Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2312
Views
1
Helpful
3
Replies

Disable All Client exclusion policies WLC 9800-L

mgonzalez15
Level 1
Level 1

‎04-24-2023 10:34 AM

Hi everyone!

I have a client that is experiencing disconnection problems in the SSIDs that it has active, this includes 802.1x and 802.11 authentication, one of the logs that was constantly presented is the following:

%CLIENT_EXCLUSION_SERVER-5-ADD_TO_BLACKLIST_REASON_DYNAMIC: Chassis 1 R0/0: wncmgrd: Client MAC: aa42.2ab3.c605 was added to exclusion list associated with AP Name:AP11, BSSID:MAC: e44e.2d67.68ae, reason:Wrong PSK

Reading a bit, the only workaround that has worked is disabling all client exclusion policies, the client confirms that it has had a considerable improvement with the disconnections that the devices presented.

I know that this workaround is not the definitive one, because these exclusion lists should not be disabled, it seems to be an issue related to a bug, probably, since the clients are not writing the PSK wrongly.

If someone found a definitive solution, your comments and support would greatly help me.

Greetings.

WLC 9800-L
Version 17.03.05a

1 person had this problem
Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎04-24-2023 11:25 PM

 

 - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu47560 , seems somewhat similar I would go for (and or test with) IOS-XE 17.9.3        and verify if the problem remains , or not  , 

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

rwaskowski
Level 1
Level 1

‎04-28-2023 05:35 AM

Hi,

just for records and for those who experience the same issue: it is present in IOS-XE 17.6.4 & 17.6.5 too. And even turning off the whole feature does not help: if a clients sends one time the wrong PSK, it still gets on the exclusion list.

So far the workaround in the mentioned bug is the only way to mitigate the issue: set  "exclusionlist timeout 1"  [=one second]. Unfortunatly this makes the whole feature quite useless.  Next I will try with 17.9.3 ... 

best regards

 

0 Helpful

Rich R
VIP
VIP
In response to rwaskowski

‎05-17-2023 06:55 AM

> "since the clients are not writing the PSK wrongly"
> "if a clients sends one time the wrong PSK"

Hmmm so the first statement may not have been true?  The client has actually sent the wrong PSK?

Anyway - 17.9.3 is now the TAC recommended version as per the link below.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
“Review