WLC - Failover (clients)

AP is registered to primary WLC. Will clients stay connected to WLAN when the AP failover to secondary WLC.
WLAN1 -> WPA2 (TKIP) + PSK.
WLAN2 -> WAP2(TKIP) + 802.1x
Please advise.

Unfortunately, clients are disconnected from an AP when associating to a new controller.

Similar Messages

  • Controller Failover - Clients and Interfaces

    We have 2 x 4404 controllers.
    It is layer 3 LWAPP. They are in different buildings on different subnets.
    They have different AP Manager and Management Interfaces.
    They are in the same mobility gourp.
    We have some AP's connecting to one controller and others to the second one. AP Failback works fine.
    We are using AP Group VLAN's and this seems fine too.
    All is working well.
    Now - if one controller fails, the AP's failover to the other controller.
    No what happens the clients?
    They have IP addresses on a VLAN. This VLAN is available on the other Core switch.
    Does this VLAN need to be available on the Wireless Controller also?
    What needs to be done to keep the all important clients alive in this instance??
    Appreciate any feedback.

    Hi There
    We have the same setup at one of our clients and you do definitely need all the WLAN VLANS to be present on both controllers (only different IP Addresses for each VLAN) for the failover and L3 roaming for that matter to work properly. Using remember that in the Mobility Group each WLC needs to be added to the other's Mobility Group for it to function correctly.
    If all this is done correctly then it should be fine.
    HTH
    Steven
    Please rate helpful posts.

  • WLC failover solution

    Hi,
    My client is having two Cisco WLC 5508. One is at location A & another at location B They want to configure failover between these two WLC’s i.e. in case of location A WLC failure, the AP’s should get register to location B WLC which is currently happening but the clients will get the IP Address from location DHCP pool. Their requirement is that if in the event of failover, then clients should get the IP Address from the local DHCP server pool & not from the location B DHCP pool & visa-versa.
    As far as design prospective, in location A they are having 5 WLAN’s; one for each floor. We have configured 5 AP groups for the same. Where as in location B they are having single WLAN serving all the clients.
    My query is -  if we configure Flexconnect for all the AP’s in location A as well as for location B even when they are connected to local WLC, is that a recommended design suggestion from Cisco?
    Secondly, if in case of configuring Flexconnect, do I need to create the 5 WLAN’s & 5 AP groups for Bangalore AP’s in location B controller?

    I use Flexconnect, and for that to work you'll have to have the same AP Groups and WLANS configured on both controllers so when the AP fails over the correct WLANS show up.  Otherwise i believe the AP will get the default AP Group.

  • Can't ping, telnet, SSH or find APs in ARP, but associated to WLC & has clients

    Hi All,
    I have an interesting problem. I have a Cisco 2504 WLC, and six Access Points that are associated to it.  I can reach 4 of the access points, which are connected to Cisco 300 POE switches, but the other 2 I cannot ping, telnet, SSH or find in the ARP table on the network.  However, they are both associated to the WLC and as far as I can tell, they have clients associated to them.  If I reboot them from the WLC, they find their way back to the correct WLC, and the WLC sees them in CDP, but I still can't access them in any way.
    The two problem APs appear to be connected to ports 3 & 4 on the WLC, which are the POE ports. I read some documentation that says that those ports don't support Access Points but basically that you can still connect them and have it work, but don't expect any help from Cisco if you run into problems.  I've confirmed that POE is being supplied in the port configs, and I have other sites with WLC's that are configured identically with APs on ports 3 & 4 that are up and not having any issues.
    Wondering if anyone has had similar issues and if so, can you shed any light on this strange behavior?
    Thanks.

    please
    https://supportforums.cisco.com/discussion/11288621/2500-wlc-attach-ap

  • Can I use ASA to be a DHCP Server use in WLC wireless Client

    I want to use ASA to be a DHCP Server for Wireless Client not it can't.
    I check the debug log in WLC, I confirm the WLC have send the request to ASA.
    In the ASA, it don't have any hits in the rule when the WLC send the DHCP relay request.
    I have try don't use dhcp relay in WLC but don't success. Anybody have the same case with me? And Is the ASA can't support DHCP relay agent to request to get the IP Addr.
    P.S. In the Network Design limitation so I can't use WLC to be DHCP Server.
    Equipment:
    ASA5510
    WLC4402
    How can I fix it.
    Thank you very much

    The issue is that the ASA doesn't accept DHCP requests from a relay agent, only broadcast DHCP requests. In the 4.2 version for the controllers there is now an option so you can change the way the controller forwards DHCP requests so that it is sent as a broadcast and not from a relay agent.

  • Device issue with WLC (excluded client)

    I have a single client that is having issues staying connected to my WLC running code 7.0.220.0
    Here are the debugs, it just keeps on looping:
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Adding mobile on LWAPP AP 10:8c:cf:78:93:80(0)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfMsAssoStateInc
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Idle to Associated
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:07.362: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:07.362: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:08.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:08.361: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:09.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:09.362: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 0
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.955: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:13.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:13.965: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:14.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:14.962: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:15.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:15.965: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 1
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:20.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:20.561: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:21.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:21.561: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:22.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:22.562: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 2
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *apfMsConnTask_0: Jul 18 10:41:26.116: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:27.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:27.162: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:28.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:28.162: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:29.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 3
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Blacklisting (if enabled) mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a apfBlacklistMobileStationEntry2 (apf_ms.c:4294) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Exclusion-list (1)
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 44) in 10 seconds
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 START (0) Reached FAILURE: from line 4025
    *dot1xMsgTask: Jul 18 10:41:29.164: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState:      START
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 8
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:39.165: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 46) in 60 seconds
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a apfMsExpireMobileStation (apf_ms.c:5131) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Exclusion-list (1) to Exclusion-list (2)
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [10:8c:cf:78:93:80]
    *apfMsConnTask_0: Jul 18 10:41:51.799: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:52.313: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:53.316: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:54.320: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:55.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:56.326: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.292: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.339: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:00.342: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:01.346: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:02.349: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:03.352: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Received Idle-Timeout from AP 10:8c:cf:78:93:80, slot 0 for STA 00:40:96:b8:78:7a
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Ignoring delete request from AP due to mobile in exclusion list or marked for deletion already
    *apfMsConnTask_0: Jul 18 10:42:08.127: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:08.370: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:09.373: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:10.377: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:11.380: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:12.383: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:27.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:28.438: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:29.441: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:30.445: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:31.448: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.045: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.467: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:37.470: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:38.474: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *osapiBsnTimer: Jul 18 10:42:39.169: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a apfMsAssoStateDec
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a Deleting mobile on AP 10:8c:cf:78:93:80(0)
    Can anyone tell me why this is happening?
    Thank You

    Auth succeeded from AAA server side but there is a problem with 4-way handshake. It is obvious the problem is with the client because it does not reply the message 2 of the handshake.
    What is this client?
    Try upgrading the driver or the firmware. That sort it out.
    Sent from Cisco Technical Support iPad App

  • Understanding Flexconnect - Local vs Central Switching, and WLC failover scenario ??

    Hello Experts
    We have one WLC 5508 in Building1, few 2700 Series AP in Building1, and one 1252AG in Building2. The LAN subnet is same for both Buildings connected via a dark fiber.
    My requirement is to have Central Switching in Building1 since WLC is located locally, and Local Switching in Building2 to avoid inter-building traffic, for both Buildings we already one VLAN/IP Subnet. (Both Buildings access resources from a central Datacenter which hosts all the servers.)
    Questions:
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Thanks.

    Hi
    The LAN subnet is same for both Buildings connected via a dark fiber.
    If this is the case there is no need of FlexConnet, as you have enough bandwidth & same L2 extended in those two buildings. Typically FlexConnect is for branch deployment where WAN link bandwidth is a concern.
    Anyway if you want to do this & here is the answer for your specific queries.
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    You can have both local switching & central switching available for a given SSID. Only FlexConnect mode AP will do Local switching & all Local mode AP will do central switching, though both using the same SSID.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    No, if it is central switching SSID, when WLC is not available client won't able to join this SSID. It is not fall back to Local switching.
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    This is applicable only to FlexConnect mode APs & it always do local switching if that configured. If WLC is not reachable AP will go on "standalone mode" & still do local switching.
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Yes, when this option configured & WLC is not reachable (but RADIUS is reachable) then AP will act as Authenticator & pass radius messages to Auth Server directly.
    This is a very good Ciscolive presentation you should see as it describe lots of these features & which WLC codes they introduced.
    BRKEWN-2016 - Architecting Network for Branch Offices with Cisco Unified Wireless
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • N+1 5508 WLC failover test

    Good day all,
    I have a question about the N+1 5508 failover test:
    Should I shutdown one of the primary WLC to test failover?
    I just setup the N+1 bakcup WLC (5508). B
    Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
    We have two production WLCs both 5508 and one 4405.
    We just purchased another HA-SKU WLC 5508.
    All our four WLCs had been setup into one mobility group in version 7.4.100.6.
    Their neighbors are all up.
    But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
    Here are the log screen:
    ================ From test Access Point============
    *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
    *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
    *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
    *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
    *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
    *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
    *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
    *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
    *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
    *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
    -test-ap1#sh int bvI 1
    BVI1 is up, line protocol is up
      Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
      Internet address is 10.255.1.3/24
    ===================From backup N+1 WLC===
    *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    ==================== From one of our Primary WLC=====================
    (WLC-5500) >show advanced backup-controller
    AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
    AP secondary Backup Controller ..................  0.0.0.0
    (WLC-5500) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Primary
             Unit ID = 54:75:D0:DE:DE:40
    Redundancy State = N/A
        Mobility MAC = 54:75:D0:DE:DE:40
    Redundancy Management IP Address................. 0.0.0.0
    Peer Redundancy Management IP Address............ 0.0.0.0  
    Redundancy Port IP Address....................... 0.0.0.0
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (WLC-5500) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            250               203               47
    ==============From the Backup N+1 WLC in DR =====================
    (Cisco Controller) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Secondary - HA SKU
             Unit ID = 6C:41:6A:5F:4C:80
    Redundancy State = N/A
        Mobility MAC = 6C:41:6A:5F:4C:80
    Redundancy Management IP Address................. 10.254.240.3
    Peer Redundancy Management IP Address............ 0.0.0.0
    Redundancy Port IP Address....................... 169.254.240.3
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (Cisco Controller) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            500               0                 500

    Current AP High Availability Configuration:
    2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
    DC-WiFi-SVC1-LAB(config)#inter
    DC-WiFi-SVC1-LAB(config)#interface por
    DC-WiFi-SVC1-LAB(config)#interface port-
    DC-WiFi-SVC1-LAB(config)#interface port-channel 3
    DC-WiFi-SVC1-LAB(config-if)#shut
    DC-WiFi-SVC1-LAB(config-if)#
    Log in the AP after shutdown:
    Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 3)
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 7)
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 8)
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
    *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
    *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
    *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
    *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    APe4d3.f11e.a8e1#         
    3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    CONCLUSION:
    I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

  • Virtual WLC, dropping clients.

    Hello.
    I have some clients who are getting dropped på an AP. I have used the debug client command, can anyone tell what to change on the WLC to make the erros stop.
    The vWLC is running the newest version, and AP's are 1602i.
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e suppRates  statusCode is 0 and gotSuppRatesElement is 1
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Processing WPA IE type 221, length 22 for mobile 68:b5:99:45:44:8e
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) DHCP required on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5for this client
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5 flex-acl-name:
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfMsAssoStateInc
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Idle to Associated
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfPemAddUser2:session timeout forstation 68:b5:99:45:44:8e - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is  0
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Stopping deletion of Mobile Station: (callerId: 48)
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Sending Assoc Response to station on BSSID 68:86:a7:ca:bd:44 (status 0) ApVapId 5 Slot 0
    *apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Associated to Associated
    *apfMsConnTask_6: Oct 07 16:01:16.961: 68:b5:99:45:44:8e Updating AID for REAP AP Client 68:86:a7:ca:bd:40 - AID ===> 3
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Creating a PKC PMKID Cache entry for station 68:b5:99:45:44:8e (RSN 0)
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Setting active key cache index 8 ---> 8
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Setting active key cache index 8 ---> 0
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Initiating WPA PSK to mobile 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e dot1x - moving mobile 68:b5:99:45:44:8e into Force Auth state
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
    *dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Received EAPOL-key in PTK_START state (message 2) from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                        state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e apfMs1xStateInc
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5for this client
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Not Using WMM Compliance code qosCap 00
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5 flex-acl-name:
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
      type = Airespace AP - Learn IP address
      on AP 68:86:a7:ca:bd:40, slot 0, interface = 1, QOS = 0
      IPv4 ACL ID = 255, IPv
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206  Local Bridging Vlan = 1, Local Bridging intf id = 6
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e Key exchange done, data packets from mobile 68:b5:99:45:44:8e should be forwarded shortly
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                        state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
    *apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    *apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule
    *apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
      type = Airespace AP - Learn IP address
      on AP 68:86:a7:ca:bd:40, slot 0, interface = 1, QOS = 0
      IPv4 ACL ID = 255,
    *apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206  Local Bridging Vlan = 1, Local Bridging intf id = 6
    *apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
    *pemReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
    *pemReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
    *spamApTask1: Oct 07 16:01:16.990: 68:b5:99:45:44:8e Sent EAPOL-Key M5 for mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
    *DHCP Socket Task: Oct 07 16:01:28.373: 68:b5:99:45:44:8e DHCP received op BOOTREPLY (2) (len 333,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Oct 07 16:01:28.373: 68:b5:99:45:44:8e DHCP setting server from OFFER (server 10.21.1.254, yiaddr 10.21.1.96)
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP received op BOOTREPLY (2) (len 333,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e apfMsRunStateInc
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e 10.21.1.96 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e Assigning Address 10.21.1.96 to mobile
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP success event for client. Clearing dhcp failure count for interface data.
    *DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP success event for client. Clearing dhcp failure count for interface data.
    *pemReceiveTask: Oct 07 16:01:28.376: 68:b5:99:45:44:8e 10.21.1.96 Removed NPU entry.
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-key to initiate new key exchange from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Initializing EAPOL-Key Request replay counter to 00 00 00 00 00 00 00 a0 for client 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                        state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.03
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-key MIC err message from  mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-key to initiate new key exchange from mobile 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                        state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.03
    *Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-key MIC err message from  mobile 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Failure sending WPA EAPOL-Key due to invalid state 2 to mobile 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Unable to send WPA key to mobile 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Unable to update broadcast key to mobile 68:B5:99:45:44:8E
    *osapiBsnTimer: Oct 07 16:01:35.201: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
    *dot1xMsgTask: Oct 07 16:01:35.201: 68:b5:99:45:44:8e Retransmit 1 of EAPOL-Key M1 (length 99) for mobile 68:b5:99:45:44:8e
    *osapiBsnTimer: Oct 07 16:01:36.221: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
    *dot1xMsgTask: Oct 07 16:01:36.221: 68:b5:99:45:44:8e Retransmit 2 of EAPOL-Key M1 (length 99) for mobile 68:b5:99:45:44:8e
    *osapiBsnTimer: Oct 07 16:01:37.241: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
    *dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Retransmit failure for EAPOL-Key M1 to mobile 68:b5:99:45:44:8e, retransmit count 3, mscb deauth count 0
    *dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Resetting MSCB PMK Cache Entry 0 for station 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Setting active key cache index 0 ---> 8
    *dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Sent Deauthenticate to mobile on BSSID 68:86:a7:ca:bd:40 slot 0(caller 1x_ptsm.c:546)
    *dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    (Cisco Controller) >*osapiBsnTimer: Oct 07 16:01:47.442: 68:b5:99:45:44:8e apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
    *apfReceiveTask: Oct 07 16:01:47.442: 68:b5:99:45:44:8e apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Associated to Disassociated

    Hello!
    Thanks for all you help. It worked for me setting the SSID to WPA2-AES.
    I also got a nice answer from Cisco TAC:
    I went through the data you kindly provided and can see that the printer has connected to wireless, the debugs you attached to the case shows that the AP is in RUN state:
    *DHCP Socket Task: Oct 07 15:16:05.090: 68:b5:99:45:44:8e 10.21.1.96 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
    But, after a short while, the printer started replying with invalid EAPOL messages, the debug you attached to the case showing the following g message:
    *Dot1x_NW_MsgTask_6: Oct 07 15:16:12.993: 68:b5:99:45:44:8e Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 68:b5:99:45:44:8e
    Looking to the msglog on controller, we can see the following message:
    *spamApTask1: Oct 07 19:02:37.430: #LOG-3-Q_IND: 1x_eapkey.c:618 TKIP MIC errors reported in EAPOL key msg from client 68:b5:99:45:44:8e
    *Dot1x_NW_MsgTask_6: Oct 07 19:02:37.415: #DOT1X-3-WPA_KEY_MIC_ERR: 1x_eapkey.c:618 TKIP MIC errors reported in EAPOL key msg from client 68:b5:99:45:44:8e
    *dot1xMsgTask: Oct 07 19:01:18.360: #DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1404 Unable to send EAPOL-key msg  - invalid WPA state (2) - client 68:b5:99:45:44:8e
    *spamApTask1: Oct 07 19:01:17.439: #LWAPP-3-MIC_COUNTER: spam_lrad.c:33547 The system has received MIC countermeasure, WLAN 5, slot 0 AP Lunderskov-Salg client 68:b5:99:45:44:8e
    Looks like the printer is replying with invalid EAPOL message since it’s not compatible with TKIP encryption method, I can see on TTW-Printer SSID that WPA/TKIP is enabled on this SSID.
    The Action Plan:
    I would suggest to change the encryption method to WPA2/AES instead of WPA/TKIP, then test again, if you still have the same issue, please provide the new ‘debug client ’ output.
    Let me know if you have any questions or comments,

  • WLC 5508 - Clients disconnecting

    I am running WLC 5508 7.2.111.3 with some 2602i AP.
    Last week one user reported his new macbook pro 2013 was encountering connectivity issues.His older macbook pro 2009 was working perfectly.
    The user is sitting in the middle of 2nd floor having equal distance from second's floor access points.
    The problem is that his Macbook pro 2013 was persistently trying to associate with 3rd's floor Access Points. Whatever i tried to do (deauthenticate user,rebooting 2nd & 3rd floor APs) the connection was persistent to 3rd floor Access Point. Even when i tried to install an Access Point in the user's office his Macbook Pro 2013 refused (!!!) to leave 3rd's floor Access Points.However his Macbook pro 2009 was always connected to the nearest Access Point (either to 2nd floor Access Points or to the newly installed access point in his office).
    This week i had two visitors in 4th floor reporting that their Laptops (Sony Vaio) were doing very slow with the wireless.
    When i tried to troubleshoot i found in the controller that their laptops were associating with 4th floor Access Points and after a minute they were disconnected and trying to associate to Ground Floor (!) Access Points. Of course they couldn't establish a connection and then associated again with 4th floor access points and after a while disconnected and trying to associate to Ground Floor Access Points
    I tried to debug client with Sony Vaio and saw in the controller the following message
    *apfMsConnTask_7: Mar 24 10:42:15.473: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:5481 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:*********, Category:7.
    I also see a lot of these messages for other clients.
    *apfMsConnTask_3: Mar 19 12:03:54.243: %APF-4-ASSOCREQ_PROC_FAILED: apf_80211.c:5275 Failed to process an association request from c8:6f:1d:24:0e:7d. WLAN:5, SSID:************. mobile in database timed out.
    Am i hitting any bug similar or equal to CSCue53980?

    have you tried with open authentication ( no security ) ? Check if client is able to associate then

  • Repeated wlc 5508 client web authentication

    I'm trying to troubleshoot a situation where many of our guest wireless users are repeatedly being prompted to reauthenticate via the web interface.  the session timeout is set to 4 hours, however, many times a client is presented with a web authentication screen right in the middle of browsing at random times.
    I do have several system log entries, but cannot find the specific entries in the Error code reference for the WLC.  For example, I don't find anything on %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:4022 Guest user session validation failed for guest1. Index provided is out of range..
    I'm running a WLC 5508 with 7.0.98.0 and have read through all of the release notes, error code references, etc., and don't see anything regarding this issue.
    The WCS screenshot shows a good example of how often this occurs!  Is the client actually re-associating with the AP (which in turn would require a web reauth)?  Not sure if I'm barking up the wrong tree - focusing on web auth when I may actually need to be focusing on AP association...
    I do have a TAC case opened up, but was wondering if anyone has experienced this before?
    Sorry for the rambling...

    Rene,
    I did several things and at least one of them seemed to resolve the issue:
    These notes are directly from my TAC case and I will try to provide a little more information [in brackets].
    1.       Upgrade WLC to 7.0.98.218 [self explanatory]
    2.       Upgrade WCS to 7.0.172.0 [current version, as of this note]
    3.       Increase DHCP scope time on ASA from default (30 minutes) to 4
    days [DHCP running external from the WLC]
    4.       Remove TKIP from the WLAN - only allow AES [had both configured but tech advised to only use AES]
    5.       Increased session timeout from 14400 seconds to 64800 seconds
    (4 hours to 18 hours) [don't think this helped resolve the issue, but it certainly was more convenient for our longer-term guests]
    I think that the TKIP and/or DHCP setting was integral as part of the resolution.  I upgraded the WLC because the version that I was running didn't have the web-auth debug option, so I'm not sure that that actually contributed to the resolution.
    Good Luck,
    Rob.

  • DHCP and WLC 4402 clients

    Hi
    Our scenario is that we are building a test rig-up prior to WLC deployment. We have a 4402 WLC with LAP1242s, Windows clients. The WLC is running v4.2.99 firmware.
    Our problem is that the wireless clients are not collecting DHCP addresses.
    The configuration is:
    Base network address is 172.31.4.0 / 255.255.252.0.
    WLC on 172.31.7.220 / .221.
    DHCP server on 172.31.4.12
    G/W on 172.31.4.1.
    We are simulating the gateway with an ADSL router (not connected so no external traffic but at the moment that is the least of our troubles), and the DHCP server with a Cisco 805 router with only the Ethernet interface in use (the 805 permits us to configure a different D/G to the DHCP server).
    We have a catalyst 2950 switch in the circuit which has no VLANs nor access-lists configured.
    The wireless clients can associate to the LWAPs but do not collect an IP address.
    Wired clients can collect DHCP addresses and ping the DHCP, GW and controller.
    Can anyone help me understand what is going on here please and how to get the DHCP working?
    We did use this configuration - exactly these boxes in fact - to configure a different WLC last week (different subnets though) and we were successful - but not now.
    Thanks in advance

    I see.
    We are not using option 43 at all. The DHCP server is unchanged - the APs are using network broadcast to find the controller. As I posted above, the APs are contacting the controller without a problem, the clients are associating with the APs without a problem, only the clients weren't getting an IP adress.
    The problem appeared to go away totally after I re-configured it with v4.1.185. It's in and working now so I won't be spending any more time on it.
    While it would be interesting to try things out, these controllers are too expensive to have one lying around for long ;-)

  • WLC Failover configuration

    Hello,
    I want to deploy two wlc 5508 running Software Version                 7.0.116.0 in failover mode.
    I read the documentation and I read that the two wlc must have the same configuration.
    I want to be sure that I've well understood.
    For all the interfaces, each appliance must have a different IP. I mean if WLC1 have the interface "ap-manager" "management" and "dynamic interfaces" in .1, I suppose that WLC2 should have the same interfaces with .2 IP.
    Am I right?
    By advance thanks

    The 5508 does not have an ap-manager unless you specifiacally create one.  I would not create one and use the default management interface. 
    Yes the WLC's should have the exact same config, except for the interfaces ip address and of course the hostename.
    Hostname: WLC1
    Management IP: 10.200.100.5
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.5
    Dynamic Interface 2: 10.200.110.5
    Hostname: WLC2
    Management IP: 10.200.100.6
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.6
    Dynamic Interface 2: 10.200.110.6

  • WLC Failover again..

    Hello,
    I?m still involved in the deployment of 55 APs with 3 4402 WLCs in different cities, and I?m still having troubles with failover configuration. I configured APs with static IP, and then configured primary, secondary and tertiary WLC address providing full-qualified names. These names are stored in the master and secondary DNS server, and are resolved flawlessy. Ports in firewalls are opened, so I made several tests, all of them without success.
    Then, I got one of the AP and entered in debug mode (with serial cable) and found the issue: DNS queries were sent to broadcast IP (255.255.255.255), not unicast to master DNS.
    So that?s my question: Is there any way to set DNS resolution in LWAPP APs working with static IP? If I set them to DHCP, with properly DNS address, I can resolve primary, secondary and tertiary WLC to each AP, but in my deployment I?d prefer to use static addressing.
    Thank you in advance,
    Ignacio Siles

    You said you configured the static IP for the APs, but did you configure the dns server for the APs? I have never used static ip, not sure where you can configure dns server for it.
    Also AP use the configured primary, secondary and tertiary controllers information to select which controller to join after received the controllers responses to AP lwapp discovery, not use them to discover controllers. Before AP learns the candidate controllers from dhcp or dns resolution, those primary, secondary and tertiary controller settings are no use to AP.
    Now it looks like the AP does not know where is the dns server. Not sure if you configured that correctly.
    The last thing, you should set the controllers system name in the primary, secondary and tertiery controllers fields, not the FQDN. If your controllers' FQDN is the same as their system names. It is ok.

  • RLDP enabled on WLC causes client drops?

    The release notes for WLC code 4.0.206.0 states, "Enabling RLDP may cause access points connected to the controller to lose connectivity with their
    clients for up to 30 seconds." Does anyone have more information about this? I don't like the word "may" in there. I need to enable RLDP but I can't afford to have clients dropping. Is this something that will work differently in a new release?

    There's no may about it. If clients are on an AP that decides to go rogue-hunting they will be told to "get out of the pool" (de-authenticated) to facilitate their going elsewhere. The same applies to DCA - Dynamic Channel Allocation - part of Auto-RF. If you don't have AP density, clients that use fast roaming, or tolerant apps, you would be best served to turn these features off (or On-Damand).

Maybe you are looking for

  • ''Safari quit unexpectedly while using the FlashPlayer-10.6 plugin''

    I downloaded the last version of adobe flash player and now ever since I did it, safari crashes everytime I try to watch a video or play a game on facebook. I tried to uninstall Adobe Flash Player and tried to install it again, and the problem is sti

  • Same BS for sender and receiver comms

    Hey pals, can we use same BS for sender and reciever communication channels?!! -Esha

  • Trashing Acrobat Reader 5.0

    Hi, I recently downloaded Adobe Reader 7.0.5. In my Applications window, can I simply drag the old Acrobat Reader 5.0 icon to the trash? Also, in my applications window there are now three icons for Adobe Reader, one called Adobe Reader 7.0.5_; one c

  • Just purchased a font from Adobe, the font shows in every program except Photoshop CS4

    I just purchased the Frutiger family of fonts from Adobe, and installed them via the Control Panel>Fonts>Install New Font.  This new font family shows up in every Windows program including Outlook and all the Office programs.  However, it doesn't sho

  • Middle mouse button opens multiple tabs

    My middle mouse buttone will open from 1 to 4 tabs, all copies of the the same page on a single click. It doesn't matter if i do a slow (10 sec) click or a fast click. but on long clicks (if its going to malfunction) it will continue to open tabs as