cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2334
Views
0
Helpful
13
Replies

Old Clients and WLC

overton_i
Level 1
Level 1

I have a 2601 WLC and 4 (lightweight) APs connected to it with "no security or encryption.  I have about 30 client devices that have old b/g cards in them.  When I use any other device that is less than 5 years old I have no problems.  However the old client devices will "associate" but will not “authenticate” with the WLC therefore preventing it from pass traffic.  In the past with the same APs (in autonomous mode) without the WLC we had to disable "Cisco aironet extension" to get the old client devices to "associate" and "authenticate"

Thanks in advance for all help.

13 Replies 13

Scott Fella
Hall of Fame
Hall of Fame

In the wlc under the WLAN SSID in the advanced tab, there is a checkbox for Aironet IE. You can uncheck that.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks for the tip but that did not fix the problem. Any other suggestions?

Thanks

Make sure you have the lower data rates enabled, like 1mbps and 2mbps. Other than that you might have to look at updating the drivers if possible. I seen this behavior when I first started working with the wlc and at times there was no fix, basically they had to replace those devices.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

thanks, I have all data rates set to enable with 1.mbps set to mandatory.  Remember the old clients will associate, but will not authenticate on a ssid that has no security or encrypetion.

thanks

Hello,

This is a great time to run a client debug on the WLC command line when the older client is trying to connect:

debug client xx:xx:xx:xx:xx:xx (where xx:xx is the mac address of the client)

Please capture this output while the client tries to connect and we can take a look at it.

-Pat

If you have no authentication method and it is set to ope, then what you are seeing is the cleint is trying to associate but isn't.  The Auth showing NO, means that the client hasn't successfully joined.  You would have to run a debug on the client mac address and maybe look to see what that shows.

-Scott
*** Please rate helpful posts ***

Here is the debug, the mac address in question is 00:60:b3:03:66:33

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.02 06:38:37 =~=~=~=~=~=~=~=~=~=~=~=
*pemReceiveTask: Dec 02 09:30:21.771: 00:60:b3:03:66:33 Sent an XID frame
*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 apfSendDisAssocMsgDebug (apf_80211.c:1709) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:dc:b0 from Associated to Disassociated

*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 Sent Disassociate to mobile on AP c4:7d:4f:35:dc:b0-0 (reason 1, caller apf_ms.c:4862)
*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 Sent Deauthenticate to mobile on BSSID c4:7d:4f:35:dc:b0 slot 0(caller apf_ms.c:4972)
*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 apfMsAssoStateDec
*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:dc:b0 from Disassociated to Idle

*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [c4:7d:4f:35:dc:b0]
*apfReceiveTask: Dec 02 10:10:42.381: 00:60:b3:03:66:33 Deleting mobile on AP c4:7d:4f:35:dc:b0(0)
*pemReceiveTask: Dec 02 10:10:42.503: 00:60:b3:03:66:33 0.0.0.0 Removed NPU entry.
*apfMsConnTask_0: Dec 02 10:11:06.708: 00:60:b3:03:66:33 Adding mobile on LWAPP AP c4:7d:4f:35:d9:b0(0)
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 Association received from mobile on AP c4:7d:4f:35:d9:b0
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 Applying site-specific IPv6 override for station 00:60:b3:03:66:33 - vapId 6, site 'default-group', interface '713-olympia'
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 Applying IPv6 Interface Policy for station 00:60:b3:03:66:33 - vlan 713, interface id 7, interface '713-olympia'
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)

*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP c4:7d:4f:35:d9:b0 vapId 6 apVapId 6
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 apfMsAssoStateInc
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:d9:b0 from Idle to Associated

*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Dec 02 10:11:06.709: 00:60:b3:03:66:33 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
*apfMsConnTask_0: Dec 02 10:11:06.710: 00:60:b3:03:66:33 Sending Assoc Response to station on BSSID c4:7d:4f:35:d9:b0 (status 0)
*apfMsConnTask_0: Dec 02 10:11:06.710: 00:60:b3:03:66:33 apfProcessAssocReq (apf_80211.c:4587) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:d9:b0 from Associated to Associated

*apfReceiveTask: Dec 02 10:11:06.710: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 02 10:11:06.710: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4182, Adding TMP rule
*apfReceiveTask: Dec 01 22:31:22.710: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
  type = Airespace AP - Learn IP address
  on AP c4:7d:4f:35:d9:b0, slot 0, interface = 3, QOS = 0
  ACL Id = 255, Jumbo Fr
*apfReceiveTask: Dec 02 10:11:06.710: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 1506  IPv6 Vlan = 713, IPv6 intf id = 7
*apfReceiveTask: Dec 02 10:11:06.710: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*pemReceiveTask: Dec 02 10:11:06.729: 00:60:b3:03:66:33 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 02 10:11:06.730: 00:60:b3:03:66:33 Sent an XID frame
*apfReceiveTask: Dec 02 10:13:06.501: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout
*apfReceiveTask: Dec 02 10:13:06.501: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: Dec 02 10:13:06.501: 00:60:b3:03:66:33 Scheduling deletion of Mobile Station:  (callerId: 12) in 10 seconds
*osapiBsnTimer: Dec 02 10:13:16.499: 00:60:b3:03:66:33 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: Dec 02 10:13:16.499: 00:60:b3:03:66:33 apfMsExpireMobileStation (apf_ms.c:4888) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:d9:b0 from Associated to Disassociated

*apfReceiveTask: Dec 02 10:13:16.499: 00:60:b3:03:66:33 Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds
*osapiBsnTimer: Dec 02 10:13:26.497: 00:60:b3:03:66:33 apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!
*apfReceiveTask: Dec 02 10:13:26.498: 00:60:b3:03:66:33 Sent Deauthenticate to mobile on BSSID c4:7d:4f:35:d9:b0 slot 0(caller apf_ms.c:4972)
*apfReceiveTask: Dec 02 10:13:26.498: 00:60:b3:03:66:33 apfMsAssoStateDec
*apfReceiveTask: Dec 02 10:13:26.498: 00:60:b3:03:66:33 apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:d9:b0 from Disassociated to Idle

*apfReceiveTask: Dec 02 10:13:26.498: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [c4:7d:4f:35:d9:b0]
*apfReceiveTask: Dec 02 10:13:26.498: 00:60:b3:03:66:33 Deleting mobile on AP c4:7d:4f:35:d9:b0(0)
*pemReceiveTask: Dec 02 10:13:26.513: 00:60:b3:03:66:33 0.0.0.0 Removed NPU entry.
*apfMsConnTask_0: Dec 02 10:13:28.205: 00:60:b3:03:66:33 Adding mobile on LWAPP AP c4:7d:4f:35:dc:b0(0)
*apfMsConnTask_0: Dec 02 10:13:28.205: 00:60:b3:03:66:33 Association received from mobile on AP c4:7d:4f:35:dc:b0
*apfMsConnTask_0: Dec 02 10:13:28.205: 00:60:b3:03:66:33 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Dec 02 10:13:28.205: 00:60:b3:03:66:33 Applying site-specific IPv6 override for station 00:60:b3:03:66:33 - vapId 6, site 'default-group', interface '713-olympia'
*apfMsConnTask_0: Dec 02 10:13:28.205: 00:60:b3:03:66:33 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 Applying IPv6 Interface Policy for station 00:60:b3:03:66:33 - vlan 713, interface id 7, interface '713-olympia'
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)

*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP c4:7d:4f:35:dc:b0 vapId 6 apVapId 6
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 apfMsAssoStateInc
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:dc:b0 from Idle to Associated

*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 Sending Assoc Response to station on BSSID c4:7d:4f:35:dc:b0 (status 0)
*apfMsConnTask_0: Dec 02 10:13:28.206: 00:60:b3:03:66:33 apfProcessAssocReq (apf_80211.c:4587) Changing state for mobile 00:60:b3:03:66:33 on AP c4:7d:4f:35:dc:b0 from Associated to Associated

*apfReceiveTask: Dec 02 10:13:28.207: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 02 10:13:28.207: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4182, Adding TMP rule
*apfReceiveTask: Dec 01 22:33:44.207: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
  type = Airespace AP - Learn IP address
  on AP c4:7d:4f:35:dc:b0, slot 0, interface = 4, QOS = 0
  ACL Id = 255, Jumbo Fr
*apfReceiveTask: Dec 02 10:13:28.207: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 1506  IPv6 Vlan = 713, IPv6 intf id = 7
*apfReceiveTask: Dec 02 10:13:28.207: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*pemReceiveTask: Dec 02 10:13:28.225: 00:60:b3:03:66:33 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 02 10:13:28.226: 00:60:b3:03:66:33 Sent an XID frame

Alright, based on the debug, here are the statements indicating why the clients are being deauthenticated:

*apfReceiveTask: Dec 02 10:13:06.501: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout

*apfReceiveTask: Dec 02 10:13:06.501: 00:60:b3:03:66:33 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

We did not see a DHCP handshake from this client -- are the clients configured for DHCP? If yes, we need to figure out why the device is not sending any DHCP discover packets.

If the clients are set for static addresses, you need to ensure "DHCP Required" is not enabled on your WLAN advanced tab.

-Pat

Pat,

Thanks for your response, I have check the setting as you stated and it is unchecked.  Also the clients all have static IP address.  Thanks

Alright, we will still timeout on the DHCP policy if we do not hear any packets from the client, even if it has a static IP address. The WLC needs to hear traffic from the client in order to put that IP address in the database.

So now the question is, why are the data packets from these clients not making it to the controller? Are we sure that the clients are trying to send data? What type of clients are these?

-Pat

They are people counters for a transit bus.  I know that the clients are sending data because if I switch the AP back to autonomous mode and remove the WLC from the configuraion it all works.  Thanks

Alright, well, at this point we are not seeing the client traffic at the controller. It could be getting dropped at the AP, or in the capwap tunnel between the AP and controller.

To move forward on this, we're going to need packet captures -- wired at the AP port and also if possible a wireless sniff.

At this point in time I would suggest opening up a TAC service request as the issue will require more detailed attention.

-Pat

OK,  thanks for all your help..

Ivan

Review Cisco Networking for a $25 gift card