Cisco Wireless :: 5508 Max EAPOL-key M5 Retransmissions Exceeded For Client

Feb 21, 2012

I have had several complaints from around the firm where by mobile devices are being bumped off the PSK secured network (All other SSID networks are operating A-OK). Both Android and iPhone devices are being affected, the device will just loop until it reconnects, sometimes up to 20 minutes of trying to establish a connection. It will eventually connect so the key is not the issue.I've attached a debug of a device which fails to connect and then shortly after is successful.
 
Controller 5508 v7.0.116.0
AP 3502i IOS 12.4(23c)JA2

View 4 Replies


ADVERTISEMENT

Cisco :: 1131AG - Max Retransmissions And Interference Threshold?

Apr 30, 2013

We're getting complaints about a specific 1131AG in the field only being intermittently accessible. WCS shows both the a and b/g interfaces randomly bouncing, sometimes the reason for the bounce is unknown other times it says it's because it lost connection to the controller. I can ssh into the WCS but the engineer who setup the AP's doesn't seem to have enabled remote access via telnet or ssh.

We are also seeing these events:

802.11a interface of AP * is down: Controller 172.17.0.10 Reason: Max retransmissions for the AP have reached.Interference threshold violation reported by '802.11b/g' interface of AP *, connected to Controller '172.17.0.10'.I know I can adjust the threshold percentage, but that would only seem to mask the issue.WCS gives this version info on the AP:

Versions
  <DIV style="DISPLAY: block" id=versions mcestyle="display: block;">
Software Version
6.0.202.0
Boot Version
12.3.8.0

[code]....

View 14 Replies View Related

Cisco Wireless :: 5508 - Client Not Receiving The IP?

Apr 12, 2011

I have two number of WLC model 5508 running IOS version 7.0.98.0. And One WLC in DMZ with the same model and IOS version. AP model is 1141. The Two WLCs are integrated with ACS. I have a SSID named EMployee. The DHCP for the users are configured in a seperate DHCP server and i have mapped this DHCP server IP to the interaface Employee.And this interface is mapped to the SSID as well..  But my client is not receiving the DHCP IP. Attached are the debug logs from the client.

View 9 Replies View Related

Cisco AAA/Identity/Nac :: 3750 Replies To EAPoL On One Port But Not Another

Feb 24, 2013

There are two Win7 SP1 PCs (A & B), plugged in to a 3750-x (v12.2-58-SE2), on ports 33 and 41.
 
The ports are configured for 802.1x, auth order of  MAB then Dot1x. Priority is Dot1x, MAB. The config is the same on both ports (verified at show run all).
 
When either PC is plugged in to port 33, everything works as I expect. Client sends an EAPoL message, gets a response, and is authenticated. When PC A is plugged in to port 41, same correct result. When PC B is plugged into port 41, the client sends an EAPoL start, and the switch never replies.
 
If port 41 has the authentication order changed to dot1x then MAB, PC B works fine.

View 3 Replies View Related

Cisco Wireless :: 5508 Duplicate Client IP Address

Dec 1, 2012

I am using 2 anchor controllers 5508 as DHCP server. Anchor controller A is primary and anchor controller B is secondary. From time to time, client will complain "duplicate IP address error" when they try to connect guest wireless.First question: both anchor controller should have a recorder of IP address which is assigned to each PC, right?Second question: is there any way this type of issue can be avoided?

View 3 Replies View Related

Cisco Wireless :: Client Roaming With 5508 Controller

May 27, 2013

I am having some troubles with client roaming on a 5508 controller running firmware 7.3.101.0. As soon as a client roams outside the range of an AP they lose data flow and do not seem to transition to another AP for about 1 minute.This is a small network with 6 x AIRCAP3502E-N-K9 AP's (running in H-REAP mode) on the same floor and clients are a mix of HP notebooks, Mac Books, iMacs, iPads and iPhones. There are several seperate SSID's setup and the problem occurs on all. All are WPA2/AES with either a PSK or 802.1X. Both 2.4GHz and 5GHz radios are enabled with auto power and channel selection.
 
I have tried changing the roaming settings from default and also playing with the AP power settings to no avail.Is this normal behaviour or is there something I can do to improve the reconnection speed?

View 11 Replies View Related

Cisco Wireless :: Client Connection On 5508 / 1140 AP

Apr 23, 2013

I have one 5508 with Product version 6.0.199.4 and about 7 Cisco 1140 APs.We have a next problems. Go out of the connection on the clients PC, while physically a wireless connection to the workstations is not broken, but access to network resources is lost and restored after some time (up to about one minute).The logs on the controller at the same time see the following message.

View 3 Replies View Related

Cisco Wireless :: 5508 Client Gateway Setup

Dec 1, 2012

I've just installed a standard Cisco wireless install (5508, 3502i, local and flexconnect setups) all working swimmingly.
 
The customer has asked for a new WLAN for a particular group of staff that will route to a different gateway than the general wireless staff.
 
The 5508 is connected to a older Avaya L3 switch that is the customers core swtich, but it isn't capable of PBR so it routes on desitnation only and its default route is not where I need the new WLAN traffic to route to. An ASA will be connected to the Avaya switch (which is the alternate gateway I need to get the new WLAN users to). So my question is probably routing 101, but if the ASA interface, the Avaya swtich and the WLAN interface all reside in the same VLAN, can I give the wireless clients the ASA as their gateway via DHCP and successfully get their traffic to the ASA?

View 3 Replies View Related

Cisco Wireless :: 5508 WLC - Associate Client From AP If Idle For Certain Time

Sep 16, 2012

Is it possible to rename the default webauthentication URL from [URL] to something like [URL]. We are running on 7.0.98.0, is it possible to do http for web authentication and https for Mgmt access if we upgrade the controller software?
 
We configured our guest wireless with no layer 2 authetication so users can associate with an AP and get an ip adress but they can't go anywhere unless they have a valid username and password(web authentication) - does this affect the performance of an AP since there will be many people associated with each AP, is there any setting in the WLC to de associate a client from an AP  if its idle for certain time.

View 9 Replies View Related

Cisco Wireless :: 5508 LWAP Client Count Concentration

Apr 29, 2012

I have an environment of Cisco 5508 Wireless Controller and 1142N Access Points. I have a problem with the ratio of concentration of clients connecting to Access points in floors.
 
Recently I have been turning off 802.11a  on the access points and I am seeing increase in client count in a few of acces points.What is the maximum client count supported by these access points and how do i ensure they are distributed evenly on access points?

View 4 Replies View Related

Cisco Wireless :: Roaming With Broadcom Thin Client On 5508

Jun 3, 2013

Since two months they work full time with the new Dutch Electronic Patient Dossier.We installed 3 Cisco 5508 controllers, version 7.0.230.0 last year on a HP-switched network on a layer 2 mobility domain.Cisco 1041 AP are
 
The personnel works woth thin clients url... The one with the double antenna.This client has a Broadcom BCM943228HM4L 802.11 a.b.g.n (2x2) adapter.
 
On the client they have a connected RDP session to a server with the documents.Now they are walking from one patient to another patient. The problem they experience is a very late roaming. At the beginning of the corridor, the client will associate, but is going to roam at the end of the corridor. We installed 4 AP's on each corridor, so they signal is very well, maybe to well?
 
I disabled client loadbalancing and band select.The lowest data rates are also disabled. Mandatory begins at 12 Mbps. I can increase this to 18 Mbps.These clients work with PSK, with both methods (WPA-TKIP and WPA2-AES) enabled.We did this because of many old and new clients.
 
The customer tried to find out the problem with a smartphone, same issue. Very late roaming.I can upgrade the WLC to 7.0.240.0. The only problem I have is the WCS. When upgrading to 7.2 and higher I need to have NCS.

View 1 Replies View Related

Cisco Wireless :: WLC 5508 - Client Don't Receives IP Through Mesh (1552E)

Jan 31, 2013

recently I installed  WLC 5508 en the central office and installed a network mesh in a remote office; central and remote office is connected with serial link as WAN, and I have dhcp server in the remote office for give ip address to all users and devices in the remote office. Additional I have 5 LAP1552 (mesh) and 2 LAP1260 in the remote office, all clients that connect to LAP1260(this don't belong to the mesh) receive ip address from dhcp server, but neither client that try to connect to the mesh (LAP1552) receive ip address from dhcp server. I don't have if I doing some thing bad. The range IP that receive the all ap's belong to the network of devices and the range ip for the users belong to network of users.

View 12 Replies View Related

Cisco Wireless :: WLC 5508 Centrally Switched Client Errors

Aug 16, 2012

I am having trouble with a newly configured install.  Basically it seems that my centrally switched guest SSID is not functioning.  As you change AP groups, which should change the interface associated with the SSID and also the dhcp client address, the client is retaining the original dhcp address from whichever AP group they first associated with. 
 
I also have a locally switch WPA2 SSID at each location which is working fine.  Clients are able to change dhcp address correctly as they move between AP groups.  It just doesn't seem to be working on the guest network, which is odd because it was working earlier in the install.  It has only started having issues yesterday afternoon. 
 
The interface above is assigned to the guest SSID in one of the AP group.  I assume this has something to do with it but I've been over my DHCP assignments on the core switch, local switch, controller, and dhcp server and can find no issue with the configuration..
 
 I am not sure why as I am not using DOT1X at all.  The guest is a pass-thru and the WPA2 network is just WPA + WPA2 with TKIP and AES.  No DOT1X anywhere on the controller...

View 5 Replies View Related

Cisco Wireless :: 5508 - Client Unable To Stay Connected

Jun 26, 2012

Background: Wireless credit card machines can't stay connected to the 5508 controller 7.0.116 / 1142 ap wireless system. MAC address of one of the wireless hosts is 00:12:0e:ec:ce:97. AP servicing them is d4:a0:2a:99:34:60. Hosts are able to connect to the network after a reboot and stay connected for random periods of time but then don't come back unless you manually reload them. I have 3 in total in the same room services by the same ap.

I have the output of debug client 00:12:0e:ec:ce:97. Output showed 802.1x 'timeoutEvt' Timer expired for station 00:12:0e:ec:ce:97 so I increased the value to 4000ms on the controller but am still having the issue.

Note that the output below is the state the client stays in after receiving the timeout (802.1x 'timeoutEvt') showing subsequent attampts. The only way to get them back on is a reload of the credit card machine.

[Code]........

View 3 Replies View Related

Cisco Security :: 3750 Switch Not Forwarding EAPoL To RADIUS Server

May 27, 2010

I have a 3750 switch stack running version 12.2(53)SE2 IPBASEK9-M. I have dot1x configured on the switch and have a Windows 7 PC connected with 802.1x configured on the interface. I see the EAPoL start message from the PC, but I don't see any RADIUS packets from the switch to the RADIUS server. I have a simple dot1x config just to try to get it working prior to adding additional features such as guest-vlan...
 
Config and debug file attached.
 
I don't know if the ip dhcp snooping and arp inspection configuration is causing an issue with this or not. I see the EAPoL packet received on the switch as seen in the debug attachment, but I still never see the RADIUS packet. I did set both to trust on the interface but still the same outcome. I can't disable it since it is a production switch with a test interface.

View 5 Replies View Related

Cisco Wireless :: 5508 WLC Excessive Client Authentication Association Failure

Jan 29, 2013

I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.

View 9 Replies View Related

Cisco Wireless :: 5508 - Setting Client Count Per WLAN And AP Radio

Mar 14, 2013

We use WLC 5508 with 7.4. We tried to set max allowed clients per AP radio to 30 through GUI. We have APs with 80 clients associeted though.
 
When entering config wlan max-associated-clients max-clients wlan-id we got 
 
"WLAN/Guest-Lan/remote-lan is enabled. disable to configure max associated clients."
 
GUI doesn't show that message, should it?  In GUI, Is it necesary to disable WLAN before too?

View 3 Replies View Related

Cisco Wireless :: New 5508 WLC And 3602i Access Points / Client De-authentication

Jan 25, 2013

Installed a new 5508 WLC last week, and finished bringing 68 new 3602i access points online in our College Dorms. We are seeing a lot of "Client De-authenticated" errors "Reason: Unspecified Reason: Code 1. Years ago I asked about error code 1. The reply from Cisco was: "The programers put the code in. It basically means we don't know what the problem is."Got a call from one of the dorms stating that students were getting knocked off the network while going to sites. If a student is wired, network is solid.Walked the dorm in question and was getting full bars of signals at all times, and was able to stream a movie from my Ultraviolet account without any break or slowdown as I moved from access point to access point. So.. my device, an iPad, was fully mobile and did not experience any disconnects.Did observe one student using a MacBook Pro. This student was constantly loosing connection to the access point. Checked the controller for the MAC of the student's computer. I did find deauthentication errors. BUT... this student's error was the computer was receiving an IP address from the DHCP that was already in use. At the computer the error message was a timeout issue.I am just learning the ropes on the 5508. Have used 3 4404s for the past six years.

View 2 Replies View Related

Cisco Wireless :: 5508 Client Stuck In DHCP Required State

Aug 31, 2011

User is connecting to 5508, running 7.0.116.0.  Previously worked on another AP.  TV (client) is set to use dhcp.  As other posts have mentioned, "DHCP Addr. Assignment" checkbox is not checked for this wlan, but I also switched it to Required for this wlan but it did not make any difference.  Seems to be a problem with just this client as many other clients are on this AP with no problems.
 
Users have to register their MAC to get on our wireless system, but there is no encyption or security enabled once the device has been registered. 

View 34 Replies View Related

Cisco Wireless :: 5508 - Client Authentication Fails For Wrong EAP-type

Jan 16, 2012

I have setup the WLC to authenticate to a MS Server2008 NPS for a WPA2/AES SSID. The connection is successful, but client authentication fails for wrong EAP-type. I believe this indicates a Windows7 client issue. What is the required client setup to satisfy the MS NPS?

View 8 Replies View Related

Cisco :: WLC 5508 - Wireless Client Gets Random And Temp Invalid IP After Being Connected

Jun 24, 2011

I've got a setup like this:

WLC 5508 v7.0.98
6-7 Autonomous upgraded to lightweight APs - 2 * 1231G while the rest are 1242AG
3 dynamic interfaces, 2 to Corp (diff VLANs) and 1 to Guest
4 WLANs binded to different interfaces
2 to the Corp interface Vlan X
1 to Guest
1 to Corp Vlan Y

DHCP for Corp is provided by their own Win DHCP server while controller is the DHCP server for Guest. Lease time is 1 day.
 
My problem now is, some clients, at random, loses their IP after being connected to the network. They get a 169.254.x.x. They connect to the Corp network OK, no browsing issues but after a while, they lose their IP address.
 
They can either wait for a while before getting an IP back or just simple renew their IP on their machine.
 
I've tried increasing the threshold values in the Local EAP to double its default values and also setting the WLAN session time out values to infinite. However, these 2 didn't work. I'm still having clients that occasionally lose their IPs at random.
 
I've also noted that this affects clients with WZC wireless drivers and not others e.g. Intel Proset.

View 7 Replies View Related

Cisco Wireless :: 5508 - Limit Data Rate For Specific Client

Sep 12, 2012

I would like to be able to allow a specific client to only associate at 6mbit/s -is this possible using the wlc controller 5508? Another option would be to limit a whole w lan ssid to 6mbit/s but i can't find a way to do that either.
 
Other w lan ssid's on the same access points/controller need full data rates, so i guess i can't use the RF-profiling for this.

View 2 Replies View Related

Cisco Wireless :: WLC 5508 - Lightweight AP Client Getting Wrong IP Address From DHCP Server

Mar 29, 2012

I have 2 units Cisco WLC 5508 running software version 7.0.220 with 70 over units Cisco AP 1262N and 1242AG. Some of wireless clients having problem to get the correct IP address from the DHCP server. There are 2 units of Microsoft DHCP. Both DHCP server ip have been configured on the Interface at the WLC. The core switch also being configured with ip helper. I've attached the debug output of one of the wireless client during the problem.

View 12 Replies View Related

Cisco Wireless :: WLC 5508 With 3600 And 2600 AP - Client Down / Session Timer Is Turned Off

Apr 9, 2013

I have a strange issue with clients connected to a WiFi network.I have configured AP in FlexConnect mode and 2 SSID's. After a reboot of the AP the network is stable for almost 45 mins. Then each client will go UP and Down, mostly with a delay of 5 mins.
 
What could be the source of this. The clients are Windows CE handheld with fixed IP adres. I already configure persitent client and have play arround with APR timers as well. Thereby an Windows desktop or an iPad has less connectivity issues but even they expert pakcteloss once in severall minutes.
 
Session timer is turned off
 
The iPad for example can play music, but each 5 mins you hear a little hickup and 2 subsecond ping are loss.
 
Controller version is 7.3

View 6 Replies View Related

Cisco Wireless :: 5508 Wireless Client Keep Disconnected

Mar 7, 2012

I am using guest solution with two WLCs , one inside and one as anchor in DMZ.we have also NAC guest server to authenticate the guest users. inside WLC is 5508 and had been updated to latest version 7.2.103.0 last Thursday.
 
now we facing problem with the guest SSID , after the user authenticate, immediately disconnected and to access again he has to authenticate again and so on.
 
Is there any Bug with the new version because the setup was working fine before upgrading.

View 1 Replies View Related

Cisco WAN :: Allow Exceeded MSS On VPN Router 881

Jul 26, 2012

Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting.works fine, but some Yahoo sites don't.Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.

View 0 Replies View Related

Cisco WAN :: 881 Allow Exceeded MSS On VPN Router?

Jun 3, 2013

Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting. Example: www.google.com works fine, but some Yahoo sites don't.
 
Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.url...

View 3 Replies View Related

Cisco :: WLC 5508 How To Enhance Client Security Authentication

Dec 20, 2012

Security during client authentication is enhanced by applying both 802.1X and Web Authentication for a WLAN." 

View 7 Replies View Related

Cisco :: 5508 Controllers Not Redirecting Client Requests To ISE

Jun 5, 2013

Please find attached a simple BYOD/ISE document I uploaded to kick start my new Wireless setup. Its all configured on my ISE sever and Controller as per doc.My setup:
 
-3600 AP's
-Internal 5508 Controller
-DMZ 5508 Controller (acts as a DHCP server for wireless clients)
 
Controllers have established connectivity (mobility acnhors), as a client I can connect fine to my new SSID get a DHCP IP address back from DMZ WLC and at the moment can connect out to the Internet fine (using no WLAN Security as a test). So this part is working.I have now followed the document configured ISE, enabled AAA on the Internal WLC only and used the AAA override setting on WLAN as in the attached document.I connect to SSID expecting to be redirected to my ISE Guest Portal, nothing happens other than connecting to Internet WebPages.My question is, if I have followed this document correctly why is the Internal WLC not redirecting client requests to ISE, is this because my mobility anchors need to be re-configured, perhaps the AAA/ISE config needs to be applied to my DMZ WLC not internal WLC?
 
I would prefer the Internal WLC to redirect the login to ISE, doesn't make sense to traverse through the DMZ Firewall onto DMZ WLC back into the Internal Network again to the ISE to authenticate.Or am I missing something additionally to this document to make sure clients are directed to the ISE Guest portal login.

View 3 Replies View Related

Cisco :: WLC 5508 - Client Association Failure Null

Feb 21, 2013

I am running WLC 5508 and WCS version 7.0.98.  We are noticing with some of our handheld devices that have Sychip Wireless cards that they constantly have issues communicating.  The error I see on the WCS side is shown below:     
 
Client '00:0b:6c:2f:d0:32 (0.0.0.0)' failed to associate with interface  '802.11b/g' of AP 'HO-BRSales'. The reason code is '0(null)'.

View 11 Replies View Related

Cisco :: 5508 - Client Isolation And The Bonjour Gateway On WLC 7.4.1?

Mar 4, 2013

I am considering upgrading our 5508 WLCs to version 7.4.1 to take advantage of the Bonjour gateway. What I want to do is allow clients on our guest wireless network to access things like the Apple TV in our conference rooms. My intention would be to have the Apple TVs on a separate vlan. Obviously, the Bonjour gateway would allow for access between these 2 networks. The question I have is this. If I have client isolation turned on my guest wireless network, is it still possible for these devices to access Apple TVs on another network?

View 2 Replies View Related

Cisco :: WLC 5508 Disable WLan Client Still Connected

Jul 2, 2011

I have one wlc 5508 running on latest IOS 7.116, there is one wlan abc which i have disable status and disable broadcast, but randomly still i can see from wlc dashboard there is one client connected to this wlan abc. The moment i check on the client details, there is no client connected to that wlan and when return to dashboard, no more client connected to that wlan abc.

View 3 Replies View Related

Cisco :: WLC 5508 - Passive Client Vs User Idle Timeout?

Apr 18, 2012

I'm on WLC 5508 . It doesn't matter if passive client feature is turned on or turned off , when you try to increase "User Idle Timeout" you can see this message:
  
In our network, a lot of clients gets deauthenticated. I thought it would be useful to enable "Passive-client" feature, or increase "user idle timeout" , but how these works with each other?  

View 15 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved