Maybe, but why the problem

Germán Capdehourat · ‎04-28-2016

Hi all, I'm Germán Capdehourat from Plan Ceibal, the 1-1 education program in Uruguay.

We are testing a performance measurement suite we've developed which basically consists in a linux-based PC (runs Ubuntu) with several 802.11 radio cards (now we have 32 in one box).

We are having an issue in the association process, when all the clients connect to the AP, in a few seconds or minutes several of them are disconnected (the AP sends a Deauth message with reason code "Previous authentication no longer valid").

This was tested with an open network (no auth required) and with APs 2602 and 2702, both of them in flex mode and local auth, with versions 8.0.110.0 and 8.0.120.0.

In all cases, the script which associates the radios to the network, does it sequentially one after the other. Every time, from the 32 radios, 10 of them are disconnected by the AP with Deauth messages.

However, testing the same with a 2702 standalone AP, it works perfect, and no client is disconnected.

We are not aware if this is a kind of protection mechanism from a possible attack to the network, or if might be a bug.

I have the captures from the association process if needed.

Thanks anyone who can help us to understand this behaviour.

Regards,

Germán

ali aqrabawi · ‎04-28-2016

that reason code means the client is not responding to AP , so AP assume it left the BSSID , so it send that message .

can you share the capture ?

Germán Capdehourat · ‎04-28-2016

I attach a packet capture (it's 2.4GHz only, channel 11, we turn off 5GHz in the AP to test this).

At 43.89 sec you can find the first Association Request (all the client MACs are 80:19:34:XX:XX:XX).
At 211.37 sec you can find the first Deauthentication from the AP (MAC 88:1d:fc:8c:e9:c0) and in the following seconds the same message for 12 clients (the other 20 remain connected ok).

Thanks for your help.

ali aqrabawi · ‎04-28-2016

last packets sent from the client was frame.number == 29139 , after 16 seconds the AP sent the deauth previous authentication no longer valid ,

between those two frames there is nothing belong to that client, so i belive the client tried to roam to another AP , however it was unable to do so ,

please make sure that the flex APs in the site are in same flexconnect group , also make sure no coverage holes between the APs .

i recommend you to use "debug client <client MAC>" on the WLC to troubleshoot this issue , it will give you a better view of what the client/AP are doing during the issue .

Germán Capdehourat · ‎04-28-2016

I'll try to clarify the scenario, it is not a real operating network but just for testing purposes.

It's a single AP, only 2.4GHz enabled (channel 11) and 32 clients, generated from the same PC but with different NICs for each client.

So, no roaming nor coverage hole is possible (actually RSSI is below -60dBm for all of them).

Now I've tried the same with a WPA2-secured network and it works fine, no deauthentication messages nor disconnected clients.

ali aqrabawi · ‎04-28-2016

the issue could be related to the PC itself,

Germán Capdehourat · ‎04-28-2016

Maybe, but why the problem does not appear with the same AP but in standalone mode?

Association problem - Deauth messages by flex APs 2702/2602 with WLC 7500