cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3713
Views
20
Helpful
15
Replies

"Interface Dot11Radio0, Deauthenticating Station 009d.6b1c.4fb7 Reason: Previous authentication no longer valid" at Aironet 1702

rafael.mult
Level 1
Level 1

Hello.

 

I'm receiving this error on our Cisco Aironet 1702. The device stay connected for a little while and after a few moments (less than a minute), disconnects. Anyone can help me out with that?

 

I've checked an old discussion about that issue and one of the recommendations was to disable Aironet Extensions. I Already did that, but no success.

 

 

Regards.


Thanks.

15 Replies 15

Sandeep Choudhary
VIP Alumni
VIP Alumni

1. Please disable aironet extentions , 2. Make sure time & Date are correctly configured on AP and  then try again.

 

How to disbale it via CLI:

 

configure terminal
interface dot11radio { 0 | 1 }
no dot11 extension aironet
!
end
!
wr

 

Regards

Dont forget to rate helpful posts

You haven't mentioned what version of IOS you're using but of course you should make sure it's up to date to eliminate known bugs which have been fixed.


@Rich R wrote:
You haven't mentioned what version of IOS you're using but of course you should make sure it's up to date to eliminate known bugs which have been fixed.

Hello @Rich R. Unfortunately the IOS is not up to date. I cannot update because we don't have an active contract with Cisco. At least as far as I know, I cannot update IOS. We are running ap3g2-k9w7-xx.153-3.JBB version. A very old version indeed.

 

Thank you.

Latest is https://software.cisco.com/download/home/286281141/type/284180979/release/15.3.3-JPJ3
Try that, if you can access it then you have support.
If you don't have a contract then another option to consider is the "Customers Without Service Contracts" paragraph of https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20171016-wpa.html
In theory TAC should be able to provide you with the latest fixed version listed on https://quickview.cloudapps.cisco.com/quickview/bug/CSCvg42682 which is 15.3(3)JPJ3.


@Rich R wrote:
Latest is https://software.cisco.com/download/home/286281141/type/284180979/release/15.3.3-JPJ3
Try that, if you can access it then you have support.
If you don't have a contract then another option to consider is the "Customers Without Service Contracts" paragraph of https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20171016-wpa.html
In theory TAC should be able to provide you with the latest fixed version listed on https://quickview.cloudapps.cisco.com/quickview/bug/CSCvg42682 which is 15.3(3)JPJ3.

Hi @Rich R. I can access it, but not download it. I receive the message "Service Contract Required".

 

Yes, I readed it this "Customers Without Service Contracts" paragraph before open a Discussion. After seeing that possibility I called Cisco TAC, but the attendant guaranteed that if I don´t have a Service Contract, then I can not open a case and to upgrade my firmware I would need to open a case. She might be misinformed? Which is the best method to open a TAC?

I've never needed to do it so I cannot speak from experience. I think you can only do it over the phone. I believe you'll need to be more insistent.
Ask the person to got to the web site & read that paragraph to you over the phone or you might get lucky and find somebody who understands their company policy correctly - the advisory is quite clear and that AP model is still within Vulnerability/Security Support till 29 April 2022 so they cannot claim it is out of support: https://www.cisco.com/c/en/us/products/collateral/wireless/eos-eol-notice-c51-740712.html
If they still refuse to help then ask to speak to their manager and escalate until someone takes it seriously.
Sometimes you might get a different experience in another time zone so you might want to consider calling at midday for the relevant geography as TAC moves between Americas/EMEA/APAC.

Hi @Rich R. I'm sorry for the late reply. I was away for some time, but in the beginning of the week I emailed them following the @patoberli's sugestion and the answer was different, it worked! :). The attendant downloaded the version for me through a webex session and now I'm able to do the firmware upgrade. I will install this version and I come back here if something comes up.

Thanks a lot for the help.

Send them a mail, that typically works :)
Just tell them that you like to upgrade because of the known security issue. Attach the serial number of the AP.

Hi @patoberli. I'm sorry for the late reply. I was away for some time, but in the beginning of the week I did that, emailed them and it worked :)

Thanks a lot for the help.


@Sandeep Choudhary wrote:

1. Please disable aironet extentions , 2. Make sure time & Date are correctly configured on AP and  then try again.

 

How to disbale it via CLI:

 

configure terminal
interface dot11radio { 0 | 1 }
no dot11 extension aironet
!
end
!
wr

 

Regards

Dont forget to rate helpful posts


Hello @Sandeep Choudhary. Thanks for your response. Aironet extensios was already disabled and Time & Date is correct also. But actually I rebooted the server that I use as DHCP server, and apparently the problem was solved. I still receive some of these error ("Interface Dot11Radio0, Deauthenticating Station ... Reason: Previous authentication no longer valid"), but that device that was experiencing this problem is no longer having this problem anymore. I'm not sure if I have to do something yet, just because I see this errors in the error log. The error log image is in attach.

.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee

You're most likely hitting this bug 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue08313

 

If you have a Cisco account, open a TAC case to get a fixed code published which gives you special access to download if you're not entitled to download software.


@.Jaidev Hattiangadi. wrote:

You're most likely hitting this bug 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue08313

 

If you have a Cisco account, open a TAC case to get a fixed code published which gives you special access to download if you're not entitled to download software.


Hi @.Jaidev Hattiangadi. Before open a Discussion, I readed somewhere the "Customers Without Service Contracts" paragraph saying that I can upgrade my firmware without a contract when has a security advisory linked with the update. After seeing that possibility I called Cisco TAC, but the attendant guaranteed that if I don´t have a Service Contract, then I can not open a case and to upgrade my firmware I would need to open a case. She might be misinformed? Which is the best method to open a TAC?

Hi JD - he's running 153-3.JBB.
CSCue08313 was fixed in 15.2(2)JB2 so surely that should be integrated in 15.3(3)JBB?
Or was it never merged to later code trains for some reason (seems unlikely for a sev 2 bug)?

Hi @Rich R

Yes, the fix should ideally carry over to subsequent versions. However, i've seen this bug being brought up in quite a few cases with the exact same symptoms seen even on 15.3(3) versions, hence felt it was worth mentioning.

 

@rafael.mult,  it's true that if there's a Cisco advisory for a vulnerability on a specific version, you do not require a contract to obtain the fixed release. However, in this case, it's a bug you're trying to fix. You'll need a service contract to get support for the part. 

 

Cheers!

Review Cisco Networking for a $25 gift card