Re: Cisco Mobility Express (disconect of clients )

Jaro · ‎07-20-2017

Hi,

I have

- 4 x Cisco APs 1852i, which are set in Mobility Express mode with version VID: 8.3.112.0.

- This APs are connected to the SG-300 SW

ISSUE

Random clients (it doesn´t matter if android, apple), gotting limited connection (no access to the Internet) and they have to dissconnect and again connect on wifi.

I got this types of error logs:

*Dot1x_NW_MsgTask_0: Jun 21 09:22:00.650: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:1020 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; KeyLen 40, Key type 1, client XX:XX:XX:XX:XX:XX

*Dot1x_NW_MsgTask_0: Jun 21 09:07:19.316: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:451 Invalid replay counter from client YY:YY:YY:YY:YY:YY - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01

*dot1xMsgTask: Jun 21 09:07:17.717: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1683 Unable to send EAPOL-key msg - invalid WPA state (0) - client ZZ:ZZ:ZZ:ZZ:ZZ:ZZ

NOTE: I found bug below, but device, which is affected is WLC 5500 (I don´t use WLC hardware device) - I changed broadcast key to 86400(still same issue)

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuc78713;jsessionid=B768247754C820510D53EBFF39A3816D

Ping test:

I have device which is connected to mentioned wifi, on that device is set infinity ping on AP(with WLC funciton). I getting (always 5s) request time-out approximately 15 times per 1 hour.

so 15. 07. 2017 14:43:50,77 - Reply from X.X.X.X: bytes=32 time=2ms TTL=64
so 15. 07. 2017 14:43:51,86 - Request timed out.
so 15. 07. 2017 14:43:56,59 - Reply from X.X.X.X: bytes=32 time=101ms TTL=64

Maybe different problem:

Restart (Still about same 4x APs 1852i)

Yesterday morning, 2 devices(APs 1852i) , connected to PoE SW (cisco SG-300), were probably restarted, not in same time, but approximately 1 hour later (any eletrical break, connected to UPS, and another 2 APs working without break)

This logs are from SW SG-300

I don´t have logs from AP (1852i) , because that logs are lost after restart.

19-July-2017 09:36:35 :%LINK-I-Up: gi22, aggregated (1)

19-July-2017 09:36:32 :%LINK-W-Down: gi22, aggregated (1)

19-July-2017 09:35:24 :%STP-W-PORTSTATUS: gi22: STP status Forwarding

19-July-2017 09:35:20 :%LINK-I-Up: gi22

19-July-2017 09:35:16 :%LINK-W-Down: gi22

Do you have any idea, how to fix this issues?

Thank you very much

patoberli · ‎07-20-2017

You might want to upgrade to 8.3.121.0, unless you use voice in your wifi, then to not use this version. This release is brand new though.

Release notes: http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn83mr2.html

A lot of issues with the x8xx series AP were fixed in this release.

See here for more info about the voice issue and another AVC issue:

http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html#anc9

It's recommended to disable AVC (not enabled by default) if you want to use 8.3.121.0.

Jaro · ‎08-14-2017

Thanks for help, when I have tried to update Mobility express, it didn´t work. I don´t know why.

I normaly uploaded software (unziped) it works properly, but there wasn´t any option to restart AP.

There was only Update now, Apply , Schedule and Abort. After restart through CLI it was booting with old version, and when I applied apply button it showed me, that no all my AP are updated (when i tested it with one AP only).

When I will test update of Mobility express, it is possible with one device only ? Or should I plug more devices as APs and one device as WLC ?

Thank you

patoberli · ‎09-11-2017

Sorry for the late answer, was on holiday.

Normally when you do an upgrade, first the main AP will be upgraded and then the reboot will be offered. I don't know the exact process for mobility express, but you will find it in the manual (also the Release Notes).

Jaro · ‎09-25-2017

Hello,

NP, thanks for answer,

I have already upgraded ME, but nothings changed, clients still geting randomly disconnects, mainly Apple clients, maybe one or two windows clients.

What is interest, that client is as connected, it have IP configuration, but it is not able to ping nothing.

do you have any idea how to solve it?

patoberli · ‎09-25-2017

Can you reproduce the error?

If yes, you should be able to run a "debug client here-its-macaddress" on the ME or maybe the AP where the client is currently connected to. This should produce a lot of logfiles on the console about the client and maybe the error that happens.

I have never used the ME platform, so I don't know if this command exists and will work though, sorry I can't help any further.

Jaro · ‎09-29-2017

Thanks, for your answers, now I will try to collect logs, and than we will see.

What was very interesting, that client who use Mac book, had assignated IP address, from Mobility Express I saw him as connected to, I was not able to ping client from ME, and from client site the same.

Thank you

Ariq · ‎06-23-2019

I exactly have the same problem. I have 9ME 1852I deployed in 3 Zones (3 AP in each zone). and Under 1 AP, the users gets disconnected. the OS version is 8.5.135.0. Users connected under 1 AP continuously getting disconnected. the SSID Gets disappeared and appears after a while. users gets disconnected continuously . Besides, users Sitting like 10 feet away gets poor signal strength.

Let me know if you have solved the problem.

patoberli · ‎06-23-2019

You could give 8.5.151.0 a try, which was just released.

Ariq · ‎06-23-2019

I solved the problem after changing the uplink cable and port. Currently the system is stable now. I have not found any problem yet. Its done today. SO im monitoring the system now . May be there was some data transmission issue due to cable (im not sure) but AP comes to stable state after changing the Switch port and Uplink cable.

Lets wait and see.