IOS 7.4.121.0 Client stops passing traffic

Lonemaker · ‎01-23-2014

Hi there,

is there anyone using the Controller IOS 7.4.121.0 on WLC 5508 noticing any traffic issues?

We have clients (not all), that are connected to the wireless network, are not able to pass traffic after a while.

The clients stay connected, you are able to see them on the wlc client-list, you can also run a link-test, but they are unable to communicate with network.

You also cannot ping the client from anywhere (also wlc). After they disable/enable WLAN, the clients are able to communicate again for a while.

Clients I found with this issue: HTC One, Galaxy S4 Active, severall Notebooks

After I rollback to version 7.4.110.0 on one set of our controllers the issue is away for clients connected to them.

SSID Config:

WLAN Identifier.................................. 1

Profile Name..................................... Guests

Network Name (SSID).............................. Guests

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Enabled

Network Admission Control

Client Profiling Status ....................... Enabled

DHCP ......................................... Disabled

HTTP ......................................... Enabled

Radius-NAC State............................... Enabled

SNMP-NAC State................................. Disabled

Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 11

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 86400 seconds

User Idle Timeout................................ 300 seconds

--More-- or (q)uit

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... Controller1

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ Inet

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

mDNS Status...................................... Disabled

mDNS Profile Name................................ default-mdns-profile

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

PMIPv6 Mobility Type............................. none

Quality of Service............................... Bronze

Per-SSID Rate Limits............................. Upstream Downstream

Average Data Rate................................ 0 0

Average Realtime Data Rate....................... 0 0

Burst Data Rate.................................. 0 0

Burst Realtime Data Rate......................... 0 0

Per-Client Rate Limits........................... Upstream Downstream

Average Data Rate................................ 0 0

Average Realtime Data Rate....................... 0 0

Burst Data Rate.................................. 0 0

Burst Realtime Data Rate......................... 0 0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Drop

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 4

DTIM period for 802.11b radio.................... 4

Radius Servers

Authentication................................ xxx.xxx.xxx.xxx 1812

Accounting.................................... xxx.xxx.xxx.xxx 1813

Interim Update............................. 600 Seconds

Dynamic Interface............................. Disabled

Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

FT Support.................................... Disabled

Static WEP Keys............................... Disabled

802.1X........................................ Disabled

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Disabled

WPA2 (RSN IE).............................. Enabled

TKIP Cipher............................. Disabled

AES Cipher.............................. Enabled

Auth Key Management

802.1x.................................. Enabled

PSK..................................... Disabled

CCKM.................................... Enabled

FT-1X(802.11r).......................... Disabled

FT-PSK(802.11r)......................... Disabled

PMF-1X(802.11w)......................... Enabled

PMF-PSK(802.11w)........................ Disabled

FT Reassociation Timeout................... 20

FT Over-The-DS mode........................ Disabled

GTK Randomization.......................... Disabled

SKC Cache Support.......................... Disabled

CCKM TSF Tolerance......................... 1000

WAPI.......................................... Disabled

Wi-Fi Direct policy configured................ Disabled

EAP-Passthrough............................... Disabled

CKIP ......................................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Enabled

FlexConnect Local Switching................... Disabled

flexconnect Central Dhcp Flag................. Disabled

flexconnect nat-pat Flag...................... Disabled

flexconnect Dns Override Flag................. Disabled

FlexConnect Vlan based Central Switching ..... Disabled

FlexConnect Local Authentication.............. Disabled

FlexConnect Learn IP Address.................. Enabled

Client MFP.................................... Optional

PMF........................................... Optional

PMF Association Comeback Time................. 1

PMF SA Query RetryTimeout..................... 200

Tkip MIC Countermeasure Hold-down Timer....... 60

AVC Visibilty.................................... Enabled

AVC Profile Name................................. None

Flow Monitor Name................................ None

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Disabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Assisted Roaming Prediction Optimization......... Disabled

802.11k Neighbor List............................ Disabled

802.11k Neighbor List Dual Band.................. Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Multicast Buffer................................. Disabled

Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------

1 local Up

802.11u........................................ Disabled

MSAP Services.................................. Disabled

CCNP R&S

Scott Fella · ‎01-23-2014

Are you anchoring this SSID? I see that it's anchored to itself which is required when you anchor an SSID.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Lonemaker · ‎01-23-2014

Hi,

yes the SSIDs are anchored local.

CCNP R&S

Scott Fella · ‎01-23-2014

So you have another WLC you are anchoring the SSID to this WLC you just posted. Just making sure. Post your show WLAN for the foreign WLC also.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Lonemaker · ‎01-23-2014

Sorry there is no foreign controller.

Client -->Wireless --> AP------> Switch---->WLC (Anchor set to itself/local)--->Interface

CCNP R&S

Scott Fella · ‎01-23-2014

You should remove that as you should have that set. also remove the following and test:

CCKM.................................... Enabled

PMF-1X(802.11w)......................... Enabled

Set the DTIM to 2

Test with these changes and see if it helps.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Lonemaker · ‎01-30-2014

I build a small lab. It is regardless to disable CCKM, PMF or Anchor. The problem happens to Windows XP Clients (no Win 7 yet) and Access Points in FlexConnect Mode.

The first connect is stable. If you shortly disable the wlan adapter and reenable it, the client is connected to the wireless network but you cannot transmit any data. But Link test works :-)

After a rollback to 7.4.110.0 you can disable/enable the wireless adapter as many times as you want.

CCNP R&S

Scott Fella · ‎01-31-2014

There was an issue with v7.4.121.0 if your device requires an IP too fast. Maybe your hitting that bug. If so, open a TAC case and they have a special release that fixes that.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Trent Hurt · ‎01-31-2014

Do you have a bugid for this?

Scott Fella · ‎01-31-2014

This is what we ran into: Bug ID is CSCuh72474 and the engineer special is 7.4.110.23

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Trent Hurt · ‎01-31-2014

Thank you

Scott Fella · ‎02-01-2014

No problem... this is what we were running into, but may or might not be what your hitting. We have also seen layer 2 connectivity loss with v7.4.110.0 on this customer and the fix was the TAC release. I have other customers on both v7.4.110.0 and v7.4.121.0 that are not having issues.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Lonemaker · ‎06-16-2014

I want to give you a short feedback.

The issue is related to NAC-State, because it is not support with FlexConnect and local Switching.

I do not know why there is no issue with 7.4.110.0, but in 7.4.121.0 it is disruptive for clients. Staying connected but can not transmit/receive any data.

CCNP R&S