10-02-2024 11:49 PM
hello experts , i have a very strange issue
i have HP G8 laptops which connect to 9136i ap's on the wlan which is enabled for 802.1x using EAP-TLS with cisco ISE 3.2. the controller is 9800 which is running 17.9.5 . the wlan is enabled with FT enabled + FT 802.1x . when client roams from one ap to other it is getting dropped and i can see the following on the debug trace. the ssid is only enabled with 5GHZ and 2.4/6 GHZ is disabled. should i disable 802.11r and FT 802.1x and then test ?
sometimes the client does a full 802.1x when it gets roamed to the new ap and sometimes it just completes 4-way and gets an IP address
i did a lot of digging and we have tried increasing the EAP timers, still the issue persists. should we disable
1st condition
the client associates, gets authenticated, completes 4-way handshake, gets an IP address then gives the below message and gets deleted
2024/10/01 12:02:48.895225671 {wncd_x_R0-1}{1}: [dot11] [18633]: (info): MAC: xxx.xxx.xxx DOT11 state transition: S_DOT11_ASSOCIATED -> S_DOT11_TO_DELETE
2024/10/01 12:02:48.895451358 {wncd_x_R0-1}{1}: [client-orch-sm] [18633]: (info): MAC: xxx.xxx.xxx Deleting the client, reason: 69, CO_CLIENT_DELETE_REASON_CLIENT_EAP_TIMEOUT_FAILURE, Client state S_CO_RUN
2024/10/01 12:02:48.895528142 {wncd_x_R0-1}{1}: [client-orch-sm] [18633]: (note): MAC: xxx.xxx.xxx Client delete initiated. Reason: CO_CLIENT_DELETE_REASON_CLIENT_EAP_TIMEOUT_FAILURE, details: , fsm-state transition 00|00|00|00|00
2nd condition
the client associates, gets authenticated, completes 4-way handshake, gets an IP address then gives the below message and gets deleted
2024/10/01 12:02:49.531774651 {wncd_x_R0-1}{1}: [client-orch-sm] [18633]: (ERR): MAC: xxx.xxx.xxx Mobility failure during fast roam, as policy is not received from handoff and PMK do not have policy as well.
2024/10/01 12:02:49.531781613 {wncd_x_R0-1}{1}: [client-orch-sm] [18633]: (info): MAC: xxx.xxx.xxx Deleting the client, reason: 232, CO_CLIENT_DELETE_REASON_FASTROAM_MOBILITY_FAILURE, Client state S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
2024/10/01 12:02:49.531800769 {wncd_x_R0-1}{1}: [client-orch-sm] [18633]: (note): MAC: xxx.xxx.xxx Client delete initiated. Reason: CO_CLIENT_DELETE_REASON_FASTROAM_MOBILITY_FAILURE, details: , fsm-state transition 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|01|07|15|1a|1b|2c|36|
10-02-2024 11:55 PM
@atifali.zaidi1 wrote:
i have HP G8 laptops
What is wireless NIC and the wireless NIC drivers?
10-02-2024 11:56 PM
latest drivers have been installed recently. dont have the exact NIC info
10-03-2024 01:41 AM
@atifali.zaidi1 wrote:
latest drivers have been installed recently. dont have the exact NIC info
I repeat: What is wireless NIC and the wireless NIC drivers?
10-02-2024 11:55 PM
one more thing to add is 802.11k is enabled on the ssid with prediction optimization + neighbor list
10-03-2024 01:14 AM
- Note that you can have these and other (full) client debugs analyzed with : Wireless Debug Analyzer
+ Have a checkup of the 9800 controller's configuration with the CLI command
show tech wireless (not simple 'show tech') and feed the output from that into
Wireless Config Analyzer
- As 17.9.x is gradually getting EOL now consider upgrading to17.12.3
You may find these info's useful :
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214855-ios-xe-wireless-feature-list-per-release.html
M.
10-03-2024 01:16 AM
M.
10-03-2024 11:30 PM
Are your clients running Win10? Look if you maybe impacted by this Windows defect:
https://community.meraki.com/t5/Wireless/Wireless-Invalid-MIC-EAPoL-4-way-handshake-is-failling/m-p/243560?utm_source=communitymembers&utm_medium=email&utm_campaign=immediate_general%27#M33500
Try how does it like by disabling any roaming algorythm (802.11r and OKC with "no okc") and relying in full reauthentications.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide