Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3796
Views
5
Helpful
18
Replies

5508 WLC on 7.4MR2- Clients getting Disconnected using CWA

awatson20
Level 4
Level 4

‎03-20-2014 02:29 PM - edited ‎07-05-2021 12:29 AM

We are experiencing an issue with clients getting disconnected/time out from a wlan doing CWA.  The clients are iphones.  A debug client shows the error(Unknown Policy Timeout). This particular WLAN is used for provisioning with ISE. ISE shows the user authenticated the entuire time.  At first, we though it was the user idle timeout setting on the WLAN advanced tab, but after increasing that clients still get disconnected.  The disconnect occurs around 2 minutes.  Sometimes longer around 10 minutes.  Cisco seems to think we are hitting a bug introduced in 7.3.112 and will not be fixed until 8.0.  Below are the bug details and the debug output.  Has anyone seen this?  Any possible work-arounds? Thanks.

 

(Cisco Controller) >debug *apfMsConnTask_7: Mar 20 17:19:02.573: Association request from the P2P Client Process P2P Ie and Upadte CB
*apfMsConnTask_7: Mar 20 17:19:02.765: Association request from the P2P Client Process P2P Ie and Upadte CB
*apfReceiveTask: Mar 20 17:20:40.442: 18:af:61:bb:55:2f 10.200.21.0 RUN (20) Unknown Policy timeout
*apfReceiveTask: Mar 20 17:20:40.442: 18:af:61:bb:55:2f 10.200.21.0 RUN (20) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: Mar 20 17:20:40.443: 18:af:61:bb:55:2f Scheduling deletion of Mobile Station:  (callerId: 12) in 10 seconds
*osapiBsnTimer: Mar 20 17:20:50.443: 18:af:61:bb:55:2f apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Mar 20 17:20:50.443: 18:af:61:bb:55:2f apfMsExpireMobileStation (apf_ms.c:5835) Changing state for mobile 18:af:61:bb:55:2f on AP 54:78:1a:2f:84:50 from Associated to Disassociated

*apfReceiveTask: Mar 20 17:20:50.443: 18:af:61:bb:55:2f Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds
*osapiBsnTimer: Mar 20 17:21:00.442: 18:af:61:bb:55:2f apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f Sent Deauthenticate to mobile on BSSID 54:78:1a:2f:84:50 slot 1(caller apf_ms.c:5929)
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f Setting active key cache index 8 ---> 8
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f Global PMK Cache deletion failed.
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f apfMsAssoStateDec
*apfReceiveTask: Mar 20 17:21:00.443: 18:af:61:bb:55:2f apfMsExpireMobileStation (apf_ms.c:5967) Changing state for mobile 18:af:61:bb:55:2f on AP 54:78:1a:2f:84:50 from Disassociated to Idle

 

https://tools.cisco.com/bugsearch/bug/CSCul43158

Symptom:Wireless devices are randomly disconnected every 5-10 minutes with unknown policy timeout message in debug client

Conditions:Clients using Central Web Authentication (CWA).
Workaround:none

More Info:

 

3 people had this problem
Labels:
0 Helpful
18 Replies 18

awatson20
Level 4
Level 4

‎03-20-2014 04:52 PM

We are running 7.4.121 code.  There is an option to adjust the user idle timeout under the wlan advanced tab.  I have that set to 36000.  The session timeout is disabled.  any ideas??

0 Helpful

derict
Level 1
Level 1
In response to awatson20

‎03-17-2015 01:49 AM

mine is with the following. Still trying to figure out why.

 

*osapiBsnTimer: Mar 17 12:58:05.949: f8:16:54:07:a8:78 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Mar 17 12:58:05.949: f8:16:54:07:a8:78 apfMsExpireMobileStation (apf_ms.c:6655) Changing state for mobile f8:16:54:07:a8:78 on AP 00:e1:6d:b2:a6:90 from Associated to Disassociated

*apfReceiveTask: Mar 17 12:58:05.949: f8:16:54:07:a8:78 Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds

 

*annyway, i've tried increasing the Session Timeout to 8hours and still testing it .. As my problem is not consistent, i have to monitor and see if its solved.

Preview file
40 KB
0 Helpful

SERGEY KAIDAN
Level 1
Level 1

‎04-09-2014 10:12 PM

 I have WLC 2504 and SW 7.6.110.0 + ISE 1.2 (with patchs 6 and 7) and I have the same problem.

Can somebody help ?

 

0 Helpful

awatson20
Level 4
Level 4
In response to SERGEY KAIDAN

‎04-10-2014 06:09 AM

We worked with Cisco on an engineering build in the 7.4 code that resolved this particular bug.

0 Helpful

rrivas.rudy
Level 1
Level 1

‎07-28-2014 02:38 PM

I have the same problem with Guest Users.

WLC 7.4.121

ISE 1.1.3.124  Patch 11

I need to know if you can resolve this issue with a WLC software update.

Thanks.

0 Helpful

awatson20
Level 4
Level 4

‎07-28-2014 03:18 PM

Yes. The fix is provided in and engineering release from Cisco. (7.4.121.17) open a TAC case.
0 Helpful

derict
Level 1
Level 1

‎03-12-2015 09:18 PM

I'm facing this issue at the moment. Wireless Client for Guest get disconnected between 10-20minutes.

WLC: 7.6.130.0 - which is Cisco Suggested release

NAC: 2.1.0

Based on the bug below, known fixed release is 7.6(130.1).

https://tools.cisco.com/bugsearch/bug/CSCul43158

Is there anyone that face with the same problem in version 7.6.130.0?

0 Helpful

awatson20
Level 4
Level 4
In response to derict

‎03-12-2015 09:25 PM

I was told that 7.6MR3(130) contained the fix.  We have been running in a 7.4 engineering build but are planning to upgrade to 7.6.130.0.  This is concerning, as this is a very disruptive problem.

0 Helpful

derict
Level 1
Level 1
In response to awatson20

‎03-12-2015 09:37 PM

I'm currently capturing logs for client and will analyze it again. Will inform you if i found the same problem.

0 Helpful

awatson20
Level 4
Level 4
In response to derict

‎03-13-2015 04:40 AM

I am very interested in knowing if 7.6.130.0 is affected by this bug.  Please let me know what you find out.

0 Helpful

derict
Level 1
Level 1
In response to awatson20

‎03-16-2015 04:07 AM

Hi, I found out that its not that issue.

0 Helpful

awatson20
Level 4
Level 4
In response to derict

‎03-16-2015 05:01 AM

Ok, I'm glad to hear that.

0 Helpful

Abraão Marques
Level 1
Level 1
In response to derict

‎12-19-2019 11:44 AM

I have the same problem

 

Logs 

*spamApTask2: Dec 19 16:03:14.465: [PA] No CCKM cache entries found to send to AP a4:56:30:5d:ef:40
*osapiBsnTimer: Dec 19 16:03:23.370: [PA]  apfMsExpireCallback (apf_ms.c:639) Expiring Mobile!
*apfReceiveTask: Dec 19 16:03:23.370: [PA]   Client already in disassociated state, not sending disassociation
*apfReceiveTask: Dec 19 16:03:23.370: [PA]   Setting active key cache index 8 ---> 8
*apfReceiveTask: Dec 19 16:03:23.370: [PA]   Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Dec 19 16:03:23.370: [PA]   Global PMK Cache deletion failed.
*apfReceiveTask: Dec 19 16:03:23.370: [PA]   Sent Deauthenticate to mobile on BSSID

 

 

 

i iPad disconnects from the network when it is connected to a specific access point., 

After, we make a configuration so that in a particular AP, the traffic flows through the secondary link, I am thinking about the possibility of a communication error between the server and the AP disconnecting, but I'm not sure.

 

Have you had this problem?

0 Helpful

TsvetanVladimirov81607
Level 1
Level 1
In response to Abraão Marques

‎12-19-2019 11:25 PM

Please tell us that you are not running 7.3 version yet.

However, make sure the iPads are on the latest software.

 

This output tells us that the device already had send disassociate to the WLC before the session has ended.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card