Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2833
Views
3
Helpful
12
Replies

Clients Intermittently Dropping from Wi-Fi

malone352
Level 1
Level 1

‎05-16-2023 02:53 AM

Hi all,

I just deployed a 9800 vWLC for a customer, they are using 802.1x PEAP authentication against ISE and AD. Clients are reporting they drop from Wi-Fi occasionally and have to manually connect to the SSID again.

Log below showing state of client as they experience the issue

On the WLAN itself I have FT and Aironet IE disabled, session timeout set to 14400 and idle is 3600

2023/05/16 08:41:10.613361 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX Association received. BSSID 10a8.29fc.6c6e, old BSSID 10a8.29fc.656e, WLAN CUST Corporate, Slot 1 AP 10a8.29fc.6c60, MHN_AP_04
2023/05/16 08:41:10.613710 {wncd_x_R0-0}{1}: [dot11-validate] [19913]: (ERR): MAC: 9859.7a47.XXXX Failed to dot11 ie validate aironet ipaddr. Aironet ipaddr IE is not present in Assoc Request
2023/05/16 08:41:10.614004 {wncd_x_R0-0}{1}: [dot11] [19913]: (note): MAC: 9859.7a47.XXXX Association success. AID 2, Roaming = True, WGB = False, 11r = False, 11w = False Fast roam = False
2023/05/16 08:41:10.614196 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX Delete mobile payload sent forbssid: 10a8.29fc.656e WTP mac: 10a8.29fc.6560 slot id: 1
2023/05/16 08:41:10.614197 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX DELETE mobile sent to BSSID 10a8.29fc.656e
2023/05/16 08:41:10.614314 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_RUN -> S_CO_L2_AUTH_IN_PROGRESS
2023/05/16 08:41:10.615400 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX ADD MOBILE sent. Client state flags: 0x1 BSSID: MAC: 10a8.29fc.6c6e capwap IFID: 0x90000034
2023/05/16 08:41:10.623402 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX L2 Authentication initiated. method DOT1X, Policy VLAN 0, AAA override = 1 , NAC = 0
2023/05/16 08:41:25.124509 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX Association received. BSSID 10a8.29fc.656e, old BSSID 10a8.29fc.6c6e, WLAN CUST Corporate, Slot 1 AP 10a8.29fc.6560, MHN_AP_02
2023/05/16 08:41:25.124597 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_L2_AUTH_IN_PROGRESS
2023/05/16 08:41:25.124707 {wncd_x_R0-0}{1}: [dot11-validate] [19913]: (ERR): MAC: 9859.7a47.XXXX Failed to dot11 ie validate aironet ipaddr. Aironet ipaddr IE is not present in Assoc Request
2023/05/16 08:41:25.124907 {wncd_x_R0-0}{1}: [dot11] [19913]: (note): MAC: 9859.7a47.XXXX Association success. AID 7, Roaming = True, WGB = False, 11r = False, 11w = False Fast roam = False
2023/05/16 08:41:25.125020 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX Delete mobile payload sent forbssid: 10a8.29fc.6c6e WTP mac: 10a8.29fc.6c60 slot id: 1
2023/05/16 08:41:25.125021 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX DELETE mobile sent to BSSID 10a8.29fc.6c6e
2023/05/16 08:41:25.125107 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_L2_AUTH_IN_PROGRESS
2023/05/16 08:41:25.125683 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX ADD MOBILE sent. Client state flags: 0x1 BSSID: MAC: 10a8.29fc.656e capwap IFID: 0x90000010
2023/05/16 08:41:25.133963 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX L2 Authentication initiated. method DOT1X, Policy VLAN 0, AAA override = 1 , NAC = 0
2023/05/16 08:41:27.105904 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX L2 Authentication Key Exchange Start. Resolved VLAN: 65, Audit Session id: F16F630A00001D802384F8A7
2023/05/16 08:41:27.132964 {wncd_x_R0-0}{1}: [client-keymgmt] [19913]: (note): MAC: 9859.7a47.XXXX EAP Key management successful. AKM:DOT1X Cipher:CCMP WPA Version: WPA2
2023/05/16 08:41:27.133105 {wncd_x_R0-0}{1}: [client-orch-sm] [19913]: (note): MAC: 9859.7a47.XXXX Mobility discovery triggered. Client mode: Flex - Local Switching
2023/05/16 08:41:27.133108 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
2023/05/16 08:41:27.133139 {wncd_x_R0-0}{1}: [mm-client] [19913]: (note): MAC: 9859.7a47.XXXX Mobility Successful. Roam Type None, Sub Roam Type MM_SUB_ROAM_TYPE_INTRA_INSTANCE, Previous BSSID MAC: 10a8.29fc.6c6e Client IFID: 0xa0000029, Client Role: Local PoA: 0x90000010 PoP: 0x0
2023/05/16 08:41:27.133332 {wncd_x_R0-0}{1}: [client-auth] [19913]: (note): MAC: 9859.7a47.XXXX ADD MOBILE sent. Client state flags: 0x6 BSSID: MAC: 10a8.29fc.656e capwap IFID: 0x90000010
2023/05/16 08:41:27.133540 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
2023/05/16 08:41:27.133693 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
2023/05/16 08:41:27.133886 {wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [19913]: (ERR): MAC: 9859.7a47.XXXX get_fabric_sgt_tag_value: Fabric mode is not enabled
2023/05/16 08:41:27.134146 {wncd_x_R0-0}{1}: [client-orch-state] [19913]: (note): MAC: 9859.7a47.XXXX Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN


Devices are Intune managed xml config below, connection mode is auto

    <name>CUST Corporate</name>
    <SSIDConfig>
        <SSID>
            <hex>XXX7472616E20436F72706F72617465</hex>
            <name>CUST Corporate</name>
        </SSID>
    </SSIDConfig>
    <connectionType>ESS</connectionType>
    <connectionMode>auto</connectionMode>
    <MSM>
        <security>
            <authEncryption>
                <authentication>WPA2</authentication>
                <encryption>AES</encryption>
                <useOneX>true</useOneX>
            </authEncryption>
            <PMKCacheMode>enabled</PMKCacheMode>
            <PMKCacheTTL>720</PMKCacheTTL>
            <PMKCacheSize>128</PMKCacheSize>
            <preAuthMode>disabled</preAuthMode>
            <OneX xmlns=http://www.microsoft.com/networking/OneX/v1>
                <authMode>machineOrUser</authMode>
                <EAPConfig><EapHostConfig xmlns=http://www.microsoft.com/provisioning/EapHostConfig><EapMethod><Type xmlns=http://www.microsoft.com/provisioning/EapCommon>25</Type><VendorId xmlns=http://www.microsoft.com/provisioning/EapCommon>0</VendorId><VendorType xmlns=http://www.microsoft.com/provisioning/EapCommon>0</VendorType><AuthorId xmlns=http://www.microsoft.com/provisioning/EapCommon>0</AuthorId></EapMethod><Config xmlns=http://www.microsoft.com/provisioning/EapHostConfig><Eap xmlns=http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1><Type>25</Type><EapType xmlns=http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames>CUSTISE</ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns=http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1><Type>26</Type><EapType xmlns=http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns=http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2>true</PerformServerValidation><AcceptServerName xmlns=http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2>true</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig>
            </OneX>
        </security>
    </MSM>
        <enableRandomization>false</enableRandomization>
        <randomizationSeed>4046238024</randomizationSeed>
    </MacRandomization>
</WLANProfile>
1 person had this problem
0 Helpful
12 Replies 12

malone352
Level 1
Level 1

‎05-16-2023 02:54 AM

I should mention issue was not present on their old AireOS estate

0 Helpful

marce1000
VIP
VIP

‎05-16-2023 05:25 AM

 

   1) What is the controller software version ?
   2) Have a checkup review of the controller configuration with the CLI command show tech wireless ; have the output analyzed with : https://cway.cisco.com/wireless-config-analyzer/
   3) Perform client debugging according to : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity  , you can have client debugs analyzed by : https://cway.cisco.com/wireless-debug-analyzer/

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

saba75564
Level 1
Level 1

‎05-16-2023 05:38 AM

Despite the fact that the issue does not occur on AireOS's old estate, it was there on the new estate

0 Helpful

marce1000
VIP
VIP
In response to saba75564

‎05-16-2023 06:28 AM

- Please execute the requested tasks,

M.


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

malone352
Level 1
Level 1
In response to marce1000

‎05-18-2023 03:02 AM

Hi thank you for the reply

We are using version 17.06.04, nothing major in analyzed output findings below, I suppose i should ensure NTP matches ISE


Error 230115 RF tag points to non-existing RF profile name. This may cause severe controller issues. Tag(s) name: TEST <- THis is not in use

Warning 230023 Controller with no valid time source (sync has not happened) or file without NTP information, please check if controller has valid
NTP server configured

Warning 230038 To prevent WebUI issues while using some large GUI options (VLANs for example), it is advisable to increase the VTY count to 50

Warning 230045 Device Classification (client profiling) is not globally enabled, it is recommended to use it

Warning 230056 Service tcp-keepalive in/out, should be enabled to reduce lingering inactive connections to management points

Warning 230079 Redundancy is in use, but RMI feature is not enabled. For best high availability scenarios, it is recommended to use it

Warning 240020 11k Neighbor List is in use, but dual band is disabled. if not using single-band devices, enable both for best results. WLAN(s): SSID Guest,SSID Corporate

Warning 250014 ARP proxy is disabled. To save client battery and other performance improvements, it is recommended to enable. Profiles: SSID-Guest

Warning 290001 Management user has not been set. For security reasons, it is best practice to configure username/password for AP access on the join
profile. AP Profiles: default-ap-profile

Warning 290004 Syslog host is not set (using default broadcast value). For best practices, it is recommended to use a syslog server. AP Profiles:
default-ap-profile

0 Helpful

Rich R
VIP
VIP
In response to malone352

‎05-18-2023 06:19 AM

- You have some errors there which need to be resolved for a start.
- Upgrade to TAC recommended code 17.6.5  or 17.9.3 as per TAC recommended link below.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

derek.x.witts
Level 1
Level 1

‎07-13-2023 08:14 AM

Hi, just wondered if you upgraded the code and if that fixed your issue?

0 Helpful

yum3372
Level 1
Level 1

‎07-18-2023 12:55 AM - edited ‎07-18-2023 12:56 AM

I have same error on my WLC9800. That version is 17.3.6.

Please somebody help me.

0 Helpful

marce1000
VIP
VIP
In response to yum3372

‎07-18-2023 01:13 AM

 

@yum3372 >... same error
        For starters begin with a new post  , 

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

JPavonM
VIP
VIP

‎07-18-2023 02:19 AM

Have you updated device's drivers? (sometimes it happen that also upgrading BIOS for some laptops solve connectivity issues)

derek.x.witts
Level 1
Level 1

‎07-24-2023 02:12 AM

Thank you for the repsonse. We have tried end device firmware update to no avail. We are going to test in the lab if a controller code  upgrade fixes the issue but have also raised with the end vendor to advise.

0 Helpful

dolahler
Level 1
Level 1

‎11-30-2023 07:23 AM

Hi Derek,

wandering if you managed to upgrade your WLC9800 to later IOS XE version and if that resolved the issue?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card