wireless users disconnecting randomly-Vwlc

ezzaariyouness · ‎04-21-2023

Hello everyone,

I have a virtual Wireless LAN controller with 49 AP running Version 8.10.142.0, All AP are connected Over the Wan network ( MPLS ). I'm experiencing random user disconnection from time to time.

For the SSID it's WPA with PSK as bellow :

config wlan bss-transition enable 1
config wlan security wpa akm 802.1x disable 1
config wlan security wpa akm psk set-key hex encrypt 1 cf8c71d4da800b08b5cf2bddc6731604 2b864de8508703e19635a4f35d7ea75ec33ef3c5 48 bc793af3c461fcb9fde1b05de56d76c870341d70772940ec1454500bb758115a8da3e55467a12771f8654a9faf7692cb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1
config wlan security wpa akm psk enable 1
config wlan security wpa enable 1
config wlan security ft adaptive enable 1
config wlan security web-auth server-precedence 1 local radius ldap
config wlan session-timeout 2 0
config wlan bss-transition enable 2
config wlan security wpa akm 802.1x disable 2
config wlan security wpa akm psk set-key hex encrypt 1 88046721225614d7f4f6e59ac73a34fc adc05151520671225e2e89025ee2bbf882c3d6e6 48 5ab3481451d627892cb117321be0463532270a582c74dc89324b3fe81fdb439ef4eacbb73d51d832e1c297cb5e3d1157000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2
config wlan security wpa akm psk enable 2
config wlan security wpa enable 2
config wlan security web-auth server-precedence 2 local radius ldap
config wlan interface 1 management
config wlan interface 2 management
config wlan assisted-roaming neighbor-list enable 1
config wlan create 1 LHTEST LHTEST
config wlan assisted-roaming neighbor-list enable 2
config wlan create 2 "Lagerhaus WiFi" "LH Butiker WiFi"
config wlan exclusionlist 1 60
config wlan exclusionlist 2 60
config wlan enable 2

I can see in the log error message like Client d0:88:0c:f0:0d:e0 may be using an incorrect PSK and %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:458 Invalid replay counter from client 32:48:3c:88:34:44 .

Can you help me figure out the issue?

attached is the log file

Flavio Miranda · ‎04-21-2023

Hello,

Your logs show two clients and one of them the message is pretty clear "may be using an incorrect PSK". Have you checked that?

If the problem is another client, I suggest you to run "debug client mac-addess" and show the whole log output. Only with this information is pretty hard to say anything.

ezzaariyouness · ‎04-21-2023

Yes, I checked the PSK is correct, the issue appears randomly and is not only related to one user.

for the debug client I need to run it and keep it for a long time because I don't have a specific time when the issue happened.

Leo Laohoo · ‎04-21-2023

What is the model of the AP?

ezzaariyouness · ‎04-22-2023

it's AIR-AP1832I-E-K9

Leo Laohoo · ‎04-22-2023

Hmmmm ... Another 18xx.

Tell us more about the wireless clients? Are they laptops? IF they are, what are model of the wireless NICs and the version of the wireless NIC drivers they are running?

ezzaariyouness · ‎05-05-2023

it's ipad apple

Leo Laohoo · ‎05-05-2023

Make sure the channel width is 20- or 40 Mhz bond (and not higher).

Turn off WMM and see if this improve things.

ezzaariyouness · ‎05-05-2023

I found that the channel width was 80 so I change it to 40 and I will Turn off WMM .

I'm monitoring it and will be back to You.

ezzaariyouness · ‎05-05-2023

after making changes the issue still persist.

I attached the client debug file

Flavio Miranda · ‎05-05-2023

The logs is not pretty much not helpful. It keeps say "may be using an incorrect PSK"

Man, as you are running a virtual WLC , right. Why dont you build up a new one and transfer one or two AP to the new WLC to isolate the problem. Try to use a different version. It might be a bug.

You can do a test after hour, you can even use the same addressing, just shutdown the active one and bring the new one for testing.

ezzaariyouness · ‎05-09-2023

I updated the WLC to the last version 8-10-183-0, I will monitor the situation.

marce1000 · ‎04-21-2023

- Checkout https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html . also have the full config of the controller analyzed with this procedure : https://community.cisco.com/t5/networking-knowledge-base/show-the-complete-configuration-without-breaks-pauses-on-cisco/ta-p/3115114#toc-hId-1039672820
Have the output analyzed with : https://cway.cisco.com/wireless-config-analyzer/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎04-22-2023

the MPLS add more overhead to packet, so you need to reduce the IP MTU at least 12 bytes.
I think this is issue of MTU

ezzaariyouness · ‎04-22-2023

I don't think so, because we have also some AP unify that are not showing this issue .