12-09-2019 01:02 AM - edited 07-05-2021 11:24 AM
Good morning,
I have two 1815i AP with Mobility Express at home.
They are running since a couple of months and there is just one WLAN configured with PSK security.
Since 5 days more or less I started experiencing connectivity issues: mobile devices (laptops, smartphones and tablets) started to being disconnected when moving from one AP to the the other one.
in the ME GUI such clients were labeled as "excluded" in the client devices summary tab
By using the CLI, there is the evidence that the reason of the exclusion was "802.1X authentication failure" with some kind of "countdown".
The problem was not apparently affecting fixed devices (printers, media players, desktop PC, etc.) but trying to move than away from the original AP, also they started to being affected.
There is only one WLAN configured and the security was set to PSK, so I can not understand why this problem with 802.1X.
By using the CLI I disabled the exclusion check for 802.1X and for any other.
The behaviour then changed, but still connectivity issues: no more auth failures or exclusions, but client were no more able to roam from one AP to the other so that when they were moving, they found the new and better AP, tried to connect, but no way.
Then I restarted the Mobility Express and all the problems were solved.
Any idea?
12-09-2019 03:18 AM
12-11-2019 03:11 PM
I am not in the position to open a case to the TAC, unfortunately and also can not download alternative ME software.
Anyway, even if after the reboot of both APs everything is working fine, I can not understand why I see these events in the client's log:
the only security configured is PSK and 802.1X is disabled.
Thu Dec 12 2019 00:06:26 GMT+0100 (Ora standard dell’Europa centrale) | Dot1x | ERROR | AUTH_DOT1X | WLAN_REQUIRES_802_1X_AUT |
12-11-2019 04:12 PM
12-11-2019 04:17 PM - edited 12-11-2019 04:18 PM
I understand but... it is the Cisco that is saying that the WLAN requires 802.1X even if the WLAN itself is not configured for 802.1X.
Moreover... I am checking all the clients, one by one, and this message is in the debug of every client (Windows, Android, etc.) and this is mentioned as an ERROR not just generic information.
Thanks
12-11-2019 07:16 PM
12-14-2019 09:31 AM
I did it. I created a new SSID, accepting defaults and the problem is still there.
Disabled 802.11k,r,v and still there.
Moreover I downgraded the software to 8.5.140 and no improvement.
If i define the WLAN as OPEN, I do not get these errors.
12-14-2019 11:08 AM
12-16-2019 03:45 AM
I tried to search the bug, but I am not able to do that.
Tha bug search tool asks to me the BUG ID (CSCxxxxxxx) and I do not have that.
12-16-2019 06:22 AM
12-16-2019 11:28 PM
All Layer 2 Authentication method errors are showing as 802.1x. Not sure why, but this is how it is set up even when using PSK.
One thing that might be an issue as you say is, if the mobility APs lost sync between each other, so that they cannot form the handoff when the user was moving from AP to AP. That way the device had to authenticate, but failed because of the interference between the unsynced APs and got in the excluded list..
Glad to hear that the reboot fixed things for ya.
I might disable the client exclusion in future as if the devices fail to re-associate to next AP for three attempts, they get excluded.
12-18-2019 03:00 AM - edited 12-18-2019 03:48 AM
There are no sync problems between APs. Moreover it happens even with just one AP only.
Disabling exclusion list of course prevents the problem to have clients excluded, but in any case the error is still there
Look at the Cisco client's log when a client associates with an AP
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) Dot11 ERROR AUTH_RES NOT_FROM_RELAY slot 0 (claller apf_ms.c:8214)
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) Dot11 INFO ASSOC_REQ MESSAGE_RECEIVED None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) Dot11 INFO ASSOC_REQ INVALID_RSN_IE None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) PEM INFO PEM_EVENT_MSG IP_ACQUIRED_AND_AUTH_NOT_REQ_OR_STATIC_DYNAMIC_WEP_SUPPORTED None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) Dot11 INFO ASSOC_REQ CLIENT_MOVED_TO_ASSOCIATED_STATE None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) Dot1x ERROR AUTH_DOT1X WLAN_REQUIRES_802_1X_AUTH None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) PEM INFO PEM_EVENT_MSG WEB_AUTH_MAX_RETRY_EXCEEDED None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) PEM INFO PEM_EVENT_MSG ADDING_WGB_CLIENT None
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) PEM INFO PEM_EVENT_MSG CALL_TERMINATED from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 192.168.1.4
Thu Dec 12 2019 14:46:56 GMT+0100 (W. Europe Standard Time) PEM INFO PEM_EVENT_MSG CALL_DURATION State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
12-19-2019 11:17 PM
I think that is only cosmetic, nothing to worry about.
Would you mind sharing the WLAN configuration and the software version that you are running?
12-21-2019 08:44 AM
tested both the 8.5.140 (the one preinstalled out of the box) and 8.10.105
the WLAN config is the very basic one: just configured the SSID and WPA2-PSK password. Nothing more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide