Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
10
Replies

Scanners are deauthenticating randomely

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎07-29-2013 06:15 AM - edited ‎07-04-2021 12:32 AM

Hello Everyone,

I have around 12 production machine connected ro wireless bridge and these bridge are connected to Cisco APs.

Problem:

1. these machine are disconnecting after radnodem intervel.

2. I am Not able to see DHCP lease IP address in Controller>Internal DHCP server>DHCP Allocated Lease.

Can anyone help in this.

Regards

Labels:
0 Helpful
10 Replies 10

George Stefanick
VIP Alumni
VIP Alumni

‎07-29-2013 07:38 AM

Can you post the WLAN config that these devices connect to ?

There are a number of timers you should be aware of.

Session timeout is found under the ADVANCE tab of the WLAN. This is set to 1800 seconds by default. There is also a user idle timeout that is under the CONTROLLER tab and this is set to 300 seconds.

Also make sure client load balance is disabled.

These are typical trouble makers.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to George Stefanick

‎07-30-2013 12:27 AM

Hi Geoge,

I unchecked the Enable Session Timeout , user idle timeout is 300seconds(as u said it by default).

Client Load balance is disabled.

Regards

Sandeep

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Sandeep Choudhary

‎07-30-2013 03:56 AM

Post your show WLAN

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Scott Fella

‎07-30-2013 04:25 AM

Hi Scott,

Here is the output of sh wlan 1:

(Cisco Controller) >show wlan 1

WLAN Identifier.................................. 1

Profile Name..................................... BDE

Network Name (SSID).............................. BDE

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 14

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. Infinity

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ bde

Multicast Interface.............................. Not Configured

--More or (q)uit current module or to abort

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver (best effort)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Global Servers

--More or (q)uit current module or to abort

   Accounting.................................... Global Servers

   Dynamic Interface............................. Disabled

Local EAP Authentication......................... Disabled

Security

   802.11 Authentication:........................ Open System

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Enabled

         TKIP Cipher............................. Enabled

         AES Cipher.............................. Enabled

      WPA2 (RSN IE).............................. Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

                                                               Auth Key Management

         802.1x.................................. Disabled

         PSK..................................... Enabled

         CCKM.................................... Disabled

         FT(802.11r)............................. Disabled

         FT-PSK(802.11r)......................... Disabled

FT Reassociation Timeout......................... 20

FT Over-The-Air mode............................. Enabled

--More or (q)uit current module or to abort

FT Over-The-Ds mode.............................. Enabled

CCKM tsf Tolerance............................... 1000

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   H-REAP Local Switching........................ Disabled

   H-REAP Local Authentication................... Disabled

   H-REAP Learn IP Address....................... Enabled

   Client MFP.................................... Optional

   Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

Regards

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎07-30-2013 04:36 AM

You need to use either WPA v1 with TKIP or WPA v2 with AES. Don't use both and don't mix and match. Sonic your scanners support WPA v2 with AES, make sure you set your WLAN to that only. If they don't support it, then use WPA v1 with TKIP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Scott Fella

‎07-30-2013 04:51 AM

Thanks for quick reply.

Ok I changed it to WPA1/tkip ..let me monitor it for few hours.

I will let u know the result of these

Regards

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Scott Fella

‎07-30-2013 05:05 AM

But Can you please tell me: Why I am not able to see the DHCP Allocated Lease in WLC.

Regards

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Sandeep Choudhary

‎07-30-2013 05:46 AM

Well... the clients need to be connected properly first and then also as long as the WLC is the only dhcp server, then any address that the WLC issues will show up on the dhcp lease.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎07-30-2013 02:39 PM

Hello,

As per your query i can suggest you the following solution-

An access point may not log events related to client association and deauthentication during a client roam. The reassociation event will be missing in the logs on the access point to which the client roamed and the deauthentication event will be missing in the logs on the access point from which the client roamed. The behavior may be seen for a period of several minutes.

Hope this will help you.

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Abhishek Abhishek

‎07-30-2013 10:59 PM

HI Abhishek,

All client are stationary

There is no roaming issue but all the scanner are connected to wireless bridge(WET200).

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card