Solved: Client debug - connecting issue

Jeza-925 · ‎12-13-2020

Hi all,

I ran into a problem with one of our sites. Corporate clients are using 802.1x for authentication. Problem is that clients can't connect on wifi. I first thought that problem is with DHCP and not getting IP address, but it might be authentication issue. I did a debug for client on site that can't access network, and for other client on different site that is working fine.

We only have issue on this location, on other sites everything is ok. Reload of AP didn't help.

Can you please take a look into attached files and help me with the issue? Client first needs to authenticate and then it gets IP address, correct?

Thanks in advance.

marce1000 · ‎12-14-2020

- Below you will find the parsed output of the the files you attached by https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , you may want to re-run that again because the forum may wrap the output. Also look at the available settings (flags) at the top of the output which you may or can change accordingly.

1) client-ok.txt

TimeTaskTranslated

Dec 11 15:16:33.452	*apfMsConnTask_4	Client made new Association to AP/BSSID BSSID a0:ec:f9:50:d1:1e AP kr-sala_za_obuku-ap
Dec 11 15:16:33.452	*apfMsConnTask_4	The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Dec 11 15:16:33.453	*apfMsConnTask_4	The Reassociation Request from the client comes with 0 PMKID
Dec 11 15:16:33.453	*apfMsConnTask_4	Client is entering the 802.1x or PSK Authentication state
Dec 11 15:16:33.453	*apfMsConnTask_4	Client has successfully cleared AP association phase
Dec 11 15:16:33.453	*apfMsConnTask_4	WLC/AP is sending an Association Response to the client with status code 0 = Successful association
Dec 11 15:16:33.453	*apfMsConnTask_4	Client is trying to associate in 5 Ghz band
Dec 11 15:16:33.461	*Dot1x_NW_MsgTask_6	Client will be required to Reauthenticate in 28800 seconds
Dec 11 15:16:33.461	*Dot1x_NW_MsgTask_6	WLC/AP is sending EAP-Identity-Request to the client
Dec 11 15:16:35.599	*Dot1x_NW_MsgTask_6	WLC/AP is sending EAP-Identity-Request to the client
Dec 11 15:16:35.610	*Dot1x_NW_MsgTask_6	Client sent EAP-Identity-Response to WLC/AP
Dec 11 15:16:35.844	*Dot1x_NW_MsgTask_6	RADIUS Server permitted access
Dec 11 15:16:35.844	*Dot1x_NW_MsgTask_6	Client will be required to Reauthenticate in 28800 seconds
Dec 11 15:16:35.845	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Sending M1
Dec 11 15:16:35.866	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Received M2
Dec 11 15:16:35.866	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Sending M3
Dec 11 15:16:35.877	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Received M4
Dec 11 15:16:35.877	*Dot1x_NW_MsgTask_6	Client has completed PSK Dot1x or WEP authentication phase
Dec 11 15:16:35.878	*Dot1x_NW_MsgTask_6	Client has entered DHCP Required state
Dec 11 15:16:36.280	*DHCP Socket Task	Received DHCP request from client
Dec 11 15:16:36.287	*DHCP Socket Task	Received DHCP ACK from DHCP server
Dec 11 15:16:36.288	*DHCP Socket Task	Client has entered RUN state
Dec 11 15:16:36.288	*DHCP Socket Task	Received DHCP ACK, assigning IP Address 192.168.101.13

2) client-problem.txt

TimeTaskTranslated

Dec 11 14:41:50.371	*apfMsConnTask_6	Client made new Association to AP/BSSID BSSID 00:c8:8b:1b:96:3e AP vs-ap-Nis_Izgradnja
Dec 11 14:41:50.372	*apfMsConnTask_6	The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Dec 11 14:41:50.372	*apfMsConnTask_6	The Reassociation Request from the client comes with 0 PMKID
Dec 11 14:41:50.373	*apfMsConnTask_6	WLC/AP is sending an Association Response to the client with status code 17 = AP has reached the maximum supported clients
Dec 11 14:41:50.373	*apfMsConnTask_6	Client is trying to associate in 2.4 Ghz band
Dec 11 14:41:50.373	*apfMsConnTask_6	Client expiration timer code set for 10 seconds. The reason: Client deleted due to load balancing reject decision

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

JPavonM · ‎12-13-2020

Hi Jeza,

I can't see any DHCP Offer on VLAN300 on that capture from the DHCP server. Have you performed any packet capture at switch level to see if you are receiving it? Have you checked routing for that VLAN to the DHCP server? Have you checked that the pool is not depleted?

HTH
-Jesus
*** Please Rate Helpful Responses ***

marce1000 · ‎12-14-2020

- Below you will find the parsed output of the the files you attached by https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , you may want to re-run that again because the forum may wrap the output. Also look at the available settings (flags) at the top of the output which you may or can change accordingly.

1) client-ok.txt

TimeTaskTranslated

Dec 11 15:16:33.452	*apfMsConnTask_4	Client made new Association to AP/BSSID BSSID a0:ec:f9:50:d1:1e AP kr-sala_za_obuku-ap
Dec 11 15:16:33.452	*apfMsConnTask_4	The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Dec 11 15:16:33.453	*apfMsConnTask_4	The Reassociation Request from the client comes with 0 PMKID
Dec 11 15:16:33.453	*apfMsConnTask_4	Client is entering the 802.1x or PSK Authentication state
Dec 11 15:16:33.453	*apfMsConnTask_4	Client has successfully cleared AP association phase
Dec 11 15:16:33.453	*apfMsConnTask_4	WLC/AP is sending an Association Response to the client with status code 0 = Successful association
Dec 11 15:16:33.453	*apfMsConnTask_4	Client is trying to associate in 5 Ghz band
Dec 11 15:16:33.461	*Dot1x_NW_MsgTask_6	Client will be required to Reauthenticate in 28800 seconds
Dec 11 15:16:33.461	*Dot1x_NW_MsgTask_6	WLC/AP is sending EAP-Identity-Request to the client
Dec 11 15:16:35.599	*Dot1x_NW_MsgTask_6	WLC/AP is sending EAP-Identity-Request to the client
Dec 11 15:16:35.610	*Dot1x_NW_MsgTask_6	Client sent EAP-Identity-Response to WLC/AP
Dec 11 15:16:35.844	*Dot1x_NW_MsgTask_6	RADIUS Server permitted access
Dec 11 15:16:35.844	*Dot1x_NW_MsgTask_6	Client will be required to Reauthenticate in 28800 seconds
Dec 11 15:16:35.845	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Sending M1
Dec 11 15:16:35.866	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Received M2
Dec 11 15:16:35.866	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Sending M3
Dec 11 15:16:35.877	*Dot1x_NW_MsgTask_6	4-Way PTK Handshake, Received M4
Dec 11 15:16:35.877	*Dot1x_NW_MsgTask_6	Client has completed PSK Dot1x or WEP authentication phase
Dec 11 15:16:35.878	*Dot1x_NW_MsgTask_6	Client has entered DHCP Required state
Dec 11 15:16:36.280	*DHCP Socket Task	Received DHCP request from client
Dec 11 15:16:36.287	*DHCP Socket Task	Received DHCP ACK from DHCP server
Dec 11 15:16:36.288	*DHCP Socket Task	Client has entered RUN state
Dec 11 15:16:36.288	*DHCP Socket Task	Received DHCP ACK, assigning IP Address 192.168.101.13

2) client-problem.txt

TimeTaskTranslated

Dec 11 14:41:50.371	*apfMsConnTask_6	Client made new Association to AP/BSSID BSSID 00:c8:8b:1b:96:3e AP vs-ap-Nis_Izgradnja
Dec 11 14:41:50.372	*apfMsConnTask_6	The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Dec 11 14:41:50.372	*apfMsConnTask_6	The Reassociation Request from the client comes with 0 PMKID
Dec 11 14:41:50.373	*apfMsConnTask_6	WLC/AP is sending an Association Response to the client with status code 17 = AP has reached the maximum supported clients
Dec 11 14:41:50.373	*apfMsConnTask_6	Client is trying to associate in 2.4 Ghz band
Dec 11 14:41:50.373	*apfMsConnTask_6	Client expiration timer code set for 10 seconds. The reason: Client deleted due to load balancing reject decision

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '