07-12-2013 05:20 AM - edited 07-04-2021 12:24 AM
Hi, users are reporting frequent dropouts from the wireless network. The logs show some of the events below:
*apfReceiveTask: Jul 12 08:51:10.854: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'suguest'. Marking interface dirty.
AP 'AP4c4e.3557.8bf7', MAC: 20:bb:c0:65:dc:40 disassociated previously due to AP Reset. Uptime: 0 days, 05 h 11 m 54 s . Last reset reason: operator changed 11g mode.
Rogue AP : c4:0a:cb:a4:7f:71 removed from Base Radio MAC : a4:18:75:64:07:30 Interface no:0(802.11b/g)
Rogue AP : 00:08:30:38:01:b1 detected on Base Radio MAC : 3c:ce:73:57:f1:10 Interface no:0(802.11b/g) on Channel 1 with RSSI: -88 and SNR: 9 and Classification: unclassified
Rogue AP : 08:d0:9f:86:fe:71 detected on Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g) on Channel 11 with RSSI: -88 and SNR: 5 and Classification: unclassified
Rogue AP : c4:0a:cb:2c:0c:c0 detected on Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g) on Channel 11 with RSSI: -83 and SNR: 12 and Classification: unclassified
Rogue AP : c4:0a:cb:2c:2f:c0 removed from Base Radio MAC : b4:e9:b0:af:cd:70 Interface no:0(802.11b/g)
Rogue AP : 82:7d:5e:79:35:6f removed from Base Radio MAC : b4:e9:b0:af:cd:70 Interface no:0(802.11n(2.4 GHz))
IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP0006.f616.e8de, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 1, srcMac: 82:7D:5E:79:35:6F
IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-Mac, Detecting AP Name: AP0006.f616.e8de, Radio Type: 802.11b/g, Preced: 5, Hits: 300, Channel: 1, srcMac: 82:7D:5E:79:35:6F
Rogue AP : 0c:85:25:32:1d:40 removed from Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g)
Can anyone help me troubleshoot?
Thanks.
Solved! Go to Solution.
07-16-2013 01:46 PM
You are running 7.2, but it appears you did not install the FUS since the recovery image is 6.x. I would suggest installing the FUS as you can run into some WLC stability issues if you don't.
07-12-2013 05:27 AM
It's rather inconclusive as to what's going on based on your logs. Your logs show a few things.
1. Dhcp interface marked dirty means something is likely wrong with your dhcp server. I would check to make sure the dhcp server is working. No dhcp would break clients trying to get on the network
2. The second log item states the network went down because someone changed it to 802.11g. Note where it says operator
3. The third item is typical rogue reports
I might suggest seeing this issue with your own eyes. Also check that dhcp server ..
Sent from Cisco Technical Support iPad App
07-12-2013 06:19 AM
Thanks George.
1. The dhcp server appears to be working. Users are currently getting addresses and connecting.
2. Do you know what would change the mode to 802.11g? No changes were made to the configuration but this item appears in the logs numerous times.
3. There are other APs in the area; is this a red herring?
Thanks.
07-12-2013 06:56 AM
You don't have RLDP enabled do you?
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-12-2013 07:41 AM
Hi Scott, it is not enabled:
Rogue Policies
Rogue Location Discovery Protocol MonitorModeAps AllAps Disable
Expiration Timeout for Rogue AP and Rogue Client entries 1200 Seconds
Validate rogue clients against AAA Enabled not checked
Detect and report Ad-Hoc Networks Enabled checked
Rogue Detection Report Interval (10 to 300 Sec) 10
Rogue Detection Minimum RSSI (-70 to -128) -128
Rogue Detection Transient Interval (120 to 1800 Sec)
Auto Contain
Auto Containment Level 1
Auto Containment only for Monitor mode APs Enabled not checked
Rogue on Wire Enabled not checked
Using our SSID Enabled not checked
Valid client on Rogue AP Enabled not checked
AdHoc Rogue AP Enabled not checked
Should I enable it?
07-13-2013 04:43 AM
No. This will cause issues with client being disconnected to look for rogues.
Sent from Cisco Technical Support iPhone App
07-12-2013 07:09 AM
It's hard to say.. I might suggest checking the issue out for yourself. Do you have specific clients that are having this problem ?
Sent from Cisco Technical Support iPad App
07-12-2013 07:44 AM
Thanks George, the feedback from the users did not indicate any pattern as such, they said it happened randomly and would lose connectivity. The SSID also disappeared from their search.
I am going to attend the site next week. Are there any steps you recommend I take whilst there, to help identfy the issue?
Thanks.
07-12-2013 01:43 PM
What firmware is the WLC running on?
Sent from Cisco Technical Support Nintendo App
07-13-2013 04:47 AM
Take a look at the AP from the GUI. Open up the AP and on the main page toward the bottom you will see two values. One is uptime and the other is join time. If the ap looses power, the uptime will reflect that. Is there is a connectivity issue the join time will reflex that. The uptime should be a higher to what the join time is but should be close. AP's moving to another WLC can also cause the join time to be much lower than the uptime.
Sent from Cisco Technical Support iPhone App
07-13-2013 05:54 AM
Indeed .. Try and catch the issue yourself .. Again look for a pattern. If you can reproduce the issue run a client debug . Is this WLAN any different from the others ?
Sent from Cisco Technical Support iPad App
07-13-2013 10:06 AM
haven't gone through all replies.
1. isnit hreap setup? what is the code version?
2. do you disable 802.11g on your wlc?
Sent from Cisco Technical Support iPad App
07-16-2013 02:42 AM
Thanks All, went to sight and there were a few issues. I rebooted a couple of the APs and they started working again. I need to install another AP to improve coverage in one particular area.
Leo,
Model 5508
Software Version 7.2.103.0
Field Recovery Image Version 6.0.182.0
Scott,
The difference between uptime vs join time is quite large on some of the AP:, ~50days vs ~4days, others are same e.g. 4days vs 4days.
Shaoqin,
1. I could not find the hreap option, in its place is flexconnect. 802
2. 802.11g is enabled
A little concerned a reboot resolved a few of the issues. I'll monitor these APs to check if they lose connection again.
Thanks.
07-16-2013 01:46 PM
You are running 7.2, but it appears you did not install the FUS since the recovery image is 6.x. I would suggest installing the FUS as you can run into some WLC stability issues if you don't.
08-23-2013 07:36 AM
Thanks All, upgraded FW and been monitoring this for a while; seems stable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide