AP1200 won't permit multiple clients to associate

npritchett · ‎05-13-2005

I have a few Aironet 1200's running 12.2(11)JA3 with WVLAN'ing. Users on one of the WVLANs complain that more than one wifi client cannot associate at a time. If the currently associated client signs off, the next one is immediately able to get on.

LEAP authentication is used on that WVLAN and one of the AP's in the network serves as the RADIUS authentication server. Wifi cards are AIR-LCM350's, ACU version is 6.2.012.

I did some wireless packet sniffing using Ethereal and confirmed when that when a second client came along, the access point sent an 802.11b management frame to the client with status code 0x11 "Association denied because AP is unable to handle additional associated stations". Only one association was in progress.

Any suggestions on what I or the access point are doing wrong?

sstudsdahl · ‎05-13-2005

For the SSID in question, do you have a max-associations command configured? This command can be used per SSID to limit the number of associations to the SSID on the AP.

Steve

npritchett · ‎05-13-2005

No, max-associations is not configured. Is there a SHOW command that displays what value the access point is currently working with?

sstudsdahl · ‎05-13-2005

I'm not sure of a command that can be used to verify the value. According to the documenation, the default is 255 associations. If you don't have the command associated to the SSID in question, I would expect the number to indeed be 255. Here's a link to the command reference guide for this command.

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1200/accsspts/b12211ja/b12211cr/cr11main.htm#wp2459069

Other than the max-associations, I'm not sure what could be limiting this. You might try setting the logging on the AP to debug, logging buffered debug and see if there are any messages that show up that may help pinpoint the problem.

Another idea may be to try using some debug commands if nothing comes up in the log of the AP. Debug may not be an option depending on how busy the AP is. If only 1 client can connect at a timee, I would guess debug to be safe. The initial debug command that I was thinking of is debug dot11 events but I'm not sure if that would show any information that would be helpful or not.

Steve

npritchett · ‎05-13-2005

Already been there with the debugging statements. Nothing has jumped out at me yet. It wasn't until I did the wireless packet sniffing that I got some clue what was happening.

The other place I thought something might be going wrong is with the RADIUS authentication. Any thoughts there?

scottmac · ‎05-14-2005

It it possible that the AP is plugged into a switch that has 802.1x authentication configured?

You could (for the sake of experimentation) set up the AP (or another SSID) for "open" and see if the problem persists.

Good Luck

Scott

npritchett · ‎05-14-2005

Scott,

The 802.1x authentication is good angle I wouldn't have thought of; but the switch is a 3500XL series and doesn't do 802.1x.

All of these AP's have multiple SSIDs already. Multiple clients are routinely on the other SSIDs, though I have not tested to see if people can get on the other SSIDs at the same time multiple users cannot get on this one using LEAP. The other SSIDs I have are using WPA/TKIP, Static WEP, open access.