Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I have an problem with connection from Wireless Scanner and 5508

I have changed a location from autonomous wireless access point to capwap access point (Air-AP1242AG)

After this change the scanner frequently lose the connection to the wireless network.   

On the 5508 Controller I have installed the Software release 7.4.110.0

 

On the controller log I found following information.

*Dot1x_NW_MsgTask_3: Aug 22 11:38:49.532: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 11:38:28.145: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 11:14:33.030: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 11:13:59.134: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 11:13:49.851: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 10:51:40.806: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:31:08.510: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_3: Aug 22 10:25:33.809: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e8:7b - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:14:30.729: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:13:39.240: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:13:30.108: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_7: Aug 22 10:13:26.227: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:ef - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:13:20.205: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

*Dot1x_NW_MsgTask_6: Aug 22 10:13:10.638: #DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:360 Invalid replay counter from client e0:2a:82:6b:e5:0e - got 00 00 00 00 00 00 00 01, expected 00 00 00 00 00 00 00 00

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hello, could you solve your

Hello, could you solve your problem? If yes, could you please share your knowledge, because I have similar problems. Thanks in advance.

14 REPLIES
Hall of Fame Super Silver

Re: I have an problem with connection from Wireless Scanner and

Post your show WLAN and your show advanced 802.11b txpower

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: I have an problem with connection from Wireless Scanner and


(Cisco Controller) >show wlan 22


WLAN Identifier.................................. 22
Profile Name..................................... xxxx

Network Name (SSID).............................. xxxx
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
  Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 3
Exclusionlist Timeout............................ 36000 seconds
Session Timeout.................................. 36000 seconds
User Idle Timeout................................ 36000 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... xxxx
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ inlabel
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Enabled
Load Balancing................................... Client-Count Based
Multicast Buffer................................. Disabled

Mobility Anchor List
WLAN ID     IP Address            Status
-------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

(Cisco Controller) >show advanced 802.11b txpower

Leader Automatic Transmit Power Assignment
  Transmit Power Assignment Mode................. AUTO
  Transmit Power Update Interval................. 600 seconds
  Transmit Power Threshold....................... -70 dBm
  Transmit Power Neighbor Count.................. 3 APs
  Min Transmit Power............................. -10 dBm
  Max Transmit Power............................. 30 dBm
  Transmit Power Update Contribution............. SNI..
  Transmit Power Assignment Leader............... xxxx
  Last Run....................................... 388 seconds ago
  TPC Mode....................................... Version 1
  TPCv2 Target RSSI.............................. -67 dBm
  TPCv2 VoWLAN Guide RSSI........................ -67.0 dBm
  TPCv2 SOP...................................... -85.0 dBm
  TPCv2 Default Client Ant Gain..................   0.0 dBi
  TPCv2 Path Loss Decay Factor...................   3.6
  TPCv2 Search Intensity......................... 10 Iterations

AP Name                          Channel    TxPower       Allowed Power Levels

--More-- or (q)uit
-------------------------------- ---------- ------------- ------------------------
TLGDE0906AN901                   *11         1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN902                   *1          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN904                   *1          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN900                   *6          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN903                   *6          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]

Hall of Fame Super Silver

I have an problem with connection from Wireless Scanner and 5508

Here are my suggestions:

Exclusion Timeout can be left a default at 60 seconds or else disable it.  Idle timeout has to less than the session timeout.  I would disable session timeout and set the idle timeout to either default at 300 seconds or maybe 7200 seconds.  The scanners also should have power save disabled!!!!

Exclusionlist Timeout............................ 36000 seconds

Session Timeout.................................. 36000 seconds

User Idle Timeout................................ 36000 seconds

Do you need to force the scanners to 5ghz.... I wouldn't use this with scanners, but you will just have to make changes to the above and see if this needs to be changed.  Load Balancing should be disabled!!!!!!!!!!!!!!!!!!!

Band Select...................................... Enabled

Load Balancing................................... Client-Count Based

From what I see here, you don't have a dense deployment as RRM is putting the power to max, power level 1 50 mW.  This is okay, but just make changes to the WLAN and see if that helps.

AP Name                          Channel    TxPower       Allowed Power Levels

--More-- or (q)uit
-------------------------------- ---------- ------------- ------------------------
TLGDE0906AN901                   *11         1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN902                   *1          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN904                   *1          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN900                   *6          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]
TLGDE0906AN903                   *6          1/7 (17 dBm) [17/14/11/8/5/2/-1/0]

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: I have an problem with connection from Wireless Scanner and

The problem is not remedied. Still have the same error messages on the controller.

I have changed the settings. In the attachment you will find the same query and you can see what I have changed

Hall of Fame Super Silver

Re: I have an problem with connection from Wireless Scanner and

How many SSID's do you have?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: I have an problem with connection from Wireless Scanner and

At time I have one SSID on this controller. In future there are up to 45 - 50 SSID (one per location) on the controller.

New Member

Re: I have an problem with connection from Wireless Scanner and

Hi Dieter,

I've seen this problem on atheros client devices.

The following commands fixed at least this problem:

config advanced eap eapol-key-timeout 5

config advanced eap eapol-key-retries 4

It would be great, if you could provide the corresponding "debug client" output, for example:

debug client e0:2a:82:6b:e8:7b

Furthermore, i've seen client disconnects (therefore client has to associate after a reassociate event) after a roaming attempt. Are you also affected by this behaviour?

Best Regards

Ulf

New Member

Re: I have an problem with connection from Wireless Scanner and

Hi,

the time from 5 is not allowed, you mean 500 or 5000 and the same for 4

(Cisco Controller) >config advanced eap eapol-key-timeout 5

Invalid parameter provided.

(Cisco Controller) >config advanced eap eapol-key-timeout ?

Enter the number of milliseconds between 200 and 5000

New Member

Re: I have an problem with connection from Wireless Scanner and

yep 5000ms timeout, 4 retries

Should have checked the running configs

New Member

Re: I have an problem with connection from Wireless Scanner and

Hi ulf-theobald,

sorry your proposal with the advanced eap has not solved the problem.

EAPOL-Key Timeout (milliseconds)................. 5000

EAPOL-Key Max Retries............................ 4

New Member

Re: I have an problem with connection from Wireless Scanner and

Can you provide some more informations about the used client?

Especially the used wifi cards and drivers?

Client debug logs may also help to drill down the issue...

New Member

Re: I have an problem with connection from Wireless Scanner and

Hi ulf-theobald,

we have Denso Scanner BHT-760 with MS CE 5.00 Software version 2.05 (My Colleg in the location will upgrade the software to 2.07a in the next days). WLAN Adapter is AR6000.

New Member

Hello, could you solve your

Hello, could you solve your problem? If yes, could you please share your knowledge, because I have similar problems. Thanks in advance.

New Member

Hi josgrosse,we have fixt

Hi josgrosse,
we have fixt this issue with the new software version 2.07a on the Denso BHT-760 Scanner.

1049
Views
0
Helpful
14
Replies