A single client keeps authenticating and deauthenticating

glen4cindy · ‎03-21-2021

I'm having one final issue with this Cisco AP 1142.

I have a single client that appears to be connected and getting updates.

It's a small ESP8266 based weather station.

Below is a list of some log entries showing this activity:

001984: *Mar 21 21:38:31.307 -0500

Interface Dot11Radio0, Station 6001.9438.0782 Associated KEY_MGMT[WPAv2 PSK]

001983: *Mar 21 21:38:31.282 -0500

Interface Dot11Radio0, Deauthenticating Station 6001.9438.0782 Reason: Sending station has left the BSS

001982: *Mar 21 21:38:15.478 -0500

Interface Dot11Radio0, Station 6001.9438.0782 Associated KEY_MGMT[WPAv2 PSK]

001981: *Mar 21 21:38:15.465 -0500

Interface Dot11Radio0, Deauthenticating Station 6001.9438.0782 Reason: Sending station has left the BSS

001980: *Mar 21 20:37:33.429 -0500

Interface Dot11Radio0, Station 6001.9438.0782 Associated KEY_MGMT[WPAv2 PSK]

001979: *Mar 21 20:37:33.412 -0500

Interface Dot11Radio0, Deauthenticating Station 6001.9438.0782 Reason: Sending station has left the BSS

Config log:

! Last configuration change at 22:07:14 -0500 Fri Mar 19 2021
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ap
!
!
logging rate-limit console 9
no logging console
enable secret 5 XXXXXXXXXXXXXXXXXX
!
no aaa new-model
clock timezone -0600 -6 0
clock summer-time -0500 recurring
no ip source-route
no ip cef
ip domain name cisco.local
!
!
!
!
dot11 pause-time 100
dot11 syslog
dot11 activity-timeout unknown default 6000
dot11 activity-timeout client default 6000
!
dot11 ssid JesusIsLord
   authentication open 
   authentication key-management wpa version 2
   accounting acct_methods
   guest-mode
   wpa-psk ascii 7 XXXXXXXXXXXXX
   no ids mfp client
!
dot11 ssid JesusIsLord_5G
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 XXXXXXXXXXXXXX
!
!
!
power inline negotiation prestandard source
no ipv6 cef
!
!
username Cisco password 7 XXXXXXXXXXXXX
username XXXX privilege 15 password 7 XXXXXXXXXXXXXXXXX
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid JesusIsLord
 !
 antenna gain 0
 speed  basic-12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 station-role root
 no dot11 extension aironet
 l2-filter bridge-group-acl
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 input-address-list 700
 bridge-group 1 output-address-list 700
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid JesusIsLord_5G
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 channel width 40-above
 channel dfs
 station-role root
 dot11 dot11r pre-authentication over-air
 no dot11 extension aironet
 l2-filter bridge-group-acl
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 input-address-list 700
 bridge-group 1 output-address-list 700
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 l2-filter bridge-group-acl
 bridge-group 1
 bridge-group 1 input-address-list 700
 bridge-group 1 output-address-list 700
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 0022.bd18.b290
 ip address 192.168.86.90 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
!
ip default-gateway 192.168.86.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
no cdp run
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end

Thanks in advance.

Anjana A · ‎03-22-2021

Hi glen4cindy,

Please confirm whether only one user is facing the issue or all the connecting users?

check with the below commands

cisco#clear dot11 client 0011.2233.4455  <= deauthenticate a client
cisco#clear int dot11radio0              <= reset a radio
cisco#reload                    <= reboot the AP

glen4cindy · ‎03-22-2021

Hello Anjana A,

This is primarily happening to the client with MAC address 6001.9438.0782 which is my ESP8266 weather station. I should say this device seems to have the current weather forecast and the correct time and temperature.

It does happen to other clients on occasion. Again they seem to reconnect within a matter of seconds or less.

I'm at a loss here as to the cause.

JPavonM · ‎03-22-2021

I would say try to select a lower data rate as mandatory (6-Mbps if you want to leave 802.11b stations out of your network, or maybe 2-Mbps). In your current config using12-Mbps rate as basic you are preventing distant stations to associate. If your weather station is close to the fuzzy boundary where 12-Mbps could be used, then the station could disassociate from while to while.

Also check with an OTA packet capture the rates that your weather station support. Sometimes they use cheaper chipset not always supporting all of the features from the standard, or taking wrong connectivity decisions because of this.

HTH
-Jesus
*** Please Rate Helpful Responses ***

patoberli · ‎03-25-2021

Alternatively, move the station closer to the AP. If it stays stable, it's indeed a signal problem. If it still reconnects often, it could be a firmware issue on the ESP8266, there have been many updates to them in the past.

glen4cindy · ‎03-25-2021

Thanks everyone,

I did quite a bit of experimentation with data rates finally settling on "Best Range" and all of the activity I mentioned has stopped.

My next step will be to move the AP closer and change things a bit.

If I still find issues I'll be happy knowing it's a chipset issue with the ESP8266.