https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4774946#M251666 <P>&nbsp;</P> <P>&nbsp;- You may try :&nbsp;<SPAN class="ph">(Cisco EWC Controller) &gt;</SPAN><STRONG>config wps client-exclusion all disable&nbsp;</STRONG></P> <P>&nbsp;M.</P> Tue, 14 Feb 2023 07:50:46 GMT Mark Elsen 2023-02-14T07:50:46Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4774567#M251657 <P>Ran into a weird problem that all started when I changed the PSK a WLAN uses. The SSID of the WLAN stayed the same, only the PSK changed. Since changing the PSK, even though we went through and updated the password on the wireless devices connecting to the WLAN that changed, they all initially connected fine. But soon we noticed randomly, devices were disconnecting from the network. Watching logs on the controller it shows the clients are getting added to the exclusion list due to the wrong PSK. Eventually all those same devices time out of the exclusion list, then connect fine without issue. Some time passes and they get added to the exclusion list again. I can't figure out if the problem is due to an issue with the wireless APs/controller or the clients themselves. All i can say though is this is happening to multiple types of clients (computers, phones, smart devices (plugs, Alexa, etc.)) so there isn't any commonality there. Thinking it was a bug with the IOS, i upgraded the firmware but the problem persisted. Tried wiping the entire config of the APs/controller and added back the PSK with the new config but the problem remained. So now I'm out of ideas and want to instead figure out how to just disable the client exclusion feature hoping that keeps devices connected. I understand the security ramifications of this, but for now am running out of options. Any and all responses on either what might be causing clients to get added to the exclusion list or how to disable it all together are much appreciated!&nbsp;</P><P>&nbsp;</P><P>I am running two&nbsp;C9130AXI-B access points which are configured as an embedded wireless controller. Firmware version&nbsp;Cisco IOS XE Software, Version 17.09.02.&nbsp;</P> Tue, 14 Feb 2023 01:15:34 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4774567#M251657 brentr678 2023-02-14T01:15:34Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4774946#M251666 <P>&nbsp;</P> <P>&nbsp;- You may try :&nbsp;<SPAN class="ph">(Cisco EWC Controller) &gt;</SPAN><STRONG>config wps client-exclusion all disable&nbsp;</STRONG></P> <P>&nbsp;M.</P> Tue, 14 Feb 2023 07:50:46 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4774946#M251666 Mark Elsen 2023-02-14T07:50:46Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775260#M251696 <P>Unfortunately i believe that command only works in AireOS. It doesn't accept the command on the EWC.&nbsp;</P> Tue, 14 Feb 2023 12:57:59 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775260#M251696 brentr678 2023-02-14T12:57:59Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775333#M251704 <P>Haven't tried it myself but I see these in "show run all" (handy for looking for default config):<BR /><FONT face="courier new,courier">wireless wps client-exclusion all</FONT><BR /><FONT face="courier new,courier">wireless wps client-exclusion dot11-assoc</FONT><BR /><FONT face="courier new,courier">wireless wps client-exclusion dot1x-auth</FONT><BR /><FONT face="courier new,courier">wireless wps client-exclusion dot1x-timeout</FONT><BR /><FONT face="courier new,courier">wireless wps client-exclusion ip-theft</FONT><BR /><FONT face="courier new,courier">wireless wps client-exclusion web-auth</FONT><BR /><SPAN><BR />So try no xxxx on those?</SPAN></P> Tue, 14 Feb 2023 14:29:58 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775333#M251704 Rich R 2023-02-14T14:29:58Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775427#M251715 <P>I don't have an EWC but from a 9800 controller, you define this on the Policy Profile:</P> <P>wireless profile policy &lt;your policy profile&gt;<BR />no exclusionlist <BR />exclusionlist timeout 0</P> Tue, 14 Feb 2023 16:33:39 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775427#M251715 Scott Fella 2023-02-14T16:33:39Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775431#M251716 <P>&nbsp;</P> <P>&nbsp; <U><EM>&nbsp; &gt;...Unfortunately i believe that command only works in AireOS. It doesn't accept the command on the EWC.&nbsp;</EM></U><BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Check if these commands can provide more insights :<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<STRONG>show wireless stats client detail</STRONG><BR /><STRONG>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; show wireless stats client delete reasons&nbsp;</STRONG><BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <STRONG>show wireless client history disconnected summary</STRONG><BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <STRONG>show logging&nbsp; profile wireless filter &lt;CLIENTMAC&gt;</STRONG></P> <P>&nbsp; Also have a checkup of the EWC controller configuration&nbsp;<SPAN>with the CLI command :</SPAN><STRONG>&nbsp;</STRONG><FONT color="#008000"><STRONG>show&nbsp; tech</STRONG>&nbsp;&nbsp;<STRONG><U><SPAN>&nbsp;</SPAN>wireless</U></STRONG></FONT><SPAN>&nbsp;</SPAN><SPAN>, have the output analyzed by&nbsp;</SPAN><SPAN>&nbsp;</SPAN><A href="https://cway.cisco.com/tools/WirelessAnalyzer/" target="_blank" rel="noopener nofollow noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://cway.cisco.com/tools/WirelessAnalyzer/&amp;source=gmail&amp;ust=1662270212514000&amp;usg=AOvVaw1v8X824xUFwNwiDM_o5Fxf">https://cway.cisco.com/<WBR />tools/WirelessAnalyzer/</A><SPAN>&nbsp; , please note do not use classical</SPAN><FONT color="#FF0000"><SPAN>&nbsp;</SPAN>show tech-support</FONT><SPAN>&nbsp;</SPAN><SPAN>(short version) , use the command denoted in green for Wireless Analyzer.&nbsp; &nbsp; &nbsp;&nbsp;</SPAN><EM>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Checkout all advisories!</EM></P> <P>&nbsp; &nbsp; - Look into client debugging :&nbsp;<A href="https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity" target="_blank">https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity</A>&nbsp;, you can have client debugs analyzed with :&nbsp;<A href="https://cway.cisco.com/wireless-debug-analyzer" target="_blank">https://cway.cisco.com/wireless-debug-analyzer</A></P> <P>&nbsp;M.<BR /><BR /><BR />&nbsp;&nbsp;</P> Tue, 14 Feb 2023 16:42:09 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775431#M251716 Mark Elsen 2023-02-14T16:42:09Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775448#M251718 <P>I tried&nbsp; "no&nbsp;<SPAN>wireless wps client-exclusion all" in global config and that didn't have any affect. On the actual wireless profile policy though "no exclusionlist" has seemed to work. Ill give it a day or so before calling it completely resolved, but so far watching the logs no clients have been added. Thank you all for the suggestions!&nbsp;<BR /></SPAN></P> Tue, 14 Feb 2023 17:21:53 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/4775448#M251718 brentr678 2023-02-14T17:21:53Z https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/5213522#M276833 <P>Via cli, it asks to disable policy before that change, unfortunally.</P> Wed, 23 Oct 2024 09:44:35 GMT https://community.cisco.com/t5/wireless/disable-client-exclusion-on-ewc/m-p/5213522#M276833 rui-b-rodrigues 2024-10-23T09:44:35Z