We recently deployed a new WLAN (1242G APs and a 4402 controller) after performing a site survey in a somewhat challenging environment (a large theatre venue with surrounding offices on several different floors). The site survey and AP placement/network design was done by a CCNA contractor, and all appeared to be working well at the time.
We are now having issues with laptop clients and barcode scanner clients disassociating from the network at intermittant times. This appears to be happening on many of the 22 APs in different areas and floors of the buildings, if not most. We are spread out between 5 different floors.
These are the errors I'm seeing intermittantly (though pretty steadily) in the controller log:
15:23:49.701 1x_ptsm.c:404 DOT1X-3-MAX_EAPOL_KEY_RETRANS: Max EAPOL-key M1 retransmissions exceeded for client
Jan 05 11:35:06.159 dtl_net.c:1343 DTL-1-ARP_POISON_DETECTED: STA [00:23:xx:xx:xx:xx, 0.0.0.0] ARP (op 1) received with invalid SPA 172.x.x.x/TPA 172.x.x.x
Jan 12 11:20:44.492 spam_lrad.c:21988 LWAPP-4-SIG_INFO1: Signature information; AP 00:24:xx:xx:xx:xx, alarm ON, standard sig Auth flood, track per-Macprecedence 5, hits 30, slot 0, channel 6, most offending MAC 00:12:xx:xx:xx
I've seen the error code explanation in the Cisco docs for the ARP_POISON error. For security reasons, we need to require DHCP. It does appear that clients eventually do re-DHCP after a delay. So like the documentation notes, perhaps we can ignore this particular error. In that case, I'm guessing this error is more of a symptom (ie, it happens after and because of a client disconnection), and we need to find the root cause of why clients are disconnecting.
As far as the MAX_EAPOL_KEY_RETRANS error - what would cause a client not respond to an EAPOL-key message?
I'm thinking about purchasing the Cisco Spectrum Expert equipment, as I'm concerned interference may be a possible cause. So my questions would be:
1) Could something like this be caused by interference, or should we look elsewhere?
2) What is the learning curve in general for Cisco Spectrum Expert, for a Systems Admin with basic wireless knowledge?
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...