02-27-2019 04:05 AM - edited 07-05-2021 09:56 AM
Client can not connect to 2802 AP while roaming from 2702. I see the following msgs in AP logs. As soon as client is in 2702 radius then it connects again. Let me know if you need more info. Any help is appreciated.
Feb 26 12:26:46 kernel: [*02/26/2019 12:26:46.8048] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (72 64)
Feb 26 12:26:56 kernel: [*02/26/2019 12:26:56.7994] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (88 64)
Feb 26 12:27:06 kernel: [*02/26/2019 12:27:06.8232] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (104 64)
Feb 26 12:27:16 kernel: [*02/26/2019 12:27:16.8400] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 12:27:26 kernel: [*02/26/2019 12:27:26.8202] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 12:27:36 kernel: [*02/26/2019 12:27:36.8315] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 12:27:46 kernel: [*02/26/2019 12:27:46.4437] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 12:27:56 kernel: [*02/26/2019 12:27:56.4335] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 13:03:48 kernel: [*02/26/2019 13:03:48.1204] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (72 64)
Feb 26 13:03:58 kernel: [*02/26/2019 13:03:58.1152] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (88 64)
Feb 26 13:04:08 kernel: [*02/26/2019 13:04:08.0921] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (104 64)
Feb 26 13:04:18 kernel: [*02/26/2019 13:04:18.0919] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (120 64)
Feb 26 13:04:28 kernel: [*02/26/2019 13:04:28.0926] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (136 64)
Feb 26 13:04:38 kernel: [*02/26/2019 13:04:38.1088] macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (136 64)
Feb 26 13:15:37 kernel: [*02/26/2019 13:15:37.8342] Sending GTK KEY message failed hostapd CISCO GTK_KEY bbc7xxxxxxxxxxxxxxx
Feb 26 14:17:04 kernel: [*02/26/2019 14:17:04.2767] Sending GTK KEY message failed hostapd CISCO GTK_KEY 3567cxxxxxxxxxxxxxx
Feb 26 15:18:55 kernel: [*02/26/2019 15:18:55.9041] Sending GTK KEY message failed hostapd CISCO GTK_KEY 16373xxxxxxxxxxxxxx
Feb 26 16:20:48 kernel: [*02/26/2019 16:20:48.3322] Sending GTK KEY message failed hostapd CISCO GTK_KEY 8bb13xxxxxxxxxxxxxx
Feb 26 17:21:54 kernel: [*02/26/2019 17:21:54.0340] Sending GTK KEY message failed hostapd CISCO GTK_KEY 12945xxxxxxxxxxxxxx
Feb 26 18:22:57 kernel: [*02/26/2019 18:22:57.2691] Sending GTK KEY message failed hostapd CISCO GTK_KEY 45d8bxxxxxxxxxxxxxx
Feb 26 19:24:34 kernel: [*02/26/2019 19:24:34.6204] Sending GTK KEY message failed hostapd CISCO GTK_KEY c3d22xxxxxxxxxxxxxx
Feb 26 20:26:10 kernel: [*02/26/2019 20:26:10.3756] Sending GTK KEY message failed hostapd CISCO GTK_KEY 8a5c2xxxxxxxxxxxxxx
Feb 26 21:27:15 kernel: [*02/26/2019 21:27:15.4937] Sending GTK KEY message failed hostapd CISCO GTK_KEY 1ee2dxxxxxxxxxxxxxx
11-27-2020 08:43 AM - edited 11-27-2020 09:52 AM
Hi everyone, similar problem here unfortunately I cannot go to 8.5 or above version because we still have a significant number of 1040,1140 old AP's that we have not decomissioned or replaced yet. Question, what is the best version you suggest because I see 2 of them as indicated by TAC:
8.3.150.6 or
8.3.143.15
Unfortunately, we move from the STABLE CAPWAP CentralSW/CentralAuth to the "nightmare" Flexconnect and now every single user is complaining about unable to connect, disconnections, etc etc.
I have WPA gtk-randomize DISABLED
I am proceeding to disable ALL the 802.11k/v/r if it is there
running 8.3.143.0 which has been stable for over 2 years
I would like to know your comments is about LOAD BALANCING ON FLEXCONNECT, the behavior is totally different to CAPWAP CentralSW/Authc. I have seen on the AP's logs multiple error messages that points to the Association code = 0 (success) and immediately the disassociation code 5 (instead of JUST having the code 17 that works perfectly on CAPWAP). In addition to that I notice something that pointed to the wrong radius aggressive failover config that I had and it was removed.
thanks
What else would you suggest?
thanks
11-27-2020 10:15 AM
11-27-2020 10:43 AM
Hi Scott,
Thanks for replying. Quick question, If I have an stable CAPWAP Central SW/ Central Authc (local mode) and the only change to implement flexconnect is the advanced tab on each SSID + Flexc ACL + FlexcGroups + Flexc WLAN/VLAN mapping, 1 AP group for all Flexc sites, 4 default interfaces for all Flexc Sites, etc; I mean minor changes, why all of the sudden so many problems with WIFI connectivity?. I followed the Flexc implementation documentation using as baseline my Local Mode WLC configuration.
In any case, I am opening another thread as suggested and posting my findings.
11-27-2020 11:16 AM
11-27-2020 11:38 AM
FINAL NOTE:
A TAC case was opened, I am also getting this error message on AP's 2800, hoping I am not hitting the following bug (the AP is already in connected mode) that could explain why authentication is failing even though everything looks normal.
hostapd: apr1v2:RADIUS: No authentication server configured
BUG = https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs45806/?rfs=iqvred
06-11-2019 07:19 AM
Do you have debug client log when things happen?
10-22-2019 09:00 PM - edited 10-22-2019 09:01 PM
Bumping this thread as I am running in to the exact same issue in our environment and it's driving me nuts!
We have 2802i model APs on 8.3.143.0 code running Flex mode with local switching and we are having multiple units all at once stop allowing auth from clients. The following two types of logs are seen on the APs:
1. macMgmtMlme_AssocReAssocReqHandler[line 2339] out of boundary (<two numbers listed>)
2. Sending GTK KEY message failed hostapd CISCO GTK_KEY <key>
The only thing that resolves this in the short term is restarting the affected units.
I'm going to assume at this point it's fixed in a higher code version but I'd really like to get a bug ID at least that I can reference when trying to explain it to management!
10-22-2019 10:07 PM
I am suspecting that this symptom is hitting CSCvk17370.
You can upgrade to 8.8.151/8.8.100/8.9.100 and later, and then observe for a while.
10-23-2019 12:04 AM
We have updated our 5508s to Hotfix-version 8.3.143.15. That fixed the issue for us. Would be less impact than updating from 8.3 to 8.8 ...
10-23-2019 01:09 AM
10-23-2019 01:45 AM
11-11-2019 08:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide