Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
4
Helpful
9
Replies

WGB failed to connect to same SSID with same PSK in new WLC8540

mmr99
Beginner
Beginner

‎09-16-2023 06:08 PM

Hi Guys, I need a help regarding WGB. Before it was connected in WLC8540 (8.5.131.0) with root AP2802. Recently  i swapped root AP to catalyst AP9120, also migrated to new WLC8540(8.10.183). But WGB failed to connect to SSID PSK based. Though PSK is same in both WLC SSID. In New WLC, it was showing "Client 'f4:4e:05:aa:bb:cc (0.0.0.0)' which was associated with interface '802.11a/n/ac/ax' of AP 'APNAME' is excluded. The reason code is '4(802.1X Authentication failed 3 times.)'. But when i rolled back root AP to 2802 with old WLC, it connected automatically. I've checked WGB config, it is perfect. WGB is SAP2702.

Would be great to get your expert knowledge.

 

Labels:
0 Helpful
9 Replies 9

marce1000
VIP Mentor VIP Mentor
VIP Mentor

‎09-16-2023 10:34 PM

 

 - Review this thread  : https://community.cisco.com/t5/wireless/1562-map-bridges-losing-connection-after-software-upgrade/m-p/4914640#M260198



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

‎09-17-2023 01:45 PM

To begin with I will configure WLAN configuration of both WLC to see it exactly matches (ideally get CLI backup config and compare line by line).

If it is a PSK SSID, reason code you refer "802.1X Authentication Failed 3 times" makes no sense.

HTH
Rasika
*** Pls rate all useful responses ***

mmr99
Beginner
Beginner
In response to Rasika Nayanajith

‎09-17-2023 03:43 PM - edited ‎09-17-2023 03:48 PM

have compared, no difference, "802.1X Authentication Failed 3 times" is coming because of the below logs, exclusion policy is set 3 times for auth fail

 

*Dot1x_NW_MsgTask_4: Sep 18 07:35:25.773: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:31:50.865: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:28:07.425: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:24:28.813: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK

0 Helpful

mmr99
Beginner
Beginner

‎09-17-2023 03:29 PM

while it is trying to connect new WLC, showing this logs, that client(WGB) may be using an incorrect PSK

*Dot1x_NW_MsgTask_4: Sep 18 07:39:03.297: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:ab:bb:cc may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:35:25.773: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:31:50.865: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:28:07.425: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK
*Dot1x_NW_MsgTask_4: Sep 18 07:24:28.813: %DOT1X-3-PSK_CONFIG_ERR: 1x_ptsm.c:766 Client f4:4e:05:78:a9:7c may be using an incorrect PSK

0 Helpful

Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor
In response to mmr99

‎09-18-2023 03:16 AM

Did you configure the PSK correctly on WLC as well as on WGB itself?

Other than WGB, is there any other client having issues connecting to that SSID ? that will isolate issue related to WGB or configs on the WLAN

HTH
Rasika
*** Pls rate all useful responses ***

0 Helpful

mmr99
Beginner
Beginner
In response to Rasika Nayanajith

‎09-18-2023 03:55 PM

Yes, PSK is defined perfectly. Both WLC have same SSID, PSK. there are many users using that with same PSK. These are tested already, only this WGB has failed to connect new WLC with the above logs, though it connects to old WLC properly.

 

0 Helpful

mmr99
Beginner
Beginner
In response to Rasika Nayanajith

‎09-19-2023 06:37 PM

Hi, I've applied a workaround to stop roaming to outside Catalyst AP as there is Root AP2802 sitting next to WGB. Has put no mobile station in Radio interface as soon as it hooked up to AP2802(existing WLC) to stop roaming. Before it was joining to next AP, but after few minutes, it was roaming to new AP in new WLC. last 2 days it is working perfectly.

Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎09-18-2023 03:05 AM

- Ideally new WLC should be running current latest release 8.10.185.3 (link below) - next MR due out soon.
- Have you tried using the 2802 root AP with the new WLC.
- What mode is the 9120 set to?
- Is the 2702 software updated to the same version?
- If you're using mesh mode have you added the 2702 MAC address to the WLC's MAC filter?

------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's   and   Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     after 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.185.3 and latest 9800 IOS-XE releases
     also fixed in 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that Mobility Express AP TFTP download is not affected so ME 8.5.182.0 still works but see FN-74035 below
Field Notice: FN-70479 Out-Of-The-Box AP Fails to Join WLC or Joins with Single Radio due to Country Mismatch - RMA required
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN-74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
     fixed in 8.10.185.3 and see the field notice for 8.5, Mobility Express and other fixed releases
Check your WLC config with Wireless Config Analyzer using "show tech wireless" output (9800) or "config paging disable" then "show run-config" output (AireOS) and use Wireless Debug Analyzer to analyze your WLC client debugs
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

mmr99
Beginner
Beginner
In response to Rich R

‎09-18-2023 04:24 PM - edited ‎09-18-2023 04:27 PM

Thanks for joining thread

- Have you tried using the 2802 root AP with the new WLC- yes, didn't work.

- What mode is the 9120 set to? Local

- Is the 2702 software updated to the same version?  this is just acting as client of wifi, do we need it?

- If you're using mesh mode have you added the 2702 MAC address to the WLC's MAC filter? it's just PSK based, no mac filtering

 

I'll check your other things that you suggested

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents