01-20-2016 11:39 AM - edited 07-05-2021 04:31 AM
Hello,
Has anyone experienced an issue with wireless client IP renewal on a 802.1x enabled WLAN/SSID when the Re-authentication timeout occurs?
Here is the issue..
I have a dot1x enabled WLAN. I have some wireless clients (a mixture/not the same) that will lose it's IP address after the Re-authentication timeout occurs. When this occurs, the client remains connected to the ap but will eventually show an APIPA address. I have enabled client debug on the the WLC and see that the client reauth logs after the timeout occurs. I know the reauth is fine (Client remains connected to ap). I've done several pcaps and it indicates that the DHCP server is receiving the Discover packet and replying with the Offer. However, the last place I see the offer packet is at the WLC up link port. From there, its not getting to the client to complete the process.
By default, the Re-authentication timeout is configured for 30 mins (or 1800 secs). As a work around, I've increase the Re-authentication timeout value to 12 hours. A 30 minute disconnect is not acceptable.
Has anyone experienced this issue or know anything about it?
Thanks Kindly.
Solved! Go to Solution.
01-20-2016 07:58 PM
You have a backup controller maybe try and reproduce it on that one if you can't reboot production. Years ago it would use the management address it now and for a long time it's been sourced from the interface you put in the wlc if proxy is on.
01-20-2016 11:47 AM
Hello
I can't say I've seen this issue during a re auth the client loses its IP address. Can you move this back to 30 mins, capture a client debug and post ?
01-20-2016 11:57 AM
George,
First, I would give a disclaimer and let you know that I'm new to Cisco Wireless and learning it. With that said, you are referring to the debug client <mac> on the wlc cli, correct? I'm not able to move the timer back to the 30 minute value on the WLAN but I have create a duplicate WLAN that using the same L3 network for testing. I have the timeout value set to 5 minutes (300).
Thanks,
01-20-2016 12:34 PM
No problem. We all have to start somewhere. I manage a very large wireless network. 30,000 clients plus+. Im pretty well aware of all the little crazy things that can happen.
Fine, create another WLAN see, move to a shower timer and see if you can reproduce the issue. On the CLI in the WLC the client is attached to do a client debug <mac address>. When it disconnects and tries to reconnect we want to capture this...
01-20-2016 01:22 PM
01-20-2016 01:27 PM
What controller model and code are you on ?
01-20-2016 01:29 PM
8500 runnning 8.1.102.0 code. Planning to upgrade to 8.1.131.0 in the next few months.
01-20-2016 01:31 PM
On the controller CLI do a ->show wlan <X>
and post it
01-20-2016 01:43 PM
Do you have 2 DHCP servers configured of your interface ?
Let me take a look at the WLAN config. Also do post the interface this WLAN is configured to. In the CLI do:
show interface detailed <name of interface>
server id: <DHCP_SVR_1> rcvd server id: <DHCP_SVR_1>
server id: <DHCP_SVR_2> rcvd server id: <DHCP_SVR_2>
01-20-2016 01:51 PM
Post
show interface detailed test-wifi-1010
01-20-2016 01:59 PM
I posted the WLAN output above. I will note that I disable the dhcp proxy on theis wlan and put IP helpers on the gateway interface. However, some WLANs are still using it and it still enabled globally.
Thanks,
01-20-2016 02:18 PM
Here is where the breakdown is as I see it.
Did this ever work and stopped working ? Did you do a code upgrade recently ? Any changes ?
Im not sure what this mean. But I think this is a logging bug and not your issue based on what i read.
[PA] Wired client head is NULL, no clients in the list. Number of clients = 0
*DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP processing DHCP ACK (5) *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 1 *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP xid: 0xd5488f16 (3578302230), secs: 0, flags: 0 *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP chaddr: a0:63:91:87:4c:90 *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP ciaddr: <Wireless_Client_IP>, yiaddr: 0.0.0.0 *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP siaddr: 0.0.0.0, giaddr: <_Client_VLAN_1010_Gateway> *DHCP Socket Task: Nov 10 10:48:30.548: [PA] a0:63:91:87:4c:90 DHCP server id: <DHCP_SVR_2> rcvd server id: <DHCP_SVR_2> *Apf Guest: Nov 10 10:48:56.650: [PA] Wired client head is NULL, no clients in the list. Number of clients = 0
01-20-2016 02:18 PM
Are all the clients acting like this ?
01-20-2016 02:21 PM
see above post.
Thanks
01-20-2016 02:20 PM
This is a new deployment. No change in code. Always been an issue until I increase the session timer. The issue is still there. It's just every 12 hours and not every 30 minutes. This doesn't occur for everyone.
I just know when the session times out, the client does a reauth but eventually loses its IP. If I do a ipconfig/release and /renew, it will not obtain an IP address. If i disconnect from the wireless and reconnect, the device is able to obtain an IP. It seems that a client has to create a new session by disconnecting and reconnecting in order to get an IP.
Thanks,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: