03-19-2024 07:46 AM
Hi,
we are running 9800 CL for some time now and have issues with PSK SSIDs. We have couple of them and the same issue appears on all of them despite slighly different configuration. The issue I see on DNAC for those clients is always like this:
Details
AUTH Server | 0.0.0.0 |
WLC Name | wlc-a.eu-central-1.compute.internal |
SubReasonType | Disassociation Due to Inactivity |
Delete Reason Description | Client Authentication failed due to M5 retransmit max tries. |
Frequency(GHz) | 5.0 |
And inside it:
<meta charset="utf-8" />
Authenticating | 2:37:15.487 PM | AAA Unknown Error | |
Authenticating | 2:37:15.487 PM | Group Key Update Timeout | |
Authenticating | 2:37:15.487 PM | 4 Way Key Exchange Failure - M3 M4 Key Exchange Timeout |
First of all we are running only Flex connect APs and have a central controller + ISE in AWS. Our WLANs have central authentication and switching disabled so I don't understand where does this timeout comes from, all communication should be between AP and the client. The signal strength is not an issue, this happens for various users (windows+mac) and it's not like a roaming issue. I tried fiddling with security protocols, fast transition modes etc but nothing solved this completely. Did anyone had similar issues and can advise how to troubleshoot this, or at least what could be the cause of this. Cert based SSIDs work without issues, I don't understand why the PSK ones are causing so much trouble if the users don't have any issues using other PSK networks (not a client driver issue)
Thank you for any advice
03-19-2024 11:05 AM
- I would advise to dig deeper with client debugging too according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , these debugs can be analyzed with Wireless Debug Analyzer
Check if anything comes up related to the DNAC errors ; you may also find these commands useful :
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#anc5
M.
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide