Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1400
Views
0
Helpful
9
Replies

Wireless clients complain about slowness and frequent disconnections.

MohanKumar30269
Level 1
Level 1

‎10-01-2021 12:27 AM

Hello Wireless Ninjas,

 

Our Wireless clients connected to the same AP complain about slowness and frequent disconnections. The only strange logs flooding in the AP which I noticed are mentioned below.

 

%DOT11-4-CCMP_REPLAY: Client 84c5.a6fc.2f97 had 2 AES-CCMP TSC replays
%DOT11-4-CCMP_REPLAY: Client 84c5.a6fb.ceda had 1 AES-CCMP TSC replays
%DOT11-4-CCMP_REPLAY: Client 84c5.a6fc.2f97 had 1 AES-CCMP TSC replays

 

%WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:1 Source MAC:a618.88c7.50b5

%WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:6 Source MAC:a618.88c7.559b

%WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
%WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:1

 

%DOT11-6-ASSOC: Interface Dot11Radio0, Station 84c5.a6fc.2f97 REAP Associated KEY_MGMT[Open]
%DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 84c5.a6fc.2f97 Sending station has left the BSS
%DOT11-6-ASSOC: Interface Dot11Radio0, Station 84c5.a6fc.2f97 REAP Associated KEY_MGMT[Open]

 

%DOT11-4-BAD_BASSN: Client d472.2626.2bee(40165) DELBA upstream for priority 0 on packet seq jump
%DOT11-4-BAD_BASSN: Client d472.2626.2bee(40165) DELBA upstream for priority 0 on packet seq jump

 

AP Model:AIR-CAP3602I-N-K9

AP Version: 15.3(3)JD16

LWAPP image version 8.3.143.0

 

Kindly help to solve this problem. we tried changing the channel but getting the same error on the new channel as well.

 

Please let me know if you need any other details.

 

Thank You

MK

4 people had this problem
0 Helpful
9 Replies 9

Kasun Bandara
VIP
VIP

‎10-01-2021 12:54 AM

Hi, while investigating i found below bug report and can be related to your issue.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs40343/?rfs=iqvred

 

also by reading logs, it seems like some wireless client sending replay packets and WIDS detecting them as a attack. if someone trying to do DOS kind attack, other user's traffic will get dropped and users will feel slowness and disconnections. last logs are kind of related to sequence number mismatching, which can occur with packet drops. better to check AP statistics and connected clients list to identify any abnormal traffic behaviors or unknown users. WLC's client list can use to get good idea about user list and observe unknown/known abnormal details for each client.

 

Good luck

KB

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎10-01-2021 02:59 AM

@MohanKumar30269 wrote:

Our Wireless clients connected to the same AP complain about slowness and frequent disconnections.

Slowness and frequent disconnections happening to wireless clients connecting to ONE AP?  Is that correct?

0 Helpful

MohanKumar30269
Level 1
Level 1
In response to Leo Laohoo

‎10-01-2021 03:03 AM

Yes, there is only one AP at the site.
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to MohanKumar30269

‎10-01-2021 03:21 AM

If 2.4 Ghz is turned off, is the wireless better?

0 Helpful

MohanKumar30269
Level 1
Level 1
In response to Leo Laohoo

‎10-01-2021 03:26 AM

We haven’t tried that but most of them are connected to 2.4GHz, are you recommending to try that ? Will those same clients be able to connect 5 GHz, if we shutdown 2.4 GHz ?
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to MohanKumar30269

‎10-01-2021 03:40 AM

@MohanKumar30269 wrote:
Will those same clients be able to connect 5 GHz, if we shutdown 2.4 GHz ?

Depends if the wireless clients have dual band radios (2.4 Ghz & 5.0 Ghz). 

@MohanKumar30269 wrote:
We haven’t tried that but most of them are connected to 2.4GHz, are you recommending to try that ?

2.4 Ghz in an enterprise environment will never work.  There are too many co-channel interference that can cripple 2.4 Ghz.

0 Helpful

MohanKumar30269
Level 1
Level 1
In response to Leo Laohoo

‎10-01-2021 04:20 AM

Leo,

 

I'll try that, I have attached the complete logs and few show commands, I would really appreciate it if you could review that. 

Thank you for the quick response

 

Regards,

Mohan Kumar

Preview file
1857 KB
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to MohanKumar30269

‎10-01-2021 04:39 AM

@MohanKumar30269 wrote:

I have attached the complete logs and few show commands

And?  What is the objective of showing me the logs?  
The logs tell me Channel 11 is being hammered.  That leaves 2 channels in the 2.4 Ghz to use.  What are the chances there are co-channel interference there too?  

0 Helpful

MohanKumar30269
Level 1
Level 1
In response to Leo Laohoo

‎10-01-2021 05:13 AM - edited ‎10-01-2021 06:07 AM

Yes, Channel 11 and 149 are being hammered. I tried changing to channel 11 to 6 in 2.4GHz and 149 to 64 in 5GHz but there is no improvement in performance and the clients are kept disconnecting and reconnect very frequently.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card