01-08-2014 12:28 PM - edited 07-04-2021 11:55 PM
I am working in a High Density environment in a school that has an AP, 1140, in every class room to accomodate 20 to 30 clients connecting in each class room. Using PEAP as the authentication method with Windows 7 clients. Users are reporting that they have to leave the class room to get associated. Once associated, they can go back in the class romm and use their device just fine.
Trying to determine what would cause such a behavior.
01-08-2014 12:35 PM
What is the WLC software version you are running ? post "show sysinfo" of your WLC
Rasika
01-08-2014 12:36 PM
7.0.240
01-09-2014 05:18 AM
post wlan config, debug client and traplog.
01-09-2014 02:04 PM
50 Thu Jan 9 22:03:20 2014 Client Deauthenticated: MACAddress:00:26:82:ea:31
:c6 Base Radio MAC:00:23:eb:dc:d1:10 Slot: 1 User
Name: unknown Ip Address: unknown Reason:Unspecif
ied ReasonCode: 1
This is the trap log
Here is wlan config. Attached is client debug
WLAN Identifier.................................. 1
Profile Name..................................... SLCSD
Network Name (SSID).............................. SLCSD
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 31
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 536wlan
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 192.168.73.73 1812
--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
--More-- or (q)uit
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Enabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Disabled
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
01-09-2014 02:26 PM
Load Balancing................................... Enabled
Turn this off.
01-09-2014 03:28 PM
#client going on complete reauth on roaming. Did you configure flex group.
#Check if these AP having similar config ie., wlan to vlan mapping.
*apfMsConnTask_3: Jan 09 21:34:32.093: 00:26:82:ea:31:c6 Updated location for station old AP 00:26:cb:18:2e:d0-1, new AP 00:23:eb:dc:d7:e0-1
*apfMsConnTask_5: Jan 09 21:35:49.460: 00:26:82:ea:31:c6 Updated location for station old AP 00:23:eb:dc:d7:e0-1, new AP 00:23:eb:dc:d1:10-1
#Full Authentications seen due to Client not sending PMKIDs. When the PMKID
is sent, the WLC is able to match, and not request a full backend auth. In cases where
the PMKID is not sent, a full auth was required:
*apfMsConnTask_5: Jan 09 21:35:49.460: 00:26:82:ea:31:c6 Received RSN IE with 0 PMKIDs from mobile 00:26:82:ea:31:c6
assume you see this issue only on win 7 clients and not on other including MAC. Try enable client caching/fast reconnect on wireless supplicant and see that helps.
If client supports CCX5 then enable cckm on WLAN.
01-10-2014 07:09 AM
Yes, this only seems to be a win 7 issue, however my win 7 machine is fine, it is some older HP netbooks that are having issues.
I configured a flex group today, just to see if it would make any difference. No difference. Infact, it appears to be worse.
fast reconnect is already enabled on the clients. I have attached another debug file using the same client we worked with yesterday.
If we move far away enough from the AP, we finally get a connection. One thing I do notice is that there are a lot of EAP timeouts.
01-10-2014 08:38 AM
Can you post your show wlan
Sent from Cisco Technical Support iPad App
01-10-2014 08:50 AM
This project is an attempt at High density for a 1:1 deployment in a school. When I move into a part of the building that doesn't have quite as many APs, I have no issues. Even though 2.4 GHz is enabled, all of these problems are occuring on 5 GHz. I was beginning to think there may be co-channel interference issues, even on 5 GHz.
WLAN Identifier.................................. 1
Profile Name..................................... SLCSD
Network Name (SSID).............................. SLCSD
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 9
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 536wlan
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 192.168.73.73 1812
--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
--More-- or (q)uit
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Enabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Disabled
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
01-10-2014 08:53 AM
Please disable client load balancing
Sent from Cisco Technical Support iPhone App
01-10-2014 09:13 AM
I have tried that. It really hasn't seemed to make any difference at all.
01-10-2014 05:22 PM
What power levels are your AP at? Hopefully you should be down around a 3 maybe a 4. It could be that the clients are hearing too many AP, and the one that is closest is too hot for them to hear clearly.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
01-10-2014 05:43 PM
Steven,
I actually found a document about High density and made a few tweaks, one of which was the TPC settings to help RRM turn down the radios. They are at level 4 or lower. I also made 24 mbps the manditory data rate.
Now I did find some potential sources of interference, even in the 5GHz band that I will be looking into. The problem with the Interference is that CiscoPrime doesn't get too many radio interference alerts. I lean toward the interference issue because these netbooks stink in a certain part of the building, but other devices are not affected, such as a full laptop or ipads. Those HP drivers do stink! These are older netbooks and they have the latest driver that is available. Now, I am running somewhat older code. 7.0.240, but I am a little worried about updating in fear that I will break more of these netbooks. We have well over 1000 of these devices in 40 locataions.
01-11-2014 06:29 AM
Well... even if it doesn't.... you should still disable that, because in the long run, it will.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide