WLC 5508 Problem with #DOT1X-3-INVALID_REPLAY_CTR
Hi all,
I have WLC 5508 with version 7.4.110.0 and with 13 AccessPoints.So 12 of this AP are AIR-LAP1142N-E-K9 and 1 is AIR-CAP3602I-E-K9.
Logs of my WLC are:
*Dot1x_NW_MsgTask_1: Jan 11 01:15:05.167: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 90:c1:15:c6:c3:49 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_4: Jan 11 01:09:41.015: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 5c:0a:5b:c1:16:34 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_3: Jan 11 01:03:32.269: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 03, expected 00 00 00 00 00 00 00 04
*Dot1x_NW_MsgTask_3: Jan 11 01:03:32.266: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 40:b3:95:13:da:cb - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 04
*Dot1x_NW_MsgTask_0: Jan 11 01:03:31.648: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 24:77:03:67:01:48 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_5: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:da:c1:cd - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_2: Jan 11 01:03:31.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client cc:78:5f:29:cc:82 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_4: Jan 11 01:03:31.633: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 08:11:96:55:81:c4 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_0: Jan 11 01:03:31.631: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 84:3a:4b:56:36:50 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_1: Jan 11 01:03:31.630: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:e2:d4:91 - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_0: Jan 11 00:59:52.593: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client a0:88:b4:60:20:f8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*apfRogueTask_3: Jan 11 00:59:32.168: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 2, Requested containment level 4
*apfRogueTask_3: Jan 11 00:58:38.635: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 1, Requested containment level 4
*Dot1x_NW_MsgTask_0: Jan 11 00:50:06.885: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_0: Jan 11 00:50:06.883: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 10:68:3f:46:4e:e8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 02
*dot1xMsgTask: Jan 11 00:49:05.842: #DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:618 Client c8:e0:eb:19:2a:97 may be using an incorrect PSK
*apfRogueTask_3: Jan 11 00:40:42.576: #APF-1-UNABLE_TO_CONTAIN_ROGUE: apf_rogue.c:4414 Unable to contain rogue 40:01:C6:11:F9:F1 - Not enough Container AP(s). Number of Container AP(s) 3, Requested containment level 4
*Dot1x_NW_MsgTask_3: Jan 11 00:40:17.471: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client c4:43:8f:f1:8c:8b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
*Dot1x_NW_MsgTask_4: Jan 11 00:40:03.368: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client f0:d1:a9:8e:1a:dc - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_1: Jan 11 00:39:30.528: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client 14:10:9f:d8:84:09 - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 02
I already go to this link to check the Description of errors-
http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
Appreciate all feedback. Thank you.
Hi Ruben,
a) After successful dot1x authentication, session keys are derived from pairwise master key.
b) When the AP transmits a key to a station by default, it expects a response back within a set timeframe.
c) If the station does not respond, the AP increments the counter and retransmits the key.
d) If the AP receives a response to first message just after the retransmission of the key, a mismatch occurs in the counter.
This in most of the cases will be a client driver problem.
Solution :
1) try to increase the EAPOL-Key Timeout ( config advanced eap ).
2) Upgrade the client driver.
*****Help out other by using the rating system and marking answered questions as "Answered"*****
Similar Messages
-
Hi
I have one 5508 and about 70 Cisco1140 AP and spred around in to about 5 sites.
We use a Microsoft IAS server as radius server with auth from the AD with dot1x and certificate in the clinents to verify the clientents
The clients are IBM and Dell laptops
Some clients loses the connection to the network time to time
I have some errors in the WLC logg
dot1xMsgTask: Jan 18 11:23:34.254: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions
exceeded for client 00:24:d7:22:0e:e0
*apfMsConnTask_3: Jan 18 11:21:13.118: %APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c:273 Could not che
ck supported rates. Missing Supported Rate. Length :0. Mobile MAC: b8:ff:61:8f:df:25.
*Dot1x_NW_MsgTask_0: Jan 18 11:15:31.521: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Receiv
ed invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:21:6a
:50:21:80
*spamApTask0: Jan 18 11:14:34.630: %LWAPP-3-VALIDATE_ERR: spam_lrad.c:9090 Validation of SPAM Vendor
Specific Payload failed - AP 30:37:a6:c9:53:20
*dot1xMsgTask: Jan 18 11:14:19.850: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity re
quest retries (14) exceeded for client 00:1f:3b:16:aa:ef
Decrypt error occurred for clienten 00:24:d7:69:fb:7c using WPA2 key on 802.11a interface of AP e8:04:62:60:a0:10
Any sugestions ?Looking at the error messages, they don't point to a singlular fault with the WLC, more like a client issue. Below I'll explain the messages you are seeing.
dot1xMsgTask: Jan 18 11:23:34.254: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions
exceeded for client 00:24:d7:22:0e:e0
This means, the WLC has sent an EAP request to the client, and has not received a response. This could be because either the cleint didn't hear the request, or the AP didn't hear the response. It could also be the client ignored the request. You may want to take a look at the following document and see if you want to change the EAP timer values
. https://supportforums.cisco.com/docs/DOC-12110
*apfMsConnTask_3: Jan 18 11:21:13.118: %APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c:273 Could not che
ck supported rates. Missing Supported Rate. Length :0. Mobile MAC: b8:ff:61:8f:df:25.
The WLC was reading a message from the client, and the client did not tell the WLC what rates it could support. This could happen because the packet from the client wasn't heard fully. As well, some clients will see the WLC that they are associated to, and not the individual AP. In this case, it is possible that the client didnt' send the supported rates, as it didn't see a change in BSSID>
*Dot1x_NW_MsgTask_0: Jan 18 11:15:31.521: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:708 Receiv
ed invalid EAPOL-key M2 msg in START state - invalid secure bit; len 40, key type 1, client 00:21:6a
:50:21:80
The client tried to send a key, when the PEM state on the WLC was START. More than likely the client thought it could roam, but the WLC thought differently
*spamApTask0: Jan 18 11:14:34.630: %LWAPP-3-VALIDATE_ERR: spam_lrad.c:9090 Validation of SPAM Vendor
Specific Payload failed - AP 30:37:a6:c9:53:20
Bad packet.
*dot1xMsgTask: Jan 18 11:14:19.850: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (14) exceeded for client 00:1f:3b:16:aa:ef
WLC is sending EAP Identity request to the client, and it is not repsonding.
Decrypt error occurred for clienten 00:24:d7:69:fb:7c using WPA2 key on 802.11a interface of AP e8:04:62:60:a0:10
Couldn't decrypt the packet. Could be a bad key, or could be we didnt' get the full packet, thus making the decrypt fail.
For the most part, these are commonly seen issues. Could be the result of RF issues, so you may want to take a look and make sure the coverage at the site is clean. Some of these can also be caused by WZC, which likes to ignore EAP messages, and has a tendancy to use the login credentials that get cached. Which if these are not domain credentials can cause issues as well.
Cheers,
Steve
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
WLC 2504 problems with one IP address range
I am having an interesting issue configuring a new 2504.
How it is setup:
Port 1 management with vlan tagging on vlan 111
Port 2 trunking with ap-manager2 on vlan 3, 102 on vlan 102 (Not ap-manager), and 1001 on vlan 1001.
All of the vlans have distinctive and unique IP ranges. Vlan 111 is running 172.16.128 /20, 102 is 172.19.252 /23 and vlan 1001 should be running 172.17 /16.
Here is my problem. I can setup all of the dynamic interfaces on the appropriate ip ranges, but for some reason when I configure the 1001 vlan dynamic interface with the /16 address space, I lose connectivity to the GUI managment interface. I have to go in through the CLI and remove the interface or change the IP range. I have tried other /16 address space on that vlan and do not have a problem with them. the 172.17 space appears to be the only one that will not work.
I have attached the config from the controller (Minus some site specific stuff like the SNMP community and wpa stuff.) The config is using a 172.20 /16 right now on the 1001 interface so that I could get into the controller and download the config. It should be 172.17 /16. The acutal IP info should be 172.17.4.253 255.255.0.0 172.17.0.254
My computer is on the 1001 vlan and I have verified the IP is not in use and am using the same subnet, gateway etc as I am trying to configure the wlc with.
Switch config:
Port 1 is plugged into g0/2 with the following config
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,3,102,111,1001
switchport mode trunk
spanning-tree portfast
Port 2 is plugged into fa0/47 and just has switchport mode trunk.
How can I get the interface to work with the proper IP range for vlan 1001?I finally had a chance to fiddle around with this issue again and have some more information on the problem. It appears to not be an issue with the IP address, but rather with the VLAN. The 172.17.0.0/16 subnet is on VLAN 1001 which it appears the WLC does not care for. This problem is repeatable on the following versions of code that I have tried:
7.0.220.0
7.1.91.0
7.4.110.0 (Not in use for production until we upgrade from WCS to Prime.)
Any thoughts? Moving the 1001 VLAN to another number would be a HUGE undertaking so if there is not an answer within the firmware on the WLC, I will have to bridge two VLANs with bpdufilter enabled... Not my first choice for sure... -
WLC 5508 issue with 4 ports in portchannel
Hi,
We have one WLC 5508 and LAG is enabled on it but when we connect 4 cables to a distribution switch only 3 links are sending and receiving traffic and the 4th one is up with outgoing traffic from the distribution switch to WLC but nothing incoming.
Some APs went down and refuse to be registered back to the WLC. when we shut down the 4th port everything is back to normal.
the etherchannel config is identical and I can see all ports are active and not suspended :
interface GigabitEthernet2/2/1
description PortChannel-WLC1-Port1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/2
description PortChannel-WLC1-Port2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/3
description PortChannel-WLC1-Port3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/4
description PortChannel-WLC1-Port4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode onsh etherchannel 99 sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
d - default port
w - waiting to be aggregated
Number of channel-groups in use: 38
Number of aggregators: 38
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
99 Po99(SU) - Gi2/2/1(P) Gi2/2/2(P) Gi2/2/3(D)
Gi2/2/4(P)
Last applied Hash Distribution Algorithm: Fixed
Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register. -
WLC 5508 integration with fortigate and Guest Vlan
Hi
I have 5508 Cisco WLC and i want to connect my wlc one port to fortigate (FW) for direct internet.
And other port in WLC i will connect on Cisco Core Switch for other SSID's and for management. Now the question is how to divide port in WLC 5508, how to point layer 3 traffic if don't configure switch port as trunk.
Kindly what will be best solution.sh etherchannel 99 sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
d - default port
w - waiting to be aggregated
Number of channel-groups in use: 38
Number of aggregators: 38
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
99 Po99(SU) - Gi2/2/1(P) Gi2/2/2(P) Gi2/2/3(D)
Gi2/2/4(P)
Last applied Hash Distribution Algorithm: Fixed
Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register. -
Config RADIUS on WLC 5508 - Problems comunication with NPS Server
Hi,
I'm facing some problems when configuring RADIUS auth with a NPS Windows Server.
My WLAN interface is in a different vlan than the management interface, is that a problem?
I want this wlan to be on a different vlan from the management. When i use wlan interface in the same vlan the RADIUS works without problems. But in different vlans is not working.
The NPS server as 2 NICs, 1 for the wireless vlan, and another for the management vlan.
the logs from the WLC shows this, but i have difficulties interpreting all this data:
*apfMsConnTask_0: Dec 29 12:49:14.636: Association request from the P2P Client Process P2P Ie and Upadte CB
*apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Adding mobile on LWAPP AP d4:d7:48:45:fb:20(0)
*apfMsConnTask_5: Dec 29 12:49:36.607: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Dec 29 12:49:36.608: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
*apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfMsAssoStateInc
*apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Idle to Associated
*apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_5: Dec 29 12:49:36.609: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
*dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
*dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
*dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
*dot1xMsgTask: Dec 29 12:49:36.611: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.684: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received EAPOL EAPPKT from mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Received Identity Response (count=2) from mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc EAP State update from Connecting to Authenticating for mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:36.761: 3c:c2:43:94:3e:bc Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.794: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 4)
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Reached Max EAP-Identity Request retries (3) for STA 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Sent Deauthenticate to mobile on BSSID d4:d7:48:45:fb:20 slot 0(caller 1x_auth_pae.c:3165)
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Scheduling deletion of Mobile Station: (callerId: 6) in 10 seconds
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Disconnected state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:54.795: 3c:c2:43:94:3e:bc Not sending EAP-Failure for STA 3c:c2:43:94:3e:bc
*apfMsConnTask_5: Dec 29 12:49:55.518: 3c:c2:43:94:3e:bc Association received from mobile on AP d4:d7:48:45:fb:20
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific Local Bridging override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying Local Bridging Interface Policy for station 3c:c2:43:94:3e:bc - vlan 900, interface id 16, interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Applying site-specific override for station 3c:c2:43:94:3e:bc - vapId 9, site 'XXX', interface 'wlan'
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Processing RSN IE type 48, length 20 for mobile 3c:c2:43:94:3e:bc
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Received RSN IE with 0 PMKIDs from mobile 3c:c2:43:94:3e:bc
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Setting active key cache index 8 ---> 8
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc unsetting PmkIdValidatedByAp
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) DHCP required on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8for this client
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Dec 29 12:49:55.519: 3c:c2:43:94:3e:bc 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP d4:d7:48:45:fb:20 vapId 9 apVapId 8 flex-acl-name:
*apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
*apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc Sending Assoc Response to station on BSSID d4:d7:48:45:fb:20 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_5: Dec 29 12:49:55.520: 3c:c2:43:94:3e:bc apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 3c:c2:43:94:3e:bc on AP d4:d7:48:45:fb:20 from Associated to Associated
*dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Station 3c:c2:43:94:3e:bc setting dot1x reauth timeout = 0
*dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Stopping reauth timeout for 3c:c2:43:94:3e:bc
*dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
*dot1xMsgTask: Dec 29 12:49:55.521: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 1)
*Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Received EAPOL START from mobile 3c:c2:43:94:3e:bc
*Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc dot1x - moving mobile 3c:c2:43:94:3e:bc into Connecting state
*Dot1x_NW_MsgTask_4: Dec 29 12:49:55.592: 3c:c2:43:94:3e:bc Sending EAP-Request/Identity to mobile 3c:c2:43:94:3e:bc (EAP Id 2)yes, I thought of that. But if i use a simple password authentication on the wireless, i can reach the server with the same subnet interface. But i don't want to allow this subnet to acess the management subnet of the wireless controller.
One question i have is: The WLC uses whitch subnet on radius? Uses the subnet of the wireless interface or uses always the management interface?
Could you help me understand how the radius auth works with this wireless controller? Did you see anything strange in the logs that I posted above? It seems to run ok until:
dot1x - moving mobile 3c:c2:43:94:3e:bc into Authenticating state
Entering Backend Auth Response state for mobile 3c:c2:43:94:3e:bc
Received EAPOL START from mobile 3c:c2:43:94:3e:bc
dot1x - moving mobile 3c:c2:43:94:3e:bc into Aborting state
I also note this: "Applying Local Bridging Interface Policy for station "
What does this means? -
WLC - Geting Problem with Web Portal
Hi,
When enable the SSID that associate with web portal for guest user, the WLC found difficult to process and the system halt.Unable to get into the management ip for the WLC.
However after disable that particular SSID, the system operates in well condition.
FYI, we are running under version 5.0. Controller model -Wism.
Please advice.I'm not sure if this is it or not, but it's in the release notes.
CSCsm98250-After you upgrade the controller to software release 5.0, web authentication stops working, and you can no longer access the controller through HTTP or a Telnet or SSH session -
WLC 5508: LAG with not stacked switches
Hello!
We are planning to implement the redundant physical connection from 5508 WLC to not stacked 3750 switches.
The sheme is attached.
Is there any way to implement such variant of the topology?When you don't have LAG enabled, you can choose a primary port and a backup port.
Do you mean to choose primary and backup for managment interface?
As it is mentioned in documentation about AP-managment: "You cannot map the AP-manager interface to a backup port"
http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_011.html#ID345 -
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
MikeHi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun -
WLC 5508 software version working with ISE1.1.2
Hi,
My understanding is that for fully WLC 5508 integration with ISE 1.1.2, it needs Version 7.2.103.0. Question is if customer has 5508 with either 7.0.230 or 7.0.98, and ISE 1.1.2, can AAA part work? what part will not work, any potential issue if they don't upgrade 5508 to 7.2.103?
Thanks in advance!
TinaPlease check the below Table:
Table 1 Supported Network Access Devices
Device
Minimum OS Version
MAB
802.1X
Web Auth
Session CoA
VLAN
DACL
SGA
IOS Sensor
CWA
LWA
Wireless LAN Controller (WLC) 2500, 5500
7.2.103.0
No6
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
Ref. Link: http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html#wp55038 -
WLC 5508 -7.4.100 mDNS Bonjour snooping
Hello
Have 7.4 installed and configured for Bonjour Snooping. All is working, but working too well. We have a large campus that house 2 schools and each school is complaining that they can see the other schools AppleTV devices.
I have played around with a few different scenarios to see if I can localize the bonjour traffic.
I guess I am looking to create a logical split for bonjour devices amoung the schools.
Apple came to the school and informed us that the IPAD has a limit of 64 devices that can be seen via the bonjour. At some point we will have over 100 AppleTV added.
so we have 3 wlc 5508's with 7.4.100
we have 2 SSIDs that span the whole campus
using AP groups to segment the floors in buildings
So the schools are logically split with AP groups
Here is what I have tried
I created few mDNS profiles and assigned the services for Apple TV - let's call them school1 and school2
I assign the mDNS profiles to the interfaces dedicated each school
enable snooping on the WLAN with profile of none
The end result is that devices from both schools can be seen.
I tried to create new ssid for apple TVs and a new ssid for 1 schools teachers
I followed the vlan select example
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
end result is that devices from both schools can be seen
I have tried the mDNS without multicast enabled just like the video shows to no avail - I assume maybe my AP groups might be more complicated then the example of just 2 vlans
https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2013/01/01/wireless-lan-controller-wlc-release-74--bonjour-gateway-configuration-example
I have tried combinations of things, but I must be missing something
In the webinar, Cisco said it will use filtering to restrict which clients can see which services (Apple TV's, etc). What will Cisco use to filter Bonjour requests?
according to this article
http://www.pcadvisor.co.uk/news/network-wifi/3376119/cisco-answers-user-questions-about-upcoming-apple-bonjour-gateway/#ixzz2SIDqFH49
The filtering options are: · Per WLAN/SSID · Per VLAN or AP Group · Per Interface Group (which is a group of VLANs pooled together).
A Bonjour service policy can be created and applied on any one of the above criteria. In the future, we will support per-user Bonjour service policies which will come as a RADIUS attribute from the AAA server.
Read more: http://www.pcadvisor.co.uk/news/network-wifi/3376119/cisco-answers-user-questions-about-upcoming-apple-bonjour-gateway/#ixzz2SZqMYpdh
Cheers
Any insight would be appreciatedHere are the ACLs for the controller
acl create BlockBonjour
acl apply BlockBonjour
acl counter start
acl rule add BlockBonjour 1
acl rule add BlockBonjour 2
acl rule action BlockBonjour 1 deny
acl rule action BlockBonjour 2 permit
acl rule destination address BlockBonjour 1 224.0.0.251 255.255.255.255
acl rule destination address BlockBonjour 2 0.0.0.0 0.0.0.0
acl rule destination port range BlockBonjour 1 0 65535
acl rule destination port range BlockBonjour 2 0 65535
acl rule source address BlockBonjour 1 0.0.0.0 0.0.0.0
acl rule source address BlockBonjour 2 0.0.0.0 0.0.0.0
acl rule source port range BlockBonjour 1 0 65535
acl rule source port range BlockBonjour 2 0 65535
acl rule direction BlockBonjour 1 In
acl rule direction BlockBonjour 2 Any
acl rule dscp BlockBonjour 1 Any
acl rule dscp BlockBonjour 2 Any
acl rule protocol BlockBonjour 1 Any
acl rule protocol BlockBonjour 2 Any
acl apply BlockBonjour ipv6 acl create BlockAllIPv6
ipv6 acl apply BlockAllIPv6
ipv6 acl rule add BlockAllIPv6 1
ipv6 acl rule action BlockAllIPv6 1 deny
ipv6 acl rule destination address BlockAllIPv6 1 :: 0
ipv6 acl rule destination port range BlockAllIPv6 1 0 65535
ipv6 acl rule source address BlockAllIPv6 1 :: 0
ipv6 acl rule source port range BlockAllIPv6 1 0 65535
ipv6 acl rule direction BlockAllIPv6 1 Any
ipv6 acl rule dscp BlockAllIPv6 1 Any
ipv6 acl rule protocol BlockAllIPv6 1 Any
ipv6 acl apply BlockAllIPv6
Apply to wlan: The wlan index is used in this case, the first wlan created on controller
wlan acl 1 BlockBonjour
wlan ipv6 acl 1 BlockAllIPv6 -
One WLC 5508, Multiple Sites/Networks
So I'm trying to think this design out in my head. Here is what I have:
Corp Office with a WLC 5508 configured with a management port and a guest WLAN port for guest wireless etc to the corp Layer 3 switch in a wireless VLAN, using 802.1q trunk of course. The WLC is configured to be a DHCP server for the Guest WLAN.
(Side note: the sites are connected using WAN routers at each location configured with bundled T3's and all routes are setup and each network successfully traverses to the other)
First phase will be to install 30 APs. 5 at the corporate office and 25 and two other sites. I'm using a class A network but have subnetted the networks so to speak to make each site have multiple VLANs using class C networks. I want to be able to implement the WLC 5508 at the corporate office and manage the APs centrally at all locations. The APs are already configured for lightweight mode and I have successfully configured 5 of them and connected.
My question is if I install the other 25 APs at the other 2 offsite locations and connect them to the network, will it automatically contact the WLC and get a DHCP address from the Corporate WLAN DHCP even though it is at another site? Am I overlooking a step or configuration method for this type of implementation?
Thanks for all contributions!Ok so I have configured my environment as suggested. I can see the new IP Address lease to the AP at my remote site on
the DHCP Server (Windows Server DHCP at the remote site). I can ping that IP from the Central office to the remote site however the WIreless Controller is not associating the AP at all. Although I can ping the AP from the WLC. I checked the logs and I dont see any association attempt from that IP or MACt. So here is what I have:
Central Site-
WLC 5508 With Internal DHCP for local APs
APs associating successfully
Remote Site
Windows DHCP with Option 43 Configured per Cisco AP Option 43 Whitepaper
AP 1142-Light-Weight attached to switchport (Wireless Vlan configured) and reachable via ping through all of network.
AP obtained IP from Windows DHCP from Wireless Scope I configured successfully.
So it doesn't seem the CAPWAP tunnel was built successfully. I do have an ASA 5520 in the environment but all traffic to remote sites is wide open as I do not block any ports so CAPWAP traffic should flow well.
Mission a step?
Dee -
WLC 5508 webauth_bundle
Hi
I'm trying to upload webauth_bundle-1.0.2.zip file on WLC 5508 controller with software version 7.0.220.0 via tftp server.
First the controller says that "Unknown bundle type. Valid bundle is a tar file." so I unzip file and create a tar file and now WLC says
"Error: Webauth Bundle file transfer failed - File is too big".
Could someone help me
thanksAntonello,
What you need to do is extract the webauth_bundle-1.0.2.zip file. This zip files has all the different types of webauth or pasthrough examples and login.tar files. Take a look at the readme.html file inside of the zip and that will explain the different bundles. When you decide on one, you can upload the login.tar file.
These examples allowyou to customize them. Hope this helps. -
Hello Forum Team!
Wich is the best way to filter out unwanted ap's to join a specific WLC? For example, I have a WLC 5508 cluster with four ap's already joined and registered but other surrounding ap's from other WLC clusters are starting to register with this new cluster. Which is the best way to prevent these ap's to register with this new WLC cluster? MAC address filter list or ap authorization list?
Thanks in advanced for your great support!Hi Nephtali,
1. You can use the Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network. By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC.
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html#backinfo
2. AP priming and Rouge Rules.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1180349
Regards
Dont forget to rate helpful posts -
WLC 5508 7.0.98.0 problem with locpRxServerTask missed software watchdog
Hi
today my wlc 5508 crash. after trying to get access via sp. i doesnt reponds. so i rebooted. in the sh tech i saw this message which i gues indicates the RC of the failure. ANY IDEAS...
* Start Cisco Crash Handler Serv *
Sys Name: usa-5354-wlc-02
Model: AIR-CT5508-K9
Version: 7.0.98.0
Timestamp: Thu Jan 5 05:43:13 2012
SystemUpTime: 254 days 4 hrs 46 mins 24 secs
pid: 1225
TID: 944042816
Task Name: locpRxServerTask
Reason: Reaper Reset
timer tcb: 0x2572
timer cb: 0x10354e28 ('rrmTimerInit+600')
timer arg1: 0x19b11010
timer arg2: 0x0
Long time taken timer call back inforamtion:
--More-- or (q)uit
Time Stamp: Thu Sep 22 15:56:24 2011
timer cb: 0x100d6f48 ('apfRldpScheduleSet+656')
Duration : 103753 usecs, cbCount= 15
Analysis of Failure:
Software was stopped by the reaper for the following reason:
Reaper Reset: Task "locpRxServerTask" missed software watchdogMay be here is the bug that u r hitting..
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti21343
Upgrade the image to the latest that we have (7.0.220)
Please dont forget to rate the useful posts!!
Regards
Surendra
Maybe you are looking for
-
Hello, I am very new to Java and am stuck on 1 final part of a piece of work I am completing. I have written a MIDlet game (similiar to noughts and crosses) where each player takes it in turn to click a button until one of the players has reached the
-
GL Line item not show reverse document
Hi Guru ! I have problem about GL account that assign account management to be line item so when post entry and reverse entry by use this GL account ,when I see report on t.code FBL3N-GL line item ,they did not show indicator of reverse entry so it
-
XControl Facade VI/Panel Reference
For unspecified reasons, I want to be able to resolve which control has been clicked on from a pane mouse down event. Our application is somewhat large and makes extensive use of sub-panels, so registering every control individually, statically or d
-
Periodic Dips in Performance for Oracle ESB
Hi, We have recently been load-testing Oracle ESB, and used the following two flavors for our tests: SOA Suite with Oracle Lite as the backend DB SOA Suite with Oracle 10g as the backend DB We have noticed that there are periodic dips in the performa
-
Use of revision number to segregate shutdown maintenance
Hi, Please guide me the functionality of revision number with transaction code..like while creating order how can we assign revision number to maintenance order, as we are not using different order type for shutdown. Thanks DM