Solved: Re: LAP drops client connections - Page 2

18091988n · ‎02-15-2012

Hello! we have WLC 5508 (6.0.188.0) and some converted APs AIR-AP1141N-E-K9. Everything works fine except one moment:

1 of this converted APs is located beyond the office building, but it is still connected to our local network as if it was located within the office (there is a fiber channel between our cisco core switch and a switch, to which that 1 LAP is connected)

The trouble is that users can't have the normal wi-fi on that beyond LAP. I see few successful pings to the "associated" client then drops, again a little success, than long drops.

Logs from the WLC:

Feb 15 10:04:53 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:17.702: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:04:57 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:22.104: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:36:14 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:42:38.859: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:354 Invalid replay counter from client xx:xx:xx:xx:xx:xx - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01

Feb 15 10:37:07 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:32.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:12 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:37.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:16 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:40.888: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx

Feb 15 10:37:21 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:45.661: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:23 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:47.540: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx

Feb 15 10:37:26 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:50.461: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

What could it be? Is it possible that some noises or whatever could cause it? The building with this problematic LAP is a kind of film studio...

18091988n · ‎03-21-2012

not only iPads, but MacBooks, iPhones. but they don'y want to connect, using 802.11n, only 802.11g and 802.11a. How to make them connect, using 802.11n when Radio Policy is selected "All" for that WLAN??? doesn't matter 2.4 or 5 Ghz

Scott Fella · ‎03-21-2012

The WLC can't force them to use 802.11N, it's really up to the client devices. As long as you configure the WLC to support 802.11n, then you have really done your part, itsup to Apple to figure that out:)

-Scott
*** Please rate helpful posts ***

18091988n · ‎03-21-2012

:))))) I like this idea ))

thanks much for numerous help in this sometimes weird wireless world ))

Scott Fella · ‎03-21-2012

Yeah... some things are just out of your control:)

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎03-21-2012

Natalia,

One thing you can try is to use band select on the WLAN SSID Advanced Tab. You will have to set you radio policies to 'ALL'. This might help, but some iOS devices may still connect only on 2.4ghz.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

18091988n · ‎03-22-2012

You know, what is the answer?

iPads are culpable!!!

to make them connect to our LAPs we were forced to leave only WPA2 policy + TKIP encryption in WLAN Security Layer 2 parameters. Weird that we didn't mention the change of speed before. So, if we enable ALL methods of encryption on a WLAN - we get 144 Mbps and Apple devices, connected to LAP, using 802.11n! woohoo!

But we still need that iPads, so we should be grateful for 54 Mbps

Scott Fella · ‎03-22-2012

From what I know, is that... default, WPA uses TKIP and WPA uses AES. So when you setup a device that only gives you options for:

WPA-Personal --> WPA-TKIP

WPA2-Personal --> WPA2-AES

WPA-Enterprise --> WPA-TKIP

WPA2-Enterprise --> WPA2-AES

It uses the default encryption for the WPA(2). IF you set your WLAN SSID for WPA2-AES with WMM enabled and 40 mhz channel width, what speeds doyou get on your 802.11N capable laptop or mac book? You should see 300mbps, assuming you are near an AP:) The iPad 2 & 3 you should see more than 54mbps, but not the iPad first gen.

-Scott
*** Please rate helpful posts ***

18091988n · ‎03-23-2012

I will learn about the expansion of the channel width to 40 MHz and will try to do that. Will let you know what I get)

Scott Fella · ‎03-23-2012

Sounds good. You have to disable the 5ghz first to make the change.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

18091988n · ‎04-11-2012

well, we've made a channel bonding today, also have made an aggregation of frames(A-MPDU) for the traffic, left only WPA2-AES on a WLAN SSID and got 300Mbps while connecting on the 5Ghz!

But we can't leave WPA2-AES, we need only WPA2-TKIP because of an unknown reason, of which iPads can't connect to converted AIR-AP1141N-E-K9 with c1140-rcvk9w8-tar.124-21a.JA2 and send Decrypt errors to WLC, however there is no problems with connection to AIR-LAP1142N-E-K9 with the same IOS, when only WPA2-AES left in WLAN configuration.

Will be figuring this out somehow..