Re: The Strangest Wireless Network Issue!!!

aipan-zhao · ‎10-29-2025

Hi teachers, I have recently encountered a strange issue. During the normal use of our wireless network, there will suddenly be a loss of Internet connectivity. If I then click to disconnect and try to reconnect to the same WIFI, it will keep showing "Connecting" — this process will last for 5 minutes or even longer, and there are two possible outcomes:

It shows "Failed to connect to this network";

The connection is successful.

Typically, no error records of this issue can be found on ISE, but the error logs are available on DNACenter：

Due to 802.11 Poor Channel Conditions：：However, our devices are within 1 meter of the AP, so there is no issue with signal reception.

This problem occurs on different devices of various models in different regions across the country. It even happens inexplicably within 1 meter of the AP, with no regular pattern.

This issue has been troubling us for a long time, and we suspect it arose after upgrading the WLC version.

WLC Verision:C9800-CL 17.12.4

AP Version:C9130AXI-H and 3802AXI-E

I wonder if anyone could help resolve this issue. Your assistance would be greatly appreciated.

Kasun Bandara · ‎10-29-2025

hi @aipan-zhao , normally its recommend to go for latest or N-1 version for the OS version as per your company policies. suggest you to upgrade device to 17.12.6a or 17.15.4b and see if issue resolved.

other than WLC side check if client PC side logs showing any errors or warnings.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

aipan-zhao · ‎11-12-2025

Hi Sir

Thank you for your reply. This issue occurs not only on the PC side but also on the iPhone client. Moreover, it happens randomly and has been reported across different regions, locations, and devices. We have planned to downgrade the version to 17.6.5 because this problem was never observed in version 17.6.5 before the version upgrade.

Mark Elsen · ‎11-12-2025

- @aipan-zhao I would not go back to 17.6.5 because that is a very old release !!
Consider 17.12.6a or 17.15.4b as suggested earlier

- Validate the configuration of your 9800 controller using the CLI command : show tech wireless
and feed the output from that into Wireless Config Analyzer

- Debug none-working clients with instructions from : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
These debugs can be analyzed with Wireless Debug Analyzer

- Use commands from : Wireless client related KPIs
to check on overall client health

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Saikat Nandy · ‎10-29-2025

can I have the 'show tech wireless' output from the WLC please.

aipan-zhao · ‎11-12-2025

Hi Sir

The results has been attached,pls check it,thank you

Mark Elsen · ‎11-12-2025

- @aipan-zhao Your resulting file seems too big for : Wireless Config Analyzer
Try again : make sure to save the CLI output from show tech wireless only
and nothing else.
Als note you need the full command as outlined in green,
it does not work with show tech-support !

You can easily use Wireless Config Analyzer yourself
once you have the file requested (from 'show tech wireless')
drag and drop it into

Then press RUN !

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

aipan-zhao · ‎11-12-2025

Hi Sir

Thank you for your reply. I can confirm that I obtained the file exactly as you instructed. I also tried importing the file into the analyzer, but there was no output. This may be due to the large file size caused by our having more than 500 wireless APs and over 30 sites.

Mark Elsen · ‎11-12-2025

- @aipan-zhao Send it to me in a private message,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Mark Elsen · ‎11-13-2025

- @aipan-zhao I was able to process it by using the Desktop version of Wireless Config Analyzer ;
which you can find at : https://github.com/CiscoDevNet/wcae/raw/refs/heads/master/wcae-gui-win-v12a.zip
There are several controller related remarks which should be looked into ; check screenshot below
And or have a go with it yourself !!
(the first one concerning the ipv4 access list can be ignored)

That being said ; there are major drawbacks for going back to 17.6.5 , such as introducing
many bugs which might not be experienced immediately but may popup later for
your wireless customers.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Mark Elsen · ‎11-13-2025

- @aipan-zhao Using red link button from the second error in config analyzer :
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_vewlc_flex_connect.html#Cisco_Concept.dita_806fe241-834b-4994-a6c9-61725d091eef

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

aipan-zhao · ‎11-17-2025

Thank you very much for your reply. I don't think the issue of an excessive number of FLEX units is the cause of the problem, because this situation occurs in all our stores across the country. The number of FLEX units in each store varies, and most of them do not exceed 20. Additionally, the desktop software you provided is very useful to me. Thank you again.

Mark Elsen · ‎11-17-2025

- @aipan-zhao Ok, consider other advices from the desktop version of wireless config analyzer (WCAE) too !

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

OliverHaven133 · ‎11-12-2025

Hey, I feel your pain—this kind of intermittent WiFi gremlin (sudden drops, endless "connecting" spins, and random successes) is maddening, especially when it's hitting devices right next to the AP and no clear pattern. The "802.11 Poor Channel Conditions" flag in DNAC despite strong signals screams false positive or radio quirk, and tying it to your WLC upgrade is a solid hunch. I've dug into similar cases on Cisco setups, and while your exact combo (C9800-CL 17.12.4 with C9130AXI-H/3802AXI-E APs) isn't a headline bug, it's echoing some known headaches in 17.12.x. Let's troubleshoot step by step—start simple, escalate if needed.

### Quick Reality Check: Is It Widespread?
Not a massive outage wave right now, but yeah, others are griping about reconnection stalls and channel misreads post-upgrade in 17.12.x. Folks on Cisco Community report clients (especially mixed WiFi 6/AX) hanging in auth/handshake phases, with DNAC over-flagging "poor conditions" due to aggressive RRM (Radio Resource Management) tweaks. No ISE logs means it's likely pre-auth (association or probe response weirdness), not RADIUS.

### Likely Culprits (Post-Upgrade Vibes)
- **RRM/Channel Shenanigans**: 17.12.4 dialed up noise detection sensitivity—DNAC sees "poor" even on clean channels if there's micro-interference (e.g., microwave bleed or neighbor APs). Your 1m tests rule out distance, but it could be transient RF hiccups triggering deauths.
- **Client State Mismatch**: Devices get "stuck connecting" during re-assoc because the AP/WLC isn't clearing old state fast enough (seen in AX APs like yours).
- **Firmware Mismatch/Upgrade Glitch**: C9130/3802 APs on older images might not handshake cleanly with 17.12.4—check if AP FW is synced (should be 17.12.4.x).
- **Other Sneaks**: High client load, DFS channel hops (5GHz), or even IPv6 flapping (one thread pinned iPads losing v6 during stalls).

### Step-by-Step Fixes to Try (Start Here—No Downtime)
1. **Verify & Sync Firmware**:
- CLI on WLC: `show ap image all`—ensure APs are on 17.12.4 (or latest patch like 17.12.4a). If not, predownload: `ap name <AP-NAME> image predownload tftp://<SERVER>/17.12.4`.
- AP join issues? Run `show ap join stats summary` for errors (e.g., CAPWAP timeouts).

2. **Tune RRM for Sanity**:
- Disable auto-RRM temporarily: GUI > Configuration > Radio Resource Management > 802.11a/b > Set "Assignment Method" to Custom, pick fixed clean channels (e.g., 36/40/44 for 5GHz, 1/6/11 for 2.4GHz). Power to medium (not auto).
- CLI: `config 802.11a channel global 36,40,44` (test one AP first).
- Re-enable after a week if stable— this often kills false "poor conditions" flags.

3. **Client Reconnect Tweaks**:
- Bump client timeouts: GUI > Configuration > Tags & Profiles > Policy > WLAN Policy > Advanced > Set "Client Inactivity Timeout" to 3600s, "Aggressive Load Balancing" off.
- Enable "Fast Roaming" or "802.11r" if your clients support it (helps sticky reconns).
- Test: Force a deauth (`debug client <MAC>`) on a problem device and watch the assoc in `show wireless client mac <MAC> detail`.

4. **DNAC/WLC Debugs for Clues**:
- On WLC: `debug client <MAC>` + `debug capwap events enable` during a fail—look for "deauth reason 7" (class 3 frame from non-assoc) or heartbeat drops.
- DNAC Assurance: Run a Client Health test on the AP—filter for "Poor Channel" events and drill into spectrum (might show phantom interferers).
- No ISE hits? Good—focus on radio: `show ap dot11 24ghz/5ghz channel` for utilization spikes.

5. **Upgrade/Rollback Test**:
- 17.12.4 is solid but had reconn flakiness in early builds—jump to 17.12.5 or 17.13.1 (TAC rec for stability). Rollback to pre-upgrade version on one site for A/B testing if it's dire.
- Field Notice Check: Your APs aren't in the "fail to join" batch (FN72424), but confirm serials if manufactured post-Sept 2022.

### If That Doesn't Stick
- **Packet Capture**: Mirror AP switchport + Wireshark filter `wlan.fc.type_subtype == 0x00` (assoc reqs) during a stall—spot if probes get NAK'd.
- **Escalate to TAC**: Bundle `show tech wireless`, DNAC export, and a client Wireshark. Reference bug CSCwj07316 (sync issues) or CSCvw30043 (DHCP stalls, if IPv4 drops too). They've fixed similar in patches.
- **Workaround**: Seg a test SSID on fixed channels/power for affected areas.

This should get you 80% there—start with RRM tweaks, as that's the low-hanging fruit for "poor conditions" lies. What's the client mix (iOS? Android? Laptops?)? And any patterns on bands (2.4 vs 5GHz)? Drop more deets, and we'll narrow it. You've got this—hang in there!

aipan-zhao · ‎11-13-2025

Hi Sir

Thank you for your answers to my questions.

Regarding the phased restoration plan, I will provide responses to each item one by one.

1:1. **Verify & Sync Firmware**:

It has been confirmed that for all devices, including the AP devices in the faulty area, the versions are consistent with the WLC version. Additionally, after the APs go online, they will also automatically update to the same version as the WLC.

2. **Tune RRM for Sanity** and 3. **Client Reconnect Tweaks**:

This method has been previously consulted with Cisco TAC and tested, but the results were not ideal

4. **DNAC/WLC Debugs for Clues** and 5. **Upgrade/Rollback Test**:

Since this issue did not occur before the upgrade and only emerged after upgrading to version 17.12.4, I will roll back to version 17.6.5 next week.