Wireless LAN User Disconnected

ejpark · ‎10-30-2023

Model : C9800

WLAN : WPA2/802.1X

Mode : Local

Software : 17.3.6

Hi,

The WLC session timeout setting is 1800 seconds, and during the client reauthentication phase The message 'CO_CLIENT_DELETE_REASON_KEY_XCHNG_TIMEOUT' is generated. We added the AAA Accounting setting a while ago and this causes an Accounting STOP message to the authentication server, ending the client WLAN connection. I want to know if there is an action plan for the cause. Also, I want to know if there is a problem if I increase the session timeout setting.

Attach the client log file as well.

Thank you.

Leo Laohoo · ‎10-30-2023

What is the model of the APs?

ejpark · ‎10-30-2023

Hi,

C9120AXI is in use.

There are also some 2702 models, but I did not the connected client check and debug.

Leo Laohoo · ‎10-30-2023

What kind of wireless clients are these, are they Intel-based AX2xx or Realtek RTL88xx wireless NIC?

ejpark · ‎10-30-2023

The NIC type cannot be confirmed because it is not currently on the site.
Is there a problem depending on the NIC type?

Thank you.

Leo Laohoo · ‎10-31-2023

@ejpark wrote:
Is there a problem depending on the NIC type?

Of course.

For Realtek RTL88xx, the wireless NIC driver should be, at a minimum, 6001.10.352.0 (and later). Refer to CSCwf03870.

For Intel-based AX2xx, the wireless NIC drivers should be 22.200.2.1 (and later) or 22.220.0.0 (and later). Refer to CSCwe50033.

ejpark · ‎10-31-2023

I'll check the client driver version when I visit the site.

Thank you.

Rich R · ‎10-31-2023

And as 17.3 is already End of Vulnerability/Security Support you should be upgrading to 17.9.4 + SMUs + APSPs as per the TAC recommended link below. That also provides a number of other bug fixes.

Why are you using such a short session timeout?

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

ejpark · ‎10-31-2023

First, I will check whether the 2702 model is used or not.
There is no particular reason to use the session timeout value as the default.
This is because it is not possible to know exactly the impact level when changing the best practice or value.
If I increase the session timeout value, will there be any problems with using it?

Thank you.

Rich R · ‎11-01-2023

Refer to https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#Clienttimers and while you're about check all the other Best Practice guidelines and check your config with the Config Analyzer (link below)

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390