cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6626
Views
0
Helpful
15
Replies

Reassociation (disconnect) from mobile stations every 1800 sec.

Hi all!!! Have a WLC 2504 (AirOS 8.0.100.0) and AP 1602, 2602, 1141 in flexconnect mode and 50-60 clients. Came across the following problem, occurs reassociation (disconnect) from mobile stations every 1800 sec. WLAN(SSID) set with WPA2-AES PSK and in the settings WLANs > Edit > Advanced >Enable Session Timeout > unchecked. What could be the problem?

15 Replies 15

Freerk Terpstra
Level 7
Level 7

Do you currently have any issues or is it just an observation? Could you give us the output from a "show wlan x"?

Besides that I would advice you to upgrade to 8.0.110 and also check if your FUS is the current one as well. If you need to upgrade the FUS, plan a big enough maintenance window because this process will take at least 30 minutes to complete.

Currently this is a problem.Current FUS 1.9 and has been updated more than a year ago. 

output from a "show wlan x" :

(Cisco Controller) >show wlan 1


WLAN Identifier.................................. 1
Profile Name..................................... internet
Network Name (SSID).............................. internet
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
    Radius Profiling ............................ Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
    Local Profiling ............................. Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 66
Exclusionlist.................................... Disabled
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 20 seconds
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... WLC-2504
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ internet
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web Authentication Timeout.................... 300
   Web-Passthrough............................... Disabled
   Mac-auth-server............................... 0.0.0.0
   Web-portal-server............................. 0.0.0.0
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Enabled
   FlexConnect Central Association............... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   flexconnect PPPoE pass-through................ Disabled
   flexconnect local-switching IP-source-guar.... Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Disabled
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
   Eap-params.................................... Disabled
AVC Visibilty.................................... Enabled
AVC Profile Name................................. Cisco-Prime
Flow Monitor Name................................ Monitor
Split Tunnel Configuration
    Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Disabled
802.11v BSS Max Idle Service..................... Enabled
DMS DB is empty
Band Select...................................... Enabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Admin.................................. Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority  Policy Name
--------  ---------------

Hi,

Set:

session timeout : 65535
Idle timeout: 86400
ARP timeout: 86400

https://rscciew.wordpress.com/2014/05/07/timeout-setting-on-wireless-lan-controller/

Try it and let us know.

 

Regards

Don't forget to rate helpful posts

The problem was not solved.

Keep the idle timer at 300 seconds. You can leave the session timer at what you have or disable it. I prefer to disable this. 

Like George mentioned, what type of clients?

-Scott

-Scott
*** Please rate helpful posts ***

Hi all. After some tests come back to this topic. Updated WLC to version AirOS 8.0.115. The problem occurs with Windows 8/8.1 and some Apple MacBook devices (1 or 2 device), reassociation random (it may be 400 or 600 or 1800 or 2020 seconds). I note the following, after configure technology 802.11w (Protected Management Frame) (mode Optional) clients uptime stable and session is not broken. But turn on 802.11w, all clients in the network (Android, Apple, Windows, Linux and so on) have lose speed (3-12 Mbit/s) and packets - ping 2500 - 4000 ms. As soon as I turn off 802.11w on WLC everything becomes normal - high speed, no packets lose - ping 1-3 ms. What is the reason? Maybe it is a WLC bug? 

Client support for 802.11w can be why.  I never turn that feature on to be honest.  As you can see, the wireless supports certain features, but in the end, all clients have to also support it.

-Scott

-Scott
*** Please rate helpful posts ***

How do you explain to a client retention uptime with turn on 802.11w??? And lose speed and packets with turn on 802.11w??? I need a clear answer.

For that to work, you need to find out if the end devices support 802.11w.  If one type doesn't, then there you go, you shouldn't turn that on on that given WLAN.  The ping times you are seeing is not normal as you know, so that typically means compatibility issues and points to the end devices and or drivers. If the devices do not support 802.11w, then they will not work well or at all.  If you think it is a bug, then you need to open a TAC case.  Set it to default, which is optional and those that support it will use it and those that don't will not.

-Scott

-Scott
*** Please rate helpful posts ***

What type of clients ? 

 

Monte playing with the idle timeout is playing with fire. The WLC doesn't honor deauth frames in other words your client data base will grow and keep disconnected clients on the client data base for a very extended time. 

 

Yiur best eat be is to debug the client and start from there ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Abhishek Abhishek
Cisco Employee
Cisco Employee

Station Services

The 802.11 standard defines services for providing functions among stations. A station may be within any wireless element on the network, such as a handheld PC or handheld scanner. In addition, all access points implement station services. To provide necessary functionality, these stations need to send and receive MSDUs and implement adequate levels of security.
Authentication

Because wireless LANs have limited physical security to prevent unauthorized access, 802.11 defines authentication services to control LAN access to a level equal to a wired link. Every 802.11 station, whether part of an independent BSS or an ESS network, must use the authentication service prior to establishing a connection (referred to as an association in 802.11 terms) with another station with which it will communicate. Stations performing authentication send a unicast management authentication frame to the corresponding station.

The IEEE 802.11 standard defines the following two authentication services:

    Open system authentication This is the 802.11 default authentication method. It is a very simple two-step process. First the station wanting to authenticate with another station sends an authentication management frame containing the sending station's identity. The receiving station then sends back a frame indicating whether it recognizes the identity of the authenticating station.

    Shared key authentication This type of authentication assumes that each station has received a secret shared key through a secure channel independent from the 802.11 network. Stations authenticate through shared knowledge of the secret key. Use of shared key authentication requires implementation of the Wired Equivalent Privacy algorithm (WEP).

    
For more information please refer to the link-

http://www.informit.com/articles/article.aspx?p=24411&seqNum=7

ajc
Level 7
Level 7

Hi Sergey,

Taking into account your ENABLE SESSION TIMEOUT is DISABLED, I am thinking that you could be facing an USER IDLE TIMEOUT.

Check the following parameter on the specific SSID-- > Advanced Option - >

Client user idle timeout(15-100000)
 BOX

 

If that parameter is UNCHECKED for the specific SSID then the WLC applies the VALUE Globally configured on your WLC. This parameter is located at CONTROLLER -- > GENERAL -- > User Idle Timeout (seconds).

Hoping this helps.

 

 

Hi Abraham!!! USER IDLE TIMEOUT for this WLAN established a long time ago and equal 20 sec. This does not solve the problem. 

20 Sec??

Review Cisco Networking for a $25 gift card