cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1452
Views
0
Helpful
2
Replies

Wifi clients get disconnected in WLC - LAP solution

miloskv
Level 1
Level 1

Hello all,

I would like to know what are all possible reasons for wireless clients to get disconnected from LAP (to WLC) solution. We have WAN (MPLS) between LAP and WLC and on the remote site (where we only have LAP, since WLC is in central site) we have clients disconnecting

This is the error that we see in the traplog:

Decrypt errors occurred for client XX:XX:XX:XX:XX:XX:XX using WPA key on 802.11b/g interface of AP XX:XX:XX:XX:XX:XX:XX

Can anyone tell me what can be wrong? Can packet loss cause this? Packet loss of which packets? Data packets or some other packets? Or can network delay produce this? I know we have fragmentation and maybe it can be that fragments are failing somewhere. But I would like to know what should happen in order for this message to be displayed and client to be disconnected

Thanks

Milos

2 Replies 2

didyap
Level 6
Level 6

This mostly occurs due to incompatibilty on the client side. Try these steps in order to fix this issue:

Check if the client is Wi-Fi certified for WPA2 and check the configuration of the client for WPA2.

Check the data sheet in order to see if the client Utility supports WPA2. Install any patch released by the vendor to support WPA2. If you use Windows Utility, make sure that you have installed the WPA2 patch from Microsoft in order to support WPA2.

Upgrade the client's Driver and Firmware.

Turn off Aironet extensions on the WLAN.

Hello,

I find out the answer couple of days ago. I totally forgot about this post :)).

Finally, problem was in fragmented packets that were lost in defragmentation in the devices in the middle (between Cisco WLC and LAPs)

I found out very annoying fact that Cisco WLC is not supporting ICMP redirect messages. In my scenario, some switch was returning ICMP redirect to every client on network where WLC resides. But since WLC doesn't support ICMP redirects, it keep sending fragments to this switch and eventually we had a lot of duplicated fragments going through our firewalls.

Those duplicated fragments were eventually start dropping and after this, we started having a lot of errors such this one, and also errors in log showing reply attacks and clients unable to authenticate.

As soon as the network was redesign to aviod ICMP redirects to ever happen (moved other firewalls on separate LANs so only switch was the only gateway for WLC), this problem stopped

Thanks

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: