05-14-2012 10:28 AM - edited 07-03-2021 10:09 PM
I know from my logs that a client could join APs on my wireless network until Mar 25 16:06:55 :
wlan-controller.log.49.gz:Mar 25 16:06:55 wlan-controller-14-3 impa-wireless3: *Mar 25 16:06:53.839: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 14:74:11:59:83:8e
from Mar 25 16:06:55 client could not join wireless network. There are no error messages.
... But I have created a new TESTE WLAN with the same configuration the old one and client joins.
I don't know why.
Thanks
Rosa
controlers : AIR-WLC2112-K9 (6.0.199.4) and AIR-WLC2106-K9 (6.0.188.0)
APs : AIR-LAP1131AG-A-K9 (12.4(21a)JA2)
05-14-2012 03:32 PM
Have you tried OPEN authentication?
Maybe the certificate has expired?
05-14-2012 05:16 PM
Thanks for your answer.
Are you talking about authenticantion without password ? (Layer 2 Security = NONE)
How can I get a new certificate ?
Rosa
05-14-2012 06:00 PM
Are you talking about authenticantion without password ? (Layer 2 Security = NONE)
I mean no username/password required to join the SSID.
How can I get a new certificate ?
Depends on how you authenticate users to the SSID. The easiest method is troubleshoot wireless issues is to see if users can/can't join the SSID with no username/password required. If they can then you start piling encryption and security until you break stuff.
If client CAN'T join the SSID even without any username/password required then you know where the problem is.
05-15-2012 06:50 AM
Only one client can't join APs.
All other clients still join the same SSID.
When I said :
I have created a new TESTE WLAN with the same configuration the old one and client joins.
I wanted to say that the specific client which could not join wireless network joined the new TESTE WLAN.
Rosa
05-14-2012 10:47 PM
Rose:
What is the seucrity that is being used by clients? what EAP method is being used? (PEAP, EAP-TLS...etc)?
When a client tries to connect try to issue "show client detail
Is the problem happening with one client only? or with all clients?
If all clients then try doing debug "debug client
Amjad
05-15-2012 06:50 AM
Only one client can't join APs.
All other clients still join the same SSID.
When I said :
I have created a new TESTE WLAN with the same configuration the old one and client joins.
I wanted to say that the specific client which could not join wireless network joined the new TESTE WLAN.
Rosa
05-14-2012 11:35 PM
Excuse me All !
The message mentioned above is reporting an issue in the WPA 4-way handshake so the client should have successfully passed EAP authentication.
Try to increase the EAPOL timers on the controller side and see how it goes.
In the meantime it worths to have debug client output while not being able to connect
05-14-2012 11:43 PM
You are right.
Message 1 in 4-way handshake is being retried with no hope until retries timer expires.
It still can be a client issue not responding at all to 4-way handshek messages.
Rosa: in order to increase EAPOL timer Mr. maldehne talked about you can do that from CLI:
config advanced eap eapol-key-timeout
value should be between 200 and 5000 milliseconds (0.2 - 5 seconds).
AFAIK the default is 1000 milliseconds (1 second). Try increaseing that to maximum (5000) and see if that works.
Thanks maldehne for your point.
Amjad
05-15-2012 12:12 AM
Any time dude
05-15-2012 06:50 AM
Only one client can't join APs.
All other clients still join the same SSID.
When I said :
I have created a new TESTE WLAN with the same configuration the old one and client joins.
I wanted to say that the specific client which could not join wireless network joined the new TESTE WLAN.
Rosa
05-16-2012 12:09 AM
If it is one client with the problem it could probably be a problem with the client itself.
Try delete config on clietn and configure it again. Try also upgrading wireless adapter's driver to latest on the client.
If the above did not work and still no log messagesa appear I think we need to collect some wireless sniffer capture while the client is trying to connect in order to know what is going on.
If same problem that is indicated by the old log message you provided then the problem is high probably related to the client itself and no tto the AP and you need to concentrate on solving the client's problem.
Amjad
05-16-2012 04:40 AM
Amjad, I am concerned it is a very specific problem because, as I told you, when I have created a new TESTE WLAN with the same configuration the old one has, this client joins wireless network (same controller and APs and same client configuration).
Any sugestion.
Regards,
Rosa
05-16-2012 05:20 AM
Rosa,
have you done "debug client [MAC ADD] on the WLC? Can i see the output?
05-16-2012 07:25 AM
David,
no did not.
I will call client to debug togheter, then I will send you the log.
Thanks,
Rosa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide