LWAPP Replay Errors from

Bruno Dinis · ‎11-24-2014

Guys, I was trying to troubleshoot this error in my WLC

Nov 24 00:30:01 wlc1: *spamApTask5: Nov 24 00:30:01.883: #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP 08:d0:9f:23:4f:e0

I did some search and I was trying to check if there was any replay attack in the network but I don't know where to start and kept searching for other reasons, and got an anwser in other blog. And this issue could be related to a Load-balancing config.

Eventhough,I've got Load-Balancing disable in all my WLAN's but still got these counters. How can I check if those are false positives?

(wlc-1) >show load-balancing

Aggressive Load Balancing........................ per WLAN enabling
Aggressive Load Balancing Window................. 10 clients
Aggressive Load Balancing Denial Count........... 3

Statistics
Total Denied Count............................... 17682 clients
Total Denial Sent................................ 30891 messages
Exceeded Denial Max Limit Count.................. 5032 times
None 5G Candidate Count.......................... 206270 times
None 2.4G Candidate Count........................ 5040 times

In the GUI the Load-Balancing is DISABLED per WLAN.

Saurav Lodh · ‎11-27-2014

Could be this bug CSCun95384

Rasika Nayanajith · ‎11-27-2014

Hi Saurav,

We can't see details of this bug due to permissions, Would you be able to post the output to see

Rasika

Bruno Dinis · ‎11-28-2014

I can't see either.

Bruno Dinis · ‎02-03-2015

Insufficient Permissions to View Bug

This bug contains proprietary information and is not yet publicly available.

Salvador Antonio Quintanilla Mendoza · ‎03-10-2015

did you resolve this??? any feedback? i have the same problem

Bruno Dinis · ‎03-11-2015

nope!

Salvador Antonio Quintanilla Mendoza · ‎03-11-2015

and your still getting this errors #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 and dropped users from network? or you apply some workarround?... think that going to open a TAC ticket... I let you know...

Bruno Dinis · ‎04-30-2015

yes, even I've upgraded my entire campus to 1702i and 2702i lightweight AP's with 8.0.115.0 code in my WLC I still got huge amount of LWAPP Replay Erros, please check the summuary of erros during yesterday..

     14 APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c
     14 APF-3-CHECK_EXT_SUPP_RATES_FAILED: apf_utils.c
     14 APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c
     15 APF-3-NO_FRAMED_IP_ADDRESS: apf_radius.c
    638 APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c
    103 DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c
   2427 DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c
     55 DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c
     20 DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c
   1365 DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c
     69 DOT1X-3-INVALID_WPA_KEY_MSG: 1x_eapkey.c
    296 DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c
      2 DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c
    923 DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c
      7 DTL-3-ARP_CLIENT_IP_DUPLICATED: dtl_arp.c
      2 IPV6-3-CREATE_BINDING_FAILED: ipv6_net.c
      2 IPV6-3-ORPHAN_ADDR_LEARNING_FAILED: ipv6_net.c
      2 LOG-3-Q_IND: 1x_eapkey.c
      3 LOG-3-Q_IND: rrmChanUtils.c
     22 LOG-3-Q_IND: spam_lrad.c
   5120 LWAPP-3-REPLAY_ERR: spam_lrad.c
      2 LWAPP-3-VENDOR_PLD_VALIDATE_ERR: spam_lrad.c
      3 RRM-3-RRM_LOGMSG: rrmChanUtils.c
    615 RRM-3-RRM_LOGMSG: rrmLrad.c
      2 SISF-3-INTERNAL: sisf_shim_utils.c

Kamaljeet Singh · ‎04-30-2015

Did you face any client disconnections?

These replay messages are cosmetic in nature and should not have any real impact.

Kamaljeet Singh · ‎04-29-2015

LWAPP Replay Errors from multiple APs at intermittent intervals of time are expected in the WLC message logs. This is because of AES CCMP REPLAY errors in the AP console, which are also expected in large live networks.

LWAPP-3-REPLAY_ERR and load balancing issue