02-23-2020 02:18 AM - edited 07-05-2021 11:45 AM
Hi guys,
I am having this issue on my Cisco Aironet Mobility Express running on version 8.5.151.
The user keep disconnecting from the AP, and sometimes cannot authenticate to the network. This issue happen to me last time, but I have solved it. The solution I done is disabling the session timeout for the WLAN ID.
However after few weeks, the issue happen again and getting worse.
Provided below the error log that appear in the ME.
*Dot1x_NW_MsgTask_0: Feb 23 09:49:31.044: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 60:d8:19:6b:3a:5a
*Dot1x_NW_MsgTask_0: Feb 23 09:46:05.236: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 60:d8:19:6b:3a:5a
*Dot1x_NW_MsgTask_0: Feb 23 09:46:05.219: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 60:d8:19:6b:3a:5a Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
--More-- or (q)uit
*Dot1x_NW_MsgTask_0: Feb 23 09:36:02.622: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 74:da:da:5f:f1:e4
*Dot1x_NW_MsgTask_0: Feb 23 09:36:02.614: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 74:da:da:5f:f1:e4 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:33:16.044: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 60:d8:19:6b:3a:5a
*Dot1x_NW_MsgTask_0: Feb 23 09:33:16.035: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 60:d8:19:6b:3a:5a Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:22:24.905: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 74:da:da:5f:f1:e4
*Dot1x_NW_MsgTask_0: Feb 23 09:22:24.898: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 74:da:da:5f:f1:e4 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:18:48.058: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 74:da:da:5f:f1:e4
*Dot1x_NW_MsgTask_0: Feb 23 09:18:48.051: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 74:da:da:5f:f1:e4 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:05:10.332: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 74:da:da:5f:f1:e4
*Dot1x_NW_MsgTask_0: Feb 23 09:05:10.325: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 74:da:da:5f:f1:e4 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:03:46.503: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client f4:28:53:17:4e:09
*Dot1x_NW_MsgTask_0: Feb 23 09:03:46.484: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client f4:28:53:17:4e:09 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
*Dot1x_NW_MsgTask_0: Feb 23 09:01:33.386: %DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c:848 Unable to send AAA message for client 74:da:da:5f:f1:e4
*Dot1x_NW_MsgTask_0: Feb 23 09:01:33.378: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:487 Authentication Aborted for client 74:da:da:5f:f1:e4 Abort Reason:DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM
Solved! Go to Solution.
11-21-2021 05:48 PM
Hi guys,
I know this bit late to share the finding.
we found out the issue is coming from the RADIUS server itself, after migrating the RADIUS server, the issue is resolved and no complaint from the user.
02-23-2020 08:13 PM
Hi guys.
This issue has been resolved. I have to restart the RADIUS server, and restart the WLAN ID.
All user are able to connect to wifi.
03-04-2020 08:23 AM
We have the same problem but our syslog data shows it only happens to Apple devices, both iOS and MacOS. It's been happening for at least a year now and we are not discovering it. Our RADIUS(ISE) has been patched to the latest and restarted a couple times during that time frame and it still occurs. Are you still having this issue? When you restarted RADIUS did you also keep session timeout disabled? To me, that isn't a feasible fix if so and should be filed as a bug.
This happens to 3802/3702 WAPs on 3504 and 5520 controllers. So it's a global issue.
03-04-2020 11:27 AM
Hi,
Upgrade your WLC to a stable version, but first try disabling FT. It's a good feature, but i've seen it cause issues at the same time, clients disconnecting randomly.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Regards,
Cristian Matei.
03-04-2020 11:30 AM
Is 8.5.151 no longer a stable version? What is recommended now? We have 802.11r disabled.
03-04-2020 11:48 AM
Hi,
it is. What do you see in WLC and RADIUS log messages?
Regards,
Cristian Matei.
05-12-2020 07:43 PM
11-21-2021 05:48 PM
Hi guys,
I know this bit late to share the finding.
we found out the issue is coming from the RADIUS server itself, after migrating the RADIUS server, the issue is resolved and no complaint from the user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide