Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
2
Helpful
3
Replies

WLC 5508 - DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM

Go to solution
enzo99
Level 1
Level 1

‎06-12-2024 01:10 AM

Hello guys,

since a few days we've been facing an issue on one of our main production sites. 
Other locations seem to be fine at the moment.
The problem is that some of the users can't authenticate to our primary SSID which is secured by 802.1X.

We are using a WLC 5508 Cluster with product version: 8.5.182.0 and the supplementary ap bundle.

Checking the WLC-Logs the detailed error message is: DOT1X RESTARTED DUE TO EAPOL-START/CLIENT ROAM

The radius request does not arrive on the NPS, neither an accept or deny response is generated. 
The problem seems to be getting worse. 

We planned on disabling FT (Fast Transition) as it was recommended in an other post with a similiar issue. Furthermore we did not update/change the intel NIC Firmware Version.

Has anyone of you got an idea where the problem might be ?

Thank you in advance!

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎06-12-2024 02:31 AM

 

       >...The problem is that some of the users can't authenticate to our primary SSID which is secured by 802.1X.
  - You should debug the client on the controller with commands as in :
                          (WLC) >debug client aaaa.bbbb.cccc
     Client debugs can be analyzed with : Wireless Debug Analyzer

  - For the controllers where the problems are occurring review the controller configuration using :
    WirelessAnalyzer input (procedure) for AireOs controllers
    and feed the output from that into Wireless Config Analyzer

  - High importance as per : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
    For the 5508 that comes down to using : https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7  because of the platform being EOL kind of always use the latest available release , because support is diminishing too.

  - Related to above : plan migration to the 9800 platform for future solid business support , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎06-12-2024 02:31 AM

 

       >...The problem is that some of the users can't authenticate to our primary SSID which is secured by 802.1X.
  - You should debug the client on the controller with commands as in :
                          (WLC) >debug client aaaa.bbbb.cccc
     Client debugs can be analyzed with : Wireless Debug Analyzer

  - For the controllers where the problems are occurring review the controller configuration using :
    WirelessAnalyzer input (procedure) for AireOs controllers
    and feed the output from that into Wireless Config Analyzer

  - High importance as per : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
    For the 5508 that comes down to using : https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7  because of the platform being EOL kind of always use the latest available release , because support is diminishing too.

  - Related to above : plan migration to the 9800 platform for future solid business support , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Rich R
VIP
VIP

‎06-16-2024 06:30 PM

Marce has covered most of the options for you there already.
Since your options are limited at this point you can also think about reloading APs and if that doesn't help reload the WLC.
Upgrading to 8.5.182.12 will do both anyway so that should probably be your first action point.

It goes without saying that Intel drivers should be updated - the older drivers cause no end of problems.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
enzo99
Level 1
Level 1

‎06-16-2024 11:18 PM

Hello,

we will try your suggestion of upgrading the wlc to the newest firmware. We have already rebooted the wlc and the APs in the affected area several times. I'll let you know as soon as we have aquired the new firmware and upgraded the WLCs accordingly.
Thanks for your help so far.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card