02-04-2014 12:26 AM - edited 07-05-2021 12:05 AM
We are having intermittent issue where clients just lose connectivity, they stay associated to the access point but get a yellow exclamation mark.
I have followed the steps in these post but still the issue persists. https://supportforums.cisco.com/thread/2194495
https://supportforums.cisco.com/thread/2002533
WPA2 802.1 x authentication.
We were getting this error before I made the changes
(Cisco Controller) >*dot1xMsgTask: Jan 31 11:58:25.140: 08:11:96:80:33:e0 Key exchange done, data packets from mobile 08:11:96:80:33:e0 should be forwarded shortly
*dot1xMsgTask: Jan 31 11:58:25.140: 08:11:96:80:33:e0 Sending EAPOL-Key Message to mobile 08:11:96:80:33:e0
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*dot1xMsgTask: Jan 31 11:58:25.141: 08:11:96:80:33:e0 Updated broadcast key sent to mobile 08:11:96:80:33:E0
*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-Key from mobile 08:11:96:80:33:e0
*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:80:33:e0
*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 08:11:96:80:33:e0
After I made the changes there are no errors in the debug just clients stops working with yellow exclamation mark, cannot reach default gateway.
We also recently enabled Rogue policies auto contain rogue on wire and Using our SSID.
WLC4402 7.0.235.0
We want to upgrade the WLC software but want to make sure it’s the issue.
02-04-2014 12:46 AM
HI Theo,
from these logs, we can not identify the problem:
*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 08:11:96:80:33:e0
This means Successfully received group key update.So this is not a error
Please paste more logs.
debug client
Reagrds
02-04-2014 12:57 AM
that is it nothing else further in the logs client just loses connection
02-04-2014 01:05 AM
Hi,
No logs then we have to go by hidden and trial method
1. Are you facing this problem with only one client or with many clients ??
2. Check the WLAN > Advanced page and disable the sesiion timeout or enter a big value there(Many hours).
3. Is there enough signal level near to the client ?
4. NIC driver are up to date or not for client ?
Regards
02-04-2014 01:35 AM
session time out is 30 min but the issue occurs within that time frame
Only to clients in one building affected, signal level is acceptable.
just a note we are using the ap for clients and rogue at the same time.
02-04-2014 04:07 AM
RLDP should not be enabled or else it can cause client connection issues. What code on the WLC and what AP's. There is an issue with v7.6 and 3600's and 3700's that clients loose layer 2 and will get an exclamation showing no internet access.
Sent from Cisco Technical Support iPhone App
02-04-2014 04:16 AM
We have disabled it now will see if the issue still persists
Contoller 4400 code
7.0.235.0
02-04-2014 04:42 AM
Okay... well at least its not the WLC code or AP tht is an issue. RLDP whould only be used on monitor mode access points, When used with access points that serve clients, the AP when detecting a rogue, will drop all associated clients. The AP's will do rogue detection anyways, so no need enable RLDP.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide