cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
5
Helpful
3
Replies
Highlighted
Beginner

After upgrade to 8.5.135, 2800i connected to MAB ports are generating auth errors. All the other APs are fine.

Hi,

 

I've migrated a couple of 5520 from 8.5.120 to 8.5.135 to solve the CSCvi63043 bug that was afecting some 2802i.

 

The upgrade solved that bug but now, in 3 out of 4 2802i APs, we noticed that every 15 minutes or so, the APs would loose connection to the WLC and recicled the registration process. After some troubleshooting and config analysis, we noticed that the only difference was the authentication order configured in the 3850 switch port:

 

with the order set to authentication order mab dot1x the 2802i stays registered in the WLC

with the order set to authentication order dot1x mab the 2802i generate authentication errors until it reauthenticates and registes again in the controller.

 

Only the 2800 are affected. The other APs type ( 2600, 2700, 1532 ) are working without any issues.

 

Anyone has seen this behaviour?

Cheers,
Vasco
Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: After upgrade to 8.5.135, 2800i connected to MAB ports are generating auth errors. All the other APs are fine.

Issue was traced to a bug in the ISE 2.1. The AP mac addresses were deleted from the MAC auth list.
Upgrading the ISE solved the issue
Cheers,
Vasco

View solution in original post

3 REPLIES 3
Hall of Fame Community Legend

Re: After upgrade to 8.5.135, 2800i connected to MAB ports are generating auth errors. All the other APs are fine.

Don't let AP ports join 802.1x. Just give them static VLAN assignments.
Beginner

Re: After upgrade to 8.5.135, 2800i connected to MAB ports are generating auth errors. All the other APs are fine.

That's not an option for that customer. And it's very hard to justify that solution since the configuration has been working perfectly well for more than 3 years with all the other AP types. It should also work with the new 2800 or they might consider to change those APs.

Cheers,
Vasco
Beginner

Re: After upgrade to 8.5.135, 2800i connected to MAB ports are generating auth errors. All the other APs are fine.

Issue was traced to a bug in the ISE 2.1. The AP mac addresses were deleted from the MAC auth list.
Upgrading the ISE solved the issue
Cheers,
Vasco

View solution in original post

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards