03-01-2021 06:16 AM - edited 07-05-2021 01:18 PM
Hello,
One of the devices (android phone) on the corporate WLAN is unable to connect.
No issues with apple device on the same WLAN and same AP.
Message on the phone:
time limit reached
Debug message on wlc at the time of connection:
debug di*osapiBsnTimer: Mar 01 12:50:25.466: 34:29:12:dd:b8:5c 802.1x 'timeoutEvt' Timer expired for station 34:29:12:dd:b8:5c and for message = M0
*Dot1x_NW_MsgTask_4: Mar 01 12:50:25.466: 34:29:12:dd:b8:5c Retransmit 1 of EAP-Request (length 96) for mobile 34:29:12:dd:b8:5c
Please advise if you experience similar issue.
Thank you.
Regards,
Daniel
03-01-2021 07:24 AM
- What controller-model and software version ?
M.
03-01-2021 07:30 AM
Model 5508
Software Version 8.3.150.0
Thank you.
03-01-2021 08:05 AM
- Seems close : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc80755/?rfs=iqvred
You may try the mentioned software version below :
AireOS 8.5.161.0 is a TAC supported release. For deployments with hardware that is end of lifed in 8.5, TAC recommends 8.5.161.x Escalation code (8.5.161.6 or above, available now from TAC.) 8.5 is the last train for the following platforms: AP1600, AP2600, AP3500, AP3600, AP1552 (128MB version), AP802, WLC2504, WLC5508, WLC7510, WLC8510, WiSM2. See the Product Bulletin for 8.5 End of Life plans.
03-01-2021 08:14 AM
Unfortunately, the current software version is the latest I can use to have 1140 and 1260 APs operational.
I have checked and I have enabled session timeout set to 43200.
Thanks
03-01-2021 08:19 AM
- Yeah , in the long-end you will need to make 'policy decisions' as the mentioned ap's and also the controller itself are now becoming more and more outdated.
M.
03-03-2021 02:00 AM
Just to be sure, can you post a longer debug output?
Do you maybe have any fancy features like 802.11r (FT) enabled? If yes, disable that on the SSID.
Does the device work on an open unencrypted SSID?
03-03-2021 02:13 AM
Device is working fine on other WLANs.
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
OSEN-1X................................. Disabled
SUITEB-1X............................... Disabled
03-03-2021 03:51 AM
With "other WLANs" you mean other installations, or do you mean other SSIDs you provide with the same WLC?
03-03-2021 03:56 AM
Other installations.
This specific SSID has over 200 clients that function without issues.
There is single device Huawei android phone that is unable to connect (message: time exceeded while trying to connect to network). On WLC I could see message 'timeoutEvt' Timer expired for station during debug client aaa for this MAC.
Thank you.
03-03-2021 04:42 AM
Ah a single device then (so far).
I found this old forum entry: https://community.cisco.com/t5/cisco-bug-discussions/cscvc80755-wlc-missed-eap-reponse-packet-from-phone/td-p/3355528
That person solved it by downgrading to the latest 8.2 release.
If you really want to spend that much time for this single client, here is the list of features by version:
If you don't need any of the added features in 8.3 you might want to downgrade.
Although I don't think it fixed the issue you see, there is also a special TAC release of 8.3.150.x, which fixes some other nasty bugs: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc14 you only get that by contacting TAC though.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: