WLC 4402/1242 client connection problem

Unanswered Question
Oct 19th, 2007
User Badges:

Hi guys,


I need some help with an issue i'm having in a production environment. This wireless network consists of about 25 1242AG ap's, with a 4402 WLC . Currently there is anywhere from 10-40 clients on the wireless network. There is an ssid for mobile equipment (tow motors), the security on this ssid is security: WAP+WPA2, static 104 WEP Key, WPA Parameters: WPA encryption-tkip, WPA2 encryption-aes, psk format-ascii.


The problem we are having is these mobile clients are currently loosing their connection in very sporadic areas of the building, and its been hard to re-produce this and figure out the cause. I'm trying to go over the logs and see what could be the cause of these clients not keeping their connection (roaming, authentication, coverage problems?) but could use some guidance. Below are a few errors I picked out off the controllers logs.


Any guidance would be greatly

appreciated:



Decrypt errors occurred for client *.*.*.* using WPA key on 802.11b/g interface of AP *.*.*.*


Coverage Hole Detected for AP b02wst517 whose Base Radio MAC is *.*.*.*. Number of Failing Clients 1


Client Excluded: MACAddress:*.*.*.* Base Radio MAC :*.*.*.* Slot: 0 Reason:802.1x Authentication failed 3 times. ReasonCode: 3


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srahn Fri, 10/19/2007 - 19:44
User Badges:

Luke, what model client devices are you using? The decrypt error is indicative of a "caveat" you run into with some Intel cards such as the 3945ABG. I'm imagining the clients connect fine, stay connected for a while, then drop connectivity whent he decrypt issue happens, and can reconnect fine after the fact quickly by disabling then re-enabling the client card. You can try capturing the following debug's for a single client, but it's obviously difficult to do as the issue is so sporatic. I'll update this post once more info is received from intel...


debug client debug dhcp message enable debug aaa all enable debug dot1x aaa enable debug mobility handoff enable

john.preves Sat, 10/20/2007 - 00:07
User Badges:
  • Silver, 250 points or more

First I'd start from the beginning and take a device that you know works (your laptop?) and do some testing.


I would build another test ssid with just plain wep or no security and roam the area with your working device. be sure you are using either the client software (Intel) or Windows (Wireless Zero Config.)but NOT both at the same time. One of these must be off, your choice. This will cause frequent drops and re-authentications because the two fight each other for control.


If you still have connectivity issues then most likely the environment needs work. If everybody has problems in the same areas, that's a good clue.


If everything works, then you should look at the card and its ability to maintain a connection using your flavor of security as was posted earlier.


You should eliminate the environment first though...


b

lukebrennan Sat, 10/20/2007 - 05:55
User Badges:

Thank you for your response guys.


We do use Intel 3945ABG cards, but only in office laptops, i'm not sure what these mobile devices have installed, I will check this.


I will have to do the testing you recommended, the only problem is when someone puts in a complaint that they got disconnected in a certain area, we go down and test again with them and the connection stays up fine.


-Luke

lukebrennan Sat, 10/20/2007 - 06:26
User Badges:

I wanted to post some more errors in the message log from the 4402, there are a bunch of these errors, just from today:


Oct 20 16:21:58.329 1x_eapkey.c:347 DOT1X-1-VALIDATE_REPLAY_CTR_FAILED: Couldnt Validate the replay counter in packet. EAPOL Key message with invalid replay counter from mobile.Got:00 00 00 00 00 00 00 01.Expected:0000 00 00 00 00 0002.Mobile:*.*.*.*:


Oct 20 16:17:37.720 1x_ptsm.c:404 DOT1X-1-MAX_EAPOL_KEY_RETRANS_FOR_MOBILE: MAX EAPOL-Key M1 retransmissions reached for mobile00:*.*.*.*



Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode