cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2230
Views
5
Helpful
12
Replies

MAC Users disconnecting from WLC

iptech911
Level 1
Level 1

Hello Community, 

 

We are using WLC 4400 series with ACS 4.1. Users on the network with MAC OS are continuously disconnecting. Have tried to disable the session time out under the Advance settings but no luck. 

 

Any help is appreciated.

12 Replies 12

marce1000
VIP
VIP

 

              - You may debug a particular mac(-address) on the controller and have it analyzed with :

                            https://cway.cisco.com/tools/WirelessDebugAnalyzer/

             You can also have a sanity check of the controller configuration with :

                           https://cway.cisco.com/tools/WirelessAnalyzer/

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thanks for the suggestion. 

 

The page doesn't say it supports 4400 series. Will it work or is there another tool?

 

This tool parses debug log files for AireOS (WLC 5500/2500/8500/7500/WISM1-2/vWLC)

 

Thanks.

 

 - You may have a try anyway , it is for instance tagged in this document :

                 https://community.cisco.com/t5/wireless-mobility-documents/wlc-config-analyzer/ta-p/3119057

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I tried using this https://cway.cisco.com/wireless-config-analyzer/ and uploaded the running config of the WLC but the page just refreshes back to the same with no error or output at all. 

 

Not sure if that's a sign of not being supported

 

 

  - May depend on the format which was used when it was uploaded , you may export the running config to a tftp server using the GUI or use show run , and save the output to a file but then , in between command prompting must be disabled with config paging disable , FYI :

    https://community.cisco.com/t5/networking-documents/show-the-complete-configuration-without-breaks-pauses-on-cisco/ta-p/3115114

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I tried downloading the running config on TFTP server and pasting the config on the tool but it just refreshes with no result. 

patoberli
VIP Alumni
VIP Alumni

This is a very old and since many years unsupported WLC. 

My guess is, you run a buggy software version.

 

What you can do, make sure 802.11r (Fast Transition) is disabled on the SSID (not sure if the 4400 series ever supported that anyway). This is the main problem causing feature. Then also make sure that DHCP Address Assignment is not set to required on the SSID.

 

Other than that we need more output of an affected client (debug client aa:bb....) while the problem happens.

That option doesn't seem to be there. Attached is the screenshot of the options. 

 

 

Fast Transition would be under Security - Layer 2. Can you also share a screenshot of that?

Also, if not needed, disable Aironet IE and consider disabling Client Band Select for more stability. What it does is: https://ccie-or-null.net/tag/client-band-select/

On the other hand, I would enable Client Exclusion and set it to 5 seconds, if you use WPA2-Enterprise. That takes a bit load of your Radius servers (if in use). 

Attached is the screenshot. Client band selection was actually disabled this whole time and I just enabled it now thinking that WLC was forcing the band. Not sure the real purpose of it though. 

 

What is Aironet IE for? 

 

 - FYI : https://www.cisco.com/c/en/us/td/docs/wireless/controller/best-practices/base/b_bp_wlc/infrastructure.html#:~:text=Aironet%20IE%20is%20a%20Cisco,probe%20responses%20of%20the%20WLAN.&text=Selected%E2%80%94CCX%20Aironet%20IE%20disabled%20on%20all%20WLA....

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Here we probably have the problem. You have WPA1 enabled. Apple devices really don't like that (together with WPA2 enabled) and all devices released in the last ~10 years support at least WPA2 + AES. 

So disable "WPA Policy" and "WPA Encryption AES" and only leave WPA2 enabled with AES. On some devices you will probably need to delete the old wireless profile and then do a fresh connection on your SSID. Please note, WPA1 is by now also very insecure.

Review Cisco Networking for a $25 gift card