11-24-2014 06:46 AM - edited 07-05-2021 02:00 AM
Guys, I was trying to troubleshoot this error in my WLC
Nov 24 00:30:01 wlc1: *spamApTask5: Nov 24 00:30:01.883: #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP 08:d0:9f:23:4f:e0
I did some search and I was trying to check if there was any replay attack in the network but I don't know where to start and kept searching for other reasons, and got an anwser in other blog. And this issue could be related to a Load-balancing config.
Eventhough,I've got Load-Balancing disable in all my WLAN's but still got these counters. How can I check if those are false positives?
(wlc-1) >show load-balancing
Aggressive Load Balancing........................ per WLAN enabling
Aggressive Load Balancing Window................. 10 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 17682 clients
Total Denial Sent................................ 30891 messages
Exceeded Denial Max Limit Count.................. 5032 times
None 5G Candidate Count.......................... 206270 times
None 2.4G Candidate Count........................ 5040 times
In the GUI the Load-Balancing is DISABLED per WLAN.
11-27-2014 12:08 PM
Could be this bug CSCun95384
11-27-2014 06:32 PM
Hi Saurav,
We can't see details of this bug due to permissions, Would you be able to post the output to see
Rasika
11-28-2014 12:30 AM
I can't see either.
02-03-2015 05:58 AM
03-10-2015 02:48 PM
did you resolve this??? any feedback? i have the same problem
03-11-2015 07:28 AM
nope!
03-11-2015 07:37 AM
and your still getting this errors #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 and dropped users from network? or you apply some workarround?... think that going to open a TAC ticket... I let you know...
04-30-2015 03:45 AM
yes, even I've upgraded my entire campus to 1702i and 2702i lightweight AP's with 8.0.115.0 code in my WLC I still got huge amount of LWAPP Replay Erros, please check the summuary of erros during yesterday..
14 APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c
14 APF-3-CHECK_EXT_SUPP_RATES_FAILED: apf_utils.c
14 APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c
15 APF-3-NO_FRAMED_IP_ADDRESS: apf_radius.c
638 APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c
103 DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c
2427 DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c
55 DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c
20 DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c
1365 DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c
69 DOT1X-3-INVALID_WPA_KEY_MSG: 1x_eapkey.c
296 DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c
2 DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c
923 DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c
7 DTL-3-ARP_CLIENT_IP_DUPLICATED: dtl_arp.c
2 IPV6-3-CREATE_BINDING_FAILED: ipv6_net.c
2 IPV6-3-ORPHAN_ADDR_LEARNING_FAILED: ipv6_net.c
2 LOG-3-Q_IND: 1x_eapkey.c
3 LOG-3-Q_IND: rrmChanUtils.c
22 LOG-3-Q_IND: spam_lrad.c
5120 LWAPP-3-REPLAY_ERR: spam_lrad.c
2 LWAPP-3-VENDOR_PLD_VALIDATE_ERR: spam_lrad.c
3 RRM-3-RRM_LOGMSG: rrmChanUtils.c
615 RRM-3-RRM_LOGMSG: rrmLrad.c
2 SISF-3-INTERNAL: sisf_shim_utils.c
04-30-2015 05:16 PM
Did you face any client disconnections?
These replay messages are cosmetic in nature and should not have any real impact.
04-29-2015 10:48 AM
LWAPP Replay Errors from multiple APs at intermittent intervals of time are expected in the WLC message logs. This is because of AES CCMP REPLAY errors in the AP console, which are also expected in large live networks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide