cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
231
Views
0
Helpful
7
Replies
Highlighted
Beginner

WLAN 8021X_REQD Problem

Hello community

I have a lot of log entries because of 802.1x problems.

003204: Jan 16 11:13:13.293 MET: *%APF-4-MSCB_DEL_FAILED:Switch 1 R0/0: wcm: Unable to delete the client entry ( f86f.c108.c481 ) from client exclusion list: client not found.
003205: Jan 16 11:22:10.634 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP 70db.9876.e570
003206: Jan 16 11:25:47.759 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 1, WLAN Cisco 3850ID 1, count 1 from AP 00a3.8e18.1670
003207: Jan 16 11:42:14.731 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 2, count 41 from AP 70db.98ed.e620
003208: Jan 16 11:53:17.617 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c108.c481 () was added to exclusion list. Reason: 802.1X authentication failure
003209: Jan 16 12:02:09.458 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 1, count 1 from AP 00a3.8e18.6320
003210: Jan 16 12:03:57.379 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f8e9.4e1e.441a () was added to exclusion list. Reason: 802.1X authentication failure
003211: Jan 16 12:24:09.422 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 1, count 2 from AP 00a3.8e18.6320
003212: Jan 16 12:45:24.606 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c108.c481 () was added to exclusion list. Reason: 802.1X authentication failure
003213: Jan 16 13:00:07.972 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 2, count 1 from AP 70db.984c.d2e0
003214: Jan 16 13:00:30.182 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c108.c481 () was added to exclusion list. Reason: 802.1X authentication failure
003215: Jan 16 13:30:07.664 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 0, count 1 from AP 00a3.8e28.9720
003216: Jan 16 13:31:46.427 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client 74b5.879d.cdac () was added to exclusion list. Reason: 802.1X authentication failure
003217: Jan 16 13:32:07.662 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 2, count 6 from AP 00a3.8e28.9720
003218: Jan 16 13:39:08.213 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c108.c481 () was added to exclusion list. Reason: 802.1X authentication failure
003219: Jan 16 13:44:07.645 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 0, WLAN ID 2, count 1 from AP 00a3.8e28.9720
003220: Jan 16 13:46:09.323 MET: *%LWAPP-3-REPLAY_ERR:Switch 1 R0/0: wcm: Received replay error on slot 1, WLAN ID 1, count 1 from AP 00a3.8e18.6320
003221: Jan 16 13:49:56.303 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c1a5.05c2 () was added to exclusion list. Reason: 802.1X authentication failure
003222: Jan 16 13:56:01.910 MET: *%APF-4-ADD_TO_BLACKLIST_REASON:Switch 1 R0/0: wcm: Client f86f.c1a5.05c2 () was added to exclusion list. Reason: 802.1X authentication failure

 

There are only a few clients with this problem. The strange thing is, that we do not have 802.1x enabled.

 

What can i do? Can someone help me?

 

Greets

Flo

 

 

7 REPLIES 7
Highlighted
Hall of Fame Master

Re: WLAN 8021X_REQD Problem

Have you looked to see if those devices are yours? Might be a device that is trying to connect using 802.1x and might be driver related to the device.
-Scott
*** Please rate helpful posts ***
Highlighted
Beginner

Re: WLAN 8021X_REQD Problem

Hello Scott

Thanks for your reply! 

No not yet, because its a customer and its difficult to check. But how can i blacklist this devices for a longer period?

How can i edit the exclusion list?

 

Greets

Florian

Highlighted
Hall of Fame Master

Re: WLAN 8021X_REQD Problem

In the GUI or cli you can add the MAC address to an exclusion list that is permanent.
-Scott
*** Please rate helpful posts ***
Highlighted
Beginner

Re: WLAN 8021X_REQD Problem

The problem is, i can not find any exclusion list. I see only the exclusion policies under Wireless Protection Policies.

Also the command show exclusionlist is not working! 

 

The wlc 3850 is running on 16.3.9

Highlighted
Beginner

Re: WLAN 8021X_REQD Problem

Hi Florian,

 

check the picture below, the path is "Security" -> "Disabled Clients" -> Manual Disable

There you can click "New" on the top right corner and add the MAC address of those clients.

 

BR,

Marco

 

Clipboard01.jpg

Highlighted
Hall of Fame Master

Re: WLAN 8021X_REQD Problem

Ah... you are running converged access. You should open a TAC case for that issue you are seeing.
-Scott
*** Please rate helpful posts ***
Highlighted
Beginner

Re: WLAN 8021X_REQD Problem

And be warned that Cisco abandoned converged access after that release so unless TAC already have a fix for that they're going to tell you that it will not be fixed because the feature is not supported in future releases:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-5/release_notes/ol-16-5-3850.html
Important Notes
Converged Access (CA) is not supported beyond Cisco IOS XE Denali 16.3.x.
On the Cisco Catalyst 3850 Series Switches, CA is supported in the Cisco IOS XE Denali 16.3.x software release, which has extended support for 40 months.
CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards