Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
15
Helpful
5
Replies

Client connection issue after update WLCs to 8.10

Heiko Kelling
Level 1
Level 1

‎11-23-2022 05:09 AM

Hello wireless community,

we have 4 small locations, each with a Cisco 3504 controller and 15-20 x 1832I APs each, plus another bigger location with a vWLC and about 80 x 1832I APs. So far the firmware 8.9.100 was used and everything ran smoothly without any complaints. We have now updated a site with 3504 to version 8.10.171 and users were complaining about problems connecting to the WLAN. There are 3 SSIDs at all locations, which bridge into separate Vlans via Flex Connect. We then investigated the problem and it is indeed the case that numerous devices from different manufacturers cannot connect to the SSIDs (WPA2 auth). Some devices rarely come into the WLAN. Then we did a downgrade and everything went great again as before. Later we also have the update on the vWLC from 8.9.100 to 8.10.171 at the bigger location. Same problem! Then tested with various other 8.10. versions. Same problem. So downgrade, everything ok again. Then tested an 8.8, everything was ok.

In summary: 8.8 > good; 8.9 > good; 8.10 bad

Has anyone had similar experiences? It is a very simple structure (Flex Connect, WPA2). What changed in 8.10 that can create such a fundamental problem?

 

 

0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎11-23-2022 05:31 AM

 

       - FYIhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd37092

 Check this article too : https://community.cisco.com/t5/wireless-mobility-knowledge-base/aireos-8-10mr8-escalation-special/ta-p/4715772

   Resolved inhttps://software.cisco.com/download/specialrelease/53112f47f8edc7e11a26a8c0580915fa

 M.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Heiko Kelling
Level 1
Level 1
In response to marce1000

‎11-23-2022 06:02 AM

Hello marce1000,

I´m not sure if this is really our issue, because we have it with all 8.10 versions. 8.10.181 we have not tested, only 8.10.171 and older 8.10 versions. tcp-adjust-mss size 1250 is already set. We don´t use 802.1X, only WPA2.

0 Helpful

marce1000
VIP
VIP
In response to Heiko Kelling

‎11-23-2022 07:22 AM

 - I was a bit in doubt too  ,but I gave that information because at  a certain point you said 8.10.x is bad; I would have the configuration of a or the controllers checked with https://cway.cisco.com/tools/WirelessAnalyzer/ , which is always useful after an upgrade too , for problematic clients use client debugging and have these analyzed with : https://cway.cisco.com/tools/WirelessDebugAnalyzer/

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Scott Fella
Hall of Fame
Hall of Fame

‎11-23-2022 07:06 AM

Never had any issues with PSK when upgrading to 8.10.x.  Maybe run a diff with your config on 8.9 and then when you upgrade to 8.10 and see if a bit on your WLAN has changed or a feature was added.  What you should do is test with a controller on 8.10 and create the SSID new.  First start with an open SSID and make sure that works and then try PSK.  Don't enable all the features in the WLAN. start with the basic and work up until it breaks, then you will know what config bit breaks your environment.

-Scott
*** Please rate helpful posts ***

Rich R
VIP
VIP

‎11-24-2022 04:27 PM

Agreed with Scott - it's most likely one of the new features on the WLAN so compare configs side by side.
Things like PMF, FT etc can be troublesome.  We ran 8.10.162.0 for a long time without any trouble and now 8.10.181.0 also good (we're not affected by the bug mentioned above)
Did you run a debug on one of the clients with a problem?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card