Solved: CISCO 2108 WLAN Client Disconnect Issues

shayles77 · ‎07-25-2012

Hello Everyone,

New to this forum and also to CISCO WLAN design so would appreciate any help from you guys or pointers in the right direction to help myself.

I have deployed a CISCO WLAN in our office.

I have a 2108 WLAN Controller, 2 x 1141 LWAP APs, and 2 x 1131 LWAP APs.

There are 3 WLAN SSIDs

1 for visitors network

1 for data network

1 for VoIP

For each of these WLANs I am using Layer 2 WPA2/PSK using AES encryption.

I am getting numerous reports of users reporting random drops from the WLANs for periods of about 10 seconds.

I have checked coverage in the areas where these are reported and -43dbm seems to me to be well within the guidelines.

I can't even put this down to handover between APs as the users are normally in a static position and not moving around.

When I look in the logs on the controller I see lots of the below messages. Can anyone explain to me what these messages are for and why they are being reported? As far as I am aware dot1x is not configured and neither is EAPOL so I am puzzled where these are coming from or where you configur the controller to disable these.

Jul 25 09:30:43.448: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client a8:6a:6f:1e:92:38

*Jul 25 09:01:23.739: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 44:d8:84:36:3d:5d

*Jul 25 08:52:16.041: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 44:d8:84:2e:3f:9c

*Jul 25 08:45:16.409: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 98:0c:82:cc:90:e5

*Jul 25 08:43:26.569: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 18:34:51:5a:0d:ba

*Jul 25 08:36:50.606: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client d8:30:62:ba:db:ef

*Jul 25 08:33:14.542: %LWAPP-3-REPLAY_ERR: spam_lrad.c:23400 Received replay error on slot 0, WLAN ID 1, count 1 from AP a0:cf:5b:6a:73:50

*Jul 25 08:31:14.551: %LWAPP-3-REPLAY_ERR: spam_lrad.c:23400 Received replay error on slot 0, WLAN ID 1, count 1 from AP a0:cf:5b:6a:73:50

*Jul 25 08:22:16.730: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client 98:0c:82:cc:90:e5

*Jul 25 08:20:36.911: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 98:0c:82:cc:90:e5

*Jul 25 08:06:32.265: %APF-1-DISCONECT_MOBILE_DUE_TO_WLAN_SW: apf_policy.c:540 Disconnecting mobile 44:d8:84:25:58:ac due to switch of WLANs from 1(NWAP) to 2(VWAP)

*Jul 25 08:06:21.173: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 44:d8:84:25:58:ac

fbarboza · ‎08-13-2012

Hi Stewart,

As per your email the WLC reports:

%DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client a8:6a:6f:1e:92:38

This error message is seen when the wireless client is having issues to negotiate the current encryption method configured on the WLC, this could be becasue it does not support the current encryption method confiugred on the WLC, 2 encryption method configured on the WLC, remmber to use either WPA + TKIP or WAP2+ AES.

Also update the drivers of the wireless clients in case the issue could be a a driver problem.

You can also use the follwoing commands to encrease the negotiation timer between the wireless clients and the WLC for the encryption method.

config advanced eap eapol-key-timeout 5000

config advanced eap eapol-key-retries 4

View solution in original post

Scott Fella · ‎07-25-2012

Welcome to the forum!

So you have a 2106 wlc. So the WLAN in question is it all three or just a particular one? The first thing I would look at is the WLAN. Makes sure wpa2/aes is the only think checked, not wpa or tkip. Then I would go out to one of the client devices and check if the pre shared key and the wireless setting is okay. I also might delete it and recreate it. Then look at all the profiles that have been created on the device. It might be that the user also has the guest or the other SSID configured on the device and that is why the user is complaining. I have seen this numerous times... Users will add the guest network to their device because they believe it's an open network and try can surf all day long. Well the device might be switching from one SSID to another. So take a look at the devices in question.

Upgrading the driver on the client is another thing that might help.

You might also want to make sure fast SSID change is enabled on the wlc. In the GUI it under the controller tab.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Amjad Abdullah · ‎08-06-2012

Hello Stewart,

This looks like more a supplicant issue. There are a few steps that you can follow that were provided by Scott. Those will probably mitigate your issue.

If not, please provide an output of the command (show wlan ) for the WLAN that experience the problem.

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"

fbarboza · ‎08-13-2012