Many thx Flavio. With regards to local authentication, I read this one but I am using MAB for guest portal provided by ISE. The document is describing dot1x only. Is MAB supported using local authentication as well? If there is any document will be g8.

Hi

Take a look here, maybe it can help you

 https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213922-configure-mac-authentication-ssid-on-cis.html

What do you mean by "I would take a look on the Link Latency paramenter on the WLC. You may extend the value to the maximum allowed." Can you provide some documentation?

TAC opened CSCwh89539 for me.  They insist that it is cosmetic and not service affecting and that no traffic is actually being throttled.
It has nothing to do with link latency - it starts when the WLC is under heavy load - eg after reload or large number of APs trying to join, and then the affected APs remain in that state forever after with the counter constantly increasing to ridiculously large number of seconds.
With WLC on 17.9.4 + CSCwh31966 & CSCwh87343 SMU + APSP6 the APs have been stable in spite of those log messages which tends to confirm that the messages are only cosmetic.

@gnburgos you'll need to troubleshoot the exact cause of your AP disconnections with TAC - there's a whole lot of things in the setup which could cause this as well as various bugs which could be causing it.  Without knowing any detail of your setup impossible to say.  Use the Config Analyzer (link below) to check your config as a starting point and fix any major issues highlighted in red.  Also check the Best Practices guide (link below).

@Rich RThanks for the information about this issue, for us is complicated because when we have the message refer to CSCwh89539 this generate massive ap disconnections we already use the config analyzer and basically follow all the best practices recomended from TAC, by the way last week we upgrade the Rommon. whats happend to you when you got the this messages do you have massive disconnections? or just see the mesage in the log? like a cosmetic message? Please any info that you can share will be useful for us.

Regards

The bug was opened while we investigated disconnections and other issues with TAC.
But the messages continue even after the issues are resolved so do seem to be only cosmetic.

@Rich R  appreciate your information, in my case is different with the message come the ap´s disconnection and the only way to have the ap´s back joined is doing a redundancy force-switchover. and we are not able to take captures because customer dosnt allowed us to have service down. thanks again!!!

regards

I think the messages are a symptom of the underlying problem rather than the cause.

As I said the messages start when the WLC is under heavy load, so it's that load which is likely causing the problems with the messages and disconnections being the result.

Concentrate on what might be causing the load on the WLC. 17.9.4 + CSCwh31966  & CSCwh87343  SMUs + APSP6 has been stable for us but obviously every network is a little different so it might not be for you.

How many APs and client do you have on the 9800-L-F ?

@Rich Rwe have 159 AP's and more less 1100 users, we can see that the controller is healthy.

So you've been monitoring WNCd and CPU never goes high?