Solved: WLC 5508 AP AIR-LAP1142N-E-K9 and android clients issues

tanner.zaitt · ‎08-01-2022

Hi,

Do you aware of any issues with Android clients?

My WLC is 5508 and the AP is LAP1142N-E-K9.
The SSID is open without security for public wifi.
The DHCP server is on Microsoft Windows Server with Routing and remote access features enabled.
The Android devices are not able to browse internet.
They connects successfully but without internet.
On the same AP Iphone smartphones and standard Laptop machines have internet.
The issue is only with one AP in the infrastructure, other APs are okey.

Do you have any ideas where is the problem?

Thank you in advance.

Rich R · ‎08-01-2022

Do you have the same tcp-adjust-mss setting on both WLC? Try 1250? (This is something where I've specifically seen Android behave differently to iPhone and Windows previously)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

Leo Laohoo · ‎08-01-2022

@tanner.zaitt wrote:
The Android devices are not able to browse internet.
They connects successfully but without internet.

Using CLI, look at the client detail & determine if the wireless have the correct IP address, subnet mask and default gateway?

Can the affected wireless client browse internal address?

tanner.zaitt · ‎08-01-2022

The network parameters are correct.
I am not able to check your second question remotely.

marce1000 · ‎08-01-2022

>...The issue is only with one AP in the infrastructure, other APs are okey.

- Reboot the access point . check if that can help.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

tanner.zaitt · ‎08-01-2022

One Correction, all APS are affected on the second controller.

The first controller is okey.

The controllers are individual, they are not in HA configuration.

We tried to reboot all APs on the controller without positive effect.

Issue only with android devices.

marce1000 · ‎08-01-2022

- Can all the access points join the controller again after reboot (please verify).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

tanner.zaitt · ‎08-01-2022

Hi,

Yes, the operational status is REG (Registered).

marce1000 · ‎08-01-2022

- Use latest software version that the 5508 can (still) run (if applicable) : https://software.cisco.com/download/home/282600534/type/280926587/release/8.5.171.0 (it can't go beyond that). Check if that can improve the situation with the Android clients.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

tanner.zaitt · ‎08-01-2022

I did see only that a 10 days ago the wlc controller with issues has been rebooted unexpectedly.

Rich R · ‎08-01-2022

Do you have the same tcp-adjust-mss setting on both WLC? Try 1250? (This is something where I've specifically seen Android behave differently to iPhone and Windows previously)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

tanner.zaitt · ‎08-01-2022

Hi,
Where do you apply this setting tcp-adjust-mss 1250?

(Cisco Controller) config>ap tcp-mss-adjust enable AP3 1250

tanner.zaitt · ‎08-01-2022

Hi, thank you.

This setting looks like solving the issue.

Should I implement it to all Access Points?
Reboot of the Access Points is it required?

tanner.zaitt · ‎08-02-2022

Hi,

With Tablet with Android 8.1 doesn't work.
Open network without protection for free access.

I noticed my previous configuration:

(Cisco Controller) >show ap tcp-mss-adjust all

AP Name TCP State MSS Size
------------------ -------- -------
A-AP1 disabled -
B-AP1 disabled -
C-AP3 enabled 1363
D-AP1 disabled -
E-AP2 disabled -
F-AP2 enabled 1363
G-AP1 disabled -
H-AP2 enabled 1363
I-AP3 disabled -
J-AP7 enabled 1363
H-AP2 enabled 1363
TB-AP4 enabled 1363
NT-AP8 disabled -
UL-AP10 disabled -
PL-AP9 disabled -
TA-AP1 disabled -
TF-AP1 disabled -
TJ-AP1 enabled 1363
TB-AP5 enabled 1363

--More-- or (q)uit
NN-AP1 enabled 1363
AB-AP6 enabled 1363
RP-T2 disabled -
TD-AP4 enabled 1363
TA-AP1 enabled 1363

Do you have information for 1363 size?

Rich R · ‎08-02-2022

The Cisco recommendation has changed a number of times over the years and they now recommend 1250.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/global_traffic_forwarding_configurations.html#tcp-mss
We enable 1250 for all APs now for maximum compatibility and haven't had any reports of problems with that setting whereas with higher values we did.
If that still doesn't work for some devices suggest you do a packet capture to determine why. You'll often find the problem is with certificate exchange on TLS connection setup where the packets are inevitably using the max MSS value.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

tanner.zaitt · ‎08-02-2022

Thank you for your explanation.

My colleague finds this in the logs of the controllers:
*apfMsConnTask_1: Aug 02 12:11:27.729: %LWAPP-3-INVALID_SLOT: spam_api.c:1469 The system detects an
invalid slot identifier (1) - All the AIDs are in use. Could not allocate association identifier; AP 5c:50:15:1d:3d:b0

Field Notice: FN - 70253 - Wireless Client Fails to Associate: AID Error - Software Upgrade Recommended - Cisco

The controllers are with version: 8.0.152.0.
As you see 8.0.150.0 and 8.0.152.0 are affected.
Are you recommend to jump to version 8.2.170.0 ED?