Bits.......................... MANDATORY
          6000 Kilo Bits........................... SUPPORTED
          9000 Kilo Bits........................... SUPPORTED
          12000 Kilo Bits.......................... SUPPORTED
          18000 Kilo Bits.......................... SUPPORTED
          24000 Kilo Bits.......................... SUPPORTED
  36000 Kilo Bits.......................... SUPPORTED
          48000 Kilo Bits.......................... SUPPORTED
          54000 Kilo Bits.......................... SUPPORTED
        MCS Set
          MCS 0.................................... SUPPORTED
          MCS 1.................................... SUPPORTED
          MCS 2.................................... SUPPORTED
          MCS 3.................................... SUPPORTED
          MCS 4.................................... SUPPORTED
          MCS 5.................................... SUPPORTED
          MCS 6.................................... SUPPORTED
          MCS 7.................................... SUPPORTED
          MCS 8.................................... SUPPORTED
          MCS 9.................................... SUPPORTED
          MCS 10................................... SUPPORTED
          MCS 11................................... SUPPORTED
          MCS 12..
  ................................. SUPPORTED
          MCS 13................................... SUPPORTED
          MCS 14................................... SUPPORTED
          MCS 15................................... SUPPORTED
          MCS 16................................... DISABLED
          MCS 17................................... DISABLED
          MCS 18................................... DISABLED
          MCS 19................................... DISABLED
          MCS 20................................... DISABLED
          MCS 21................................... DISABLED
          MCS 22................................... DISABLED
          MCS 23................................... DISABLED
        Beacon Period ............................. 100
        Fragmentation Threshold ................... 2346
        Multi Domain Capability Implemented ....... TRUE
        Multi Domain Capability Enabled ........... TRUE
        Country String ............................ GB
      Multi Domain Capability
        Configuration ............................. AUTOMATIC
        First Chan Num ............................ 1
        Number Of Channels ........................ 13
      MAC Operation Parameters
        Configuration ............................. AUTOMATIC
        Fragmentation Threshold ................... 2346
        Packet Retry Limit ........................ 64
      Tx Power
        Num Of Supported Power Levels ............. 4
        Tx Power Level 1 .......................... 16 dBm
        Tx Power Level 2 .......................... 13 dBm
        Tx Power Level 3 .......................... 10 dBm
        Tx Power Level 4 .......................... 7 dBm
        Tx Power Configuration .................... AUTOMATIC
        Current Tx Power Level .................... 3
        Tx Power Assigned By ...................... DTPC
      Phy OFDM parameters
        Configuration ............................. AUTOMATIC
        Current Channel ........................... 6
        Channel Assigned By ....................... DCA
        Extension Channel ......................... NONE
        Channel Width.............................. 20 Mhz
        Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
          ......................................... 13
        TI Threshold .............................. -50
        Legacy Tx Beamforming Configuration ....... CUSTOMIZED
        Legacy Tx Beamforming ..................... ENABLED
        Antenna Type............................... INTERNAL_ANTENNA
        Internal Antenna Gain (in .5 dBi units).... 8
        Diversity.................................. DIVERSITY_ENABLED
        802.11n Antennas
           A....................................... ENABLED
           B....................................... ENABLED
           C....................................... ENABLED
      Performance Profile Parameters
        Configuration ............................. AUTOMATIC
        Interference threshold..................... 10 %
        Noise threshold............................  -70 dBm
        RF utilization threshold................... 80 %
        Data-rate threshold........................ 1000000 bps
        Client threshold........................... 12 clients
        Coverage SNR threshold..................... 12 dB
        Coverage exception level................... 25 %
        Client minimum exception level............. 3 clients
      Rogue Containment Information
      Containment Count............................
      CleanAir Management Information
          CleanAir Capable......................... No
      Radio Extended Configurations
        Beacon period.............................. 100 milliseconds
        Beacon range............................... AUTO
        Multicast buffer........................... AUTO
        Multicast data-rate........................ AUTO
        RX SOP threshold........................... AUTO
        CCA threshold.............................. AUTO

• WLC 2504 don't work with mode trunking dot1Q with 3560cg and 2960cg?

  Hi 
  I have a proble with the 3560cg and 2960cg, when i configure the port with "switchport trunk encapsulation doi1q " and "switchport mode trunk" on the interface for the connection with the WLC2504, don't have connection.
  I configure others WLC and others switch catalyst (2960, 3550, etc) with the same configuration and this connection work very well.
  this is the date from the terminals:
  Model                               SW Version            SW Image                 
  WS-C2960CG-8TC-L   12.2(55)EX2           C2960c405ex-UNIVERSALK9-M
  Model                                SW Version            SW Image                 
  WS-C3560CG-8TC-S   12.2(55)EX2           C3560c405ex-UNIVERSALK9-M
  WLC 2504    IOS-> 7.3.
  I don't know what its hapend, or if i need use another command for the 3560cg and 2960cg
  Regards

  Hi scot
  in my case, i configure the 3560 with the vlan 1 for administration and the vlan 100 and 200 for my clients (i use the 2 vlans with 2 wlans from the wlc) and i know that the port must be Trunk, my management interface its taggin with the vlan 1 for the administration and the dynamic interfaces with the respective vlan.
  when i configure the 3560 and 2960 i use these command (switchport mode trunk) and i loose the connection with the wlc (i use the same comand with other switch and work very well), the wlc loose the conection with the net.
  i dont know the reason for this failure, and i know if the wlc have management interface untugged, only work with this vlan (vlan native or vlan access) and don't work with the others vlans for the wlans.
  I wish to know if the IOS or if exist another configuration for the 3560 and 2960 works with the WLC correctly or its problem of the IOS
  Thaks for the help
  Regards 

• DHCP Error with WLC 2504 and Aironet 2600 setup across subnets

  Hey guys
  I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations.  The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
  I tested the WLC at our main office with a single AP, and it worked fine.  The AP set itself up, and wireless devices connect with no probs. Great!  Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too.  Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
  This morning however I've had notification that wifi performance at the remote site isn't great.  I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is.  Obvioulsy this is not ideal!
  So I guess my question is, what have I done wrong?  (I guess I HAVE done something wrong!?).  And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?
  Any help would be greatly appreciated! 
  Thanks!           

  Hello Tim,
  What mode your APs are in? Local mode? or FlexConnect mode?
  If local mode, then all the traffic will be tunnelled to the WLC and they'll be same as if you are connecting from the WLC location.
  If you use FlexConnect APs (which is recommended for remote sites) you can configure FlexConnect groups on the WLC and add each location in a specific group. In that group you can decide what VLAN the users should be in.
  Check this link for FlexConnect group configuration
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1230080
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic.