Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

default gateway arp lookup failed

Hi there

On a 5500 series WLC I see I have an issue where peap clients get randomly disconnected with these errors

MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 24:77:03:35:79:34

AAA-6-ARP_LOOKUP_FAIL: radius_db.c:3232 Default gateway arp lookup failed.

aaaQueueReader: Aug 31 19:12:14.938: %AAA-4-RADIUSMSG_SEND_FAILED: radius_db.c:3567 Unable to send RADIUS message to

Any ideas?

Thanks

Naresh

Sent from Cisco Technical Support iPhone App

7 REPLIES
Hall of Fame Super Silver

Re: default gateway arp lookup failed

How is your WLAN configured?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: default gateway arp lookup failed

WLC is connected to a 4507 switch and so are APs. Radius is on the MS Active directory server. Wireless clients get authenticated by the AD domain.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: default gateway arp lookup failed

I mean how is it configured on the wlc. Issue a show WLAN (If I remember)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: default gateway arp lookup failed

(Cisco Controller) >show wlan 1

WLAN Identifier.................................. 1

Profile Name..................................... SSID1

Network Name (SSID).............................. SSID1

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Enabled

Network Admission Control

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 0

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ i_wifi

Multicast Interface.............................. Not Configured

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Enabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver (best effort)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Drop

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ 1.1.1.1 1812

   Authentication................................ 1.2.1.1 1812

   Accounting.................................... 1.1.1.1 1813

   Accounting.................................... 1.2.1.1 1813

   Dynamic Interface............................. Enabled

Local EAP Authentication......................... Disabled

Security

   802.11 Authentication:........................ Open System

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Disabled

      WPA2 (RSN IE).............................. Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

      Auth Key Management

         802.1x.................................. Enabled

         PSK..................................... Disabled

         CCKM.................................... Enabled

         FT(802.11r)............................. Disabled

         FT-PSK(802.11r)......................... Disabled

FT Reassociation Timeout......................... 20

FT Over-The-Air mode............................. Enabled

FT Over-The-Ds mode.............................. Enabled

CCKM tsf Tolerance............................... 1000

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   H-REAP Local Switching........................ Disabled

   H-REAP Local Authentication................... Disabled

   H-REAP Learn IP Address....................... Enabled

   Client MFP.................................... Optional

   Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

Hall of Fame Super Silver

Re: default gateway arp lookup failed

Remove the AAA override just for testing. And also just set the the authentication to 802.1x. Test and let us know the results.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: default gateway arp lookup failed

Will try, thanks Scott. I'll know when users are back on Tuesday.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: default gateway arp lookup failed

Sounds good. AAA override should only be used if you are sending back radius attributes to the wlc. This would be configured on the radius server. If your devices don't all support cckm, then I would not configure that also. Even though that feature is suppose to be backwards compatible with non cckm devices, I have seen issues with clients not being able to associate.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
991
Views
0
Helpful
7
Replies