Aironet 1242AG Sending station has left the BSS

ksbolton1 · ‎09-14-2015

Hello all,

I've got two Aironet 1242AG APs running independently of each other in one building. Another location has a third Aironet of the same model. The two APs inside the single building are currently each broadcasting a single SSID, i.e. AP1 broadcasts SSID1 and AP2 broadcasts SSID2. The authentication being used on these are WEP.

AP1 is running c1240-k9w7-mx.124-10b.JDA3 and AP2 is running c1240-k9w7-mx.124-21a.JA1.

My issue is this: some devices are able to connect to the APs while others aren't. There aren't an specific differences between those that can connect and those that cannot. All devices (laptops, tablets, smartphones,etc.) authenticate properly but some result in a message in the Web GUI's log stating, "Sending station has left the BSS". This is logged with the MAC address of the devices I'm testing with so I'm sure that they're causing this message.

My initial concern was that the devices were far away from the AP thus out of range but even when right beside the AP. the issue persists.

I mentioned the 3rd AP, AP3, because it has been configured jsut like the other two but it functions without any problem. I've been tying to troubleshoot the first two APs, Ap1 & Ap2 but with no success. I'm hoping someone can help me or point me in the right direction please.

Richard Bradfield · ‎09-14-2015

Hi,

can you post the configuration of one of the 1240s, I take it the configs are the same for all APs except for the SSID.

I would also upgrade the IOS to the current version which is c1240-k9w7-mx.124.4.25D.JA2 so that all APs are running the same IOS

ksbolton1 · ‎09-16-2015

Hello Richard. Thank you for your reply. I'll post the configurations for AP1 & AP2 below:

AP1

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1
!
enable secret 5 $1$AWaj$qvWTe/SqevXt3Ot7iIQTs/
!
no aaa new-model
clock timezone GMT-5 -5
ip domain name mydomain.com
ip name-server 10.0.10.11
!
!
ip ssh version 2
!
dot11 ssid SSID1
authentication open
guest-mode
!
!
!
username Cisco password 7 14341B180F0B
username admin privilege 15 secret 5 $1$q8BF$30Oyhiy.APsPeCJBTinGi0
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 3150636C3705 transmit-key
encryption mode wep mandatory
!
ssid SSID1
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 3150636C3705 transmit-key
encryption mode wep mandatory
!
ssid SSID1
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.33.231 255.255.254.0
no ip route-cache
!
ip default-gateway 10.0.33.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end

AP2

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP2
!
enable secret 5 $1$2kkx$vUpG/H9g3hyHUbpZmH0sl/
!
no aaa new-model
ip domain name mydomain.com
ip name-server 10.0.10.11
!
!
dot11 syslog
!
dot11 ssid SSID2
authentication open
guest-mode
!
!
!
username Cisco password 7 02250D480809
username admin privilege 15 secret 5 $1$/v66$AYGBm5RrVFUBVMQLYPAzD1
!
!
ip ssh version 2
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 9068157E3C3B transmit-key
encryption mode wep mandatory
!
ssid SSID2
!
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 40bit 7 CE5870305822 transmit-key
encryption mode wep mandatory
!
ssid SSID2
!
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.33.233 255.255.254.0
no ip route-cache
!
ip default-gateway 10.0.33.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
logging synchronous
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end

Richard Bradfield · ‎09-16-2015

Hi,

Are you using both 2.4 and 5GHz, as I see on AP2 the 5GHz interface is shutdown, also on the 2.4 Ghz I would put something like this for the config, do not use the slower speeds, might even get rid of the 11 as that is B not G, I think is one device connects using B then all connections are then forced to be B on that AP

speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local cck 100
power local ofdm 30
channel least-congested 2412 2437 2462
station-role root

ksbolton1 · ‎09-16-2015

Richard, I think I've found the culprit, the DHCP server. My supervisor (the senior network admin) checked the DHCP server and found that the scope serving IP addresses for WLAN networks was full. Apparently the DHCP leases were set for too long a time period and so there were basically no IP addresses left in the pool to give to new devices.

I theorize that the device sent a request to the DHCP server, after properly authenticating to the AP's BSS, but since there were no IP addresses available the device was unable to join the network and as such the connection failed. I'll call that a "timeout" while waiting for the DHCP server's positive response.

The AP then sees that the device after authenticating has not received an IP address so it presents me with the log message saying that the Sending station (i.e. the device) has left the BSS.

Does that sound like a plausible theory?

Richard Bradfield · ‎09-16-2015

sounds good, you do get funnies when the DHCP server runs out of addresses.

But you mention AP3 does not have any problems, are those clients on a different subnet then?

ksbolton1 · ‎09-17-2015

Yes, they are and they're also served by two different DHCP servers.

Richard Bradfield · ‎09-17-2015

Ok that accounts for the fact that AP 3 is ok.

looks like you have cracked the problem

regards

Richard.

mohanak · ‎09-15-2015

Refer the link : https://supportforums.cisco.com/discussion/12344706/clients-disconnected-ap-sending-station-has-left-bss

ksbolton1 · ‎09-16-2015

Hello mohanak, thanks for your reply.

Previous attempts to change from WEP to the stronger WPA2 caused a couple problems with these APs. My third AP uses WPA2 and when I try to mimic AP3's config on Ap1 and AP2, they broadcast their SSIDs but devices have some difficulty connecting with the same BSS error.