×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

wlc error

Unanswered Question
Mar 4th, 2014
User Badges:

Hi,


We are getting following error when doing debug cleint <mac address> in wlc



*Dot1x_NW_MsgTask_3: Feb 26 17:40:48.750: c0:cb:38:97:df:db dot1x - moving mobile c0:cb:38:97:df:db into Connecting state

*Dot1x_NW_MsgTask_3: Feb 26 17:40:48.750: c0:cb:38:97:df:db Sending EAP-Request/Identity to mobile c0:cb:38:97:df:db (EAP Id 2)

*osapiBsnTimer: Feb 26 17:41:18.658: c0:cb:38:97:df:db 802.1x 'txWhen' Timer expired for station c0:cb:38:97:df:db and for message = M0

*dot1xMsgTask: Feb 26 17:41:18.658: c0:cb:38:97:df:db dot1x - moving mobile c0:cb:38:97:df:db into Connecting state

*dot1xMsgTask: Feb 26 17:41:18.658: c0:cb:38:97:df:db Sending EAP-Request/Identity to mobile c0:cb:38:97:df:db (EAP Id 3)

*dot1xMsgTask: Feb 26 17:41:27.058: c0:cb:38:97:df:db Failure sending WPA EAPOL-Key due to invalid state 0 to mobile c0:cb:38:97:df:db

*dot1xMsgTask: Feb 26 17:41:27.058: c0:cb:38:97:df:db Unable to send WPA key to mobile c0:cb:38:97:df:db




Machine is Windows 7, but strange is if the user tried after 2-3 min, It is working fine.

WLC version: 7.4.121.0 & Hw-Model 5508


We are using 802.1x & WPA2 encryption AES & TKIP.


Pls note: we are facing this error/problem in corporate SSID, guest SSID without WPA/TKIP is working fine


Br..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Stephen Rodriguez Tue, 03/04/2014 - 05:45
User Badges:
  • Purple, 4500 points or more

If you are doing WPA2, your encryption shoudl only be AES. 


Try going into the WLAN and disabline TKIP as an encryption method.



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Sandeep Choudhary Wed, 03/05/2014 - 04:14
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi subho,


check your advanced eap timers on the WLC.  Run "show advanced eap" from the CLI.  It feels like you need to increase your EAP Request Identity timeout.


Try this:


Config wps client-exclusion all disable

Config advanced eap identity-request-timeout 30

Config advanced eap identity-request-retries 10

Config advanced eap request-timeout 30

Config advanced eap request-retries 10

config 802.11b disable network

config 802.11b preamble long

config 802.11b enable network



Regards

Dont forget to rate helpful posts.

subhojithalder198 Wed, 03/05/2014 - 04:26
User Badges:

Hi,


I have already teied this, but not working

I saw the same in your earlier post


Br/Subhojit

Scott Fella Wed, 03/05/2014 - 05:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Post your show wlan


Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

subhojithalder198 Thu, 03/06/2014 - 06:38
User Badges:

Hi,


pls find the capture as attached


pls suggest further


WLAN Identifier.................................. 1
Profile Name..................................... wifi-dc-data
Network Name (SSID).............................. wifi-dc-data
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
  Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 43200 seconds
User Idle Timeout................................ 300 seconds


User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... ****** Hostname***
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi-data
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0

--More-- or (q)uit
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ **** IP ***
   Authentication................................ **** IP ***
   Authentication................................ **** IP ***
   Accounting.................................... **** IP ***
   Accounting.................................... **** IP ***


   Accounting.................................... **** IP ***
      Interim Update............................. Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled


         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Disabled


   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled

Mobility Anchor List
WLAN ID     IP Address            Status
-------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Scott Fella Tue, 03/04/2014 - 05:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Steve is right on the money!!!

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics - Security & Network