Wifi clients get disconnected in WLC - LAP solution

Unanswered Question
Oct 2nd, 2008

Hello all,

I would like to know what are all possible reasons for wireless clients to get disconnected from LAP (to WLC) solution. We have WAN (MPLS) between LAP and WLC and on the remote site (where we only have LAP, since WLC is in central site) we have clients disconnecting

This is the error that we see in the traplog:

Decrypt errors occurred for client XX:XX:XX:XX:XX:XX:XX using WPA key on 802.11b/g interface of AP XX:XX:XX:XX:XX:XX:XX

Can anyone tell me what can be wrong? Can packet loss cause this? Packet loss of which packets? Data packets or some other packets? Or can network delay produce this? I know we have fragmentation and maybe it can be that fragments are failing somewhere. But I would like to know what should happen in order for this message to be displayed and client to be disconnected

Thanks

Milos

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Wed, 10/08/2008 - 06:31

This mostly occurs due to incompatibilty on the client side. Try these steps in order to fix this issue:

Check if the client is Wi-Fi certified for WPA2 and check the configuration of the client for WPA2.

Check the data sheet in order to see if the client Utility supports WPA2. Install any patch released by the vendor to support WPA2. If you use Windows Utility, make sure that you have installed the WPA2 patch from Microsoft in order to support WPA2.

Upgrade the client's Driver and Firmware.

Turn off Aironet extensions on the WLAN.

miloskv Wed, 10/08/2008 - 06:39

Hello,

I find out the answer couple of days ago. I totally forgot about this post :)).

Finally, problem was in fragmented packets that were lost in defragmentation in the devices in the middle (between Cisco WLC and LAPs)

I found out very annoying fact that Cisco WLC is not supporting ICMP redirect messages. In my scenario, some switch was returning ICMP redirect to every client on network where WLC resides. But since WLC doesn't support ICMP redirects, it keep sending fragments to this switch and eventually we had a lot of duplicated fragments going through our firewalls.

Those duplicated fragments were eventually start dropping and after this, we started having a lot of errors such this one, and also errors in log showing reply attacks and clients unable to authenticate.

As soon as the network was redesign to aviod ICMP redirects to ever happen (moved other firewalls on separate LANs so only switch was the only gateway for WLC), this problem stopped

Thanks

Milos

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode