Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Cisco Flex 7500 controller with client disconnects

Hey All,

 

There will be alot of info in this post, hopefully all helpful, more info the better right!  If you require anymore info to help me out to not hesistate to request it.

We have been having some issues with clients connecting and disconnecting several times a day and having to manually reconnect from the icon on their taskbar. We have about 380 APs, and 200+ more to deploy that we have and are licensed for but are having some issues that we want to resolve first obviously.

 

Some locations our setup is a bit more complex than this with multiple SSIDs and vlans, but this issue is everywhere so i will keep it to our simple setup for now:

  • AP Models: AIR-LAP1042N-A-K9, AIR-CAP1602I-A-K9 (Most locations do not have a mix of both, most have 1042s)
  • Running a single SSID - WPA/WPA2 with: WPA - TKIP and WPA2 - AES on the same SSID. 
  • They talk back to a Cisco Flex 7500 Series through a tunnel (should not be any port blocking preventing communication)
  • We are running from what i understand a bad firmware version (7.6.100.0) and during our next maintenance window i am going to try and get them to change to a more stable firmware version.
  • Data Rates of 1,2,5.5,11 Mbps are disabled
  • TPCv1 coverage running
  • Automatic Power Assignment
  • I will not focus on the a/n/ac network as most of our devices are connecting to WPA due to the config they already have.

 

Ideally i would like to get rid of WPA all together but i am not 100% in control of the decisions to get the started and people here like to delay things lol.

It is hard to say if the issue is specific to a model as we have so few 1602Is, and it is just at our main office.  I have not heard many complaints but i have noticed i will now and then get a limited or no connectivity settings on my wireless icon on my PC.  I use hard-wired so i don't really notice if it is not working.

In most locations it looks like the controller is doing a decent job at selection channels to use. I did find one spot where it had on 11 APs down a long hallway, and did not use channel 6 once. I statically set that location to stagger the channels to see what kind results we had and am still waiting to hear on that as they complained the most out of all of our locations. In some cases 3 APs in a row were on channel 1 in the hallway, in alot of casses 1 was 2 times in a row as well as 11 so there was alot of overlap.

I am attaching my show sysinfo and show wlan 17 for that informtion, some of the other settings i have changed today that were previously enabled/set different are:

Disabled Cisco Aironet IE

Set channel automatic rescan from 10 mintues to 12 hours as i can image if it is changing the channels alot it can lead to disconnects.

 

Some of the main things we get in our message log are:

*dot1xMsgTask: Oct 16 15:17:36.943: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:508 Max EAPOL-key M5 retransmissions exceeded for client 84:85:06:0b:a6:33 

    - Not sure why we get this as we have a PSK and do not have local eap enabled.....

*apfMsConnTask_6: Oct 16 15:19:01.753: #APF-3-AID_UPDATE_FAILED: apf_80211.c:6570 Error updating Association ID for REAP AP Clientc8:f9:f9:2b:fd:50 - AID 4
*apfMsConnTask_6: Oct 16 15:19:01.753: #LWAPP-3-INVALID_AID2: spam_api.c:1462 Association identifier 4 for client 18:9e:fc:4d:9e:87 is already in use by 8c:2d:aa:b7:70:5e

    - There is a bug for this log, but according to the bug our 7.6.100.0 is not effected

 

Here is my show sysinfo:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.100.0
RTOS Version..................................... 7.6.100.0
Bootloader Version............................... 7.6.101.2
Emergency Image Version.......................... 7.6.101.2

Build Type....................................... DATA + WPS

System Name...................................... Cisco_cf:17:26
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1295
Redundancy Mode.................................. Disabled
IP Address....................................... 10.156.50.100
System Up Time................................... 52 days 5 hrs 54 mins 25 secs
System Timezone Location......................... (GMT -4:00) Altantic Time (Canada)
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... CA  - Canada

--More-- or (q)uit
Operating Environment............................ Commercial (10 to 35 C)
Internal Temp Alarm Limits....................... 10 to 38 C
Internal Temperature............................. +22 C
Fan Status....................................... OK
RAID Volume Status............................... OK

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 13
Number of Active Clients......................... 1584

Burned-in MAC Address............................ 70:81:05:CF:17:20
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 600

 

Here is my Show wlan 17

WLAN Identifier.................................. 17
Profile Name..................................... AirCCRSB
Network Name (SSID).............................. AirCCRSB
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
    Radius Profiling ............................ Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
    Local Profiling ............................. Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1768
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 28800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... Cisco_cf:17:26
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Global Servers
   Accounting.................................... Global Servers
      Interim Update............................. Disabled
      Framed IPv6 Acct AVP ...................... Prefix
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Enabled
         TKIP Cipher............................. Enabled
         AES Cipher.............................. Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Enabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   flexconnect PPPoE pass-through................ Disabled
   flexconnect local-switching IP-source-guar.... Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
   Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority  Policy Name
--------  ---------------

 

 

5 REPLIES
VIP Purple

As you already identified

As you already identified moving onto 7.6MR3 is the first thing I would try without do any other modification. 

if problem persist will see then.(not that worth spending time on troubleshooting with this code)

HTH

Rasika

*** Pls rate all useful responses ****

New Member

Hey Manannalage,Thanks for

Hey Manannalage,

Thanks for the response, and verifying what i had suspected already.  So for what i am reading the 7.6MR3 is for 802.11AC deployments and maybe some new features that our organization are probably not using, but the 7.4.121.0 release is a more stringently tested release (azure wave). 

Would we be better off to move to 7.4.121.0 as all of our APs are compatible with this release, or are we really just splitting hairs and risking complications on a downgrade. I did read that downgrading can cause configuration loss in some cases, so are we risking anything here or is it a pretty safe proccess?

VIP Purple

As long as you take the

As long as you take the configuration backup downgrading from 7.6.100.0 to 7.4.121.0 should be fine. Because this is Flexconnect deployment, make sure you review the release notes thoroughly as config like vlan mapping is impacted it is painful to reconfigure.

I still think moving to 7.6MR3 & once 8.x get stable going for that code is a good plan. Though 7.4.121.0 is assure wave it does not mean it has no bugs.(remember that prior to this 7.4.110.0 was assure wave & it deferred in quick time) . I would say 8.x going to be the code staying for long time period, so ultimately you have to be there.

In 8.x there are few FlexConnect improvements,one being AP won't reload when you change from local mode to FlexConnect.

 

HTH

Rasika

**** Pls rate all useful responses ***

New Member

Thanks again for the help, we

Thanks again for the help, we will use this to make our decision, test the disconnect issue after we get the controller upgraded, and report back on the results.  Unfortunately i am not in charge of the upgrade... and the ones who are can at times take long time to get things done :'(

Thanks for the feedback.

New Member

What was the outcome?

What was the outcome?

257
Views
10
Helpful
5
Replies
CreatePlease to create content