Clients losing Connections yellow exclamation mark still associated

Theo Van Wyk · ‎02-04-2014

We are having intermittent issue where clients just lose connectivity, they stay associated to the access point but get a yellow exclamation mark.

I have followed the steps in these post but still the issue persists. https://supportforums.cisco.com/thread/2194495

https://supportforums.cisco.com/thread/2002533

WPA2 802.1 x authentication.

We were getting this error before I made the changes

(Cisco Controller) >*dot1xMsgTask: Jan 31 11:58:25.140: 08:11:96:80:33:e0 Key exchange done, data packets from mobile 08:11:96:80:33:e0 should be forwarded shortly

*dot1xMsgTask: Jan 31 11:58:25.140: 08:11:96:80:33:e0 Sending EAPOL-Key Message to mobile 08:11:96:80:33:e0

state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02

*dot1xMsgTask: Jan 31 11:58:25.141: 08:11:96:80:33:e0 Updated broadcast key sent to mobile 08:11:96:80:33:E0

*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-Key from mobile 08:11:96:80:33:e0

*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:80:33:e0

*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 08:11:96:80:33:e0

After I made the changes there are no errors in the debug just clients stops working with yellow exclamation mark, cannot reach default gateway.

We also recently enabled Rogue policies auto contain rogue on wire and Using our SSID.

WLC4402 7.0.235.0

We want to upgrade the WLC software but want to make sure it’s the issue.

Sandeep Choudhary · ‎02-04-2014

HI Theo,

from these logs, we can not identify the problem:

*Dot1x_NW_MsgTask_0: Jan 31 11:58:25.145: 08:11:96:80:33:e0 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 08:11:96:80:33:e0

This means Successfully received group key update.So this is not a error

Please paste more logs.

debug client

Reagrds

Theo Van Wyk · ‎02-04-2014

that is it nothing else further in the logs client just loses connection

Sandeep Choudhary · ‎02-04-2014

Hi,

No logs then we have to go by hidden and trial method

1. Are you facing this problem with only one client or with many clients ??

2. Check the WLAN > Advanced page and disable the sesiion timeout or enter a big value there(Many hours).

3. Is there enough signal level near to the client ?

4. NIC driver are up to date or not for client ?

Regards

Theo Van Wyk · ‎02-04-2014

session time out is 30 min but the issue occurs within that time frame

Only to clients in one building affected, signal level is acceptable.

just a note we are using the ap for clients and rogue at the same time.

Scott Fella · ‎02-04-2014

RLDP should not be enabled or else it can cause client connection issues. What code on the WLC and what AP's. There is an issue with v7.6 and 3600's and 3700's that clients loose layer 2 and will get an exclamation showing no internet access.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Theo Van Wyk · ‎02-04-2014

We have disabled it now will see if the issue still persists

Contoller 4400 code

7.0.235.0

Scott Fella · ‎02-04-2014

Okay... well at least its not the WLC code or AP tht is an issue. RLDP whould only be used on monitor mode access points, When used with access points that serve clients, the AP when detecting a rogue, will drop all associated clients. The AP's will do rogue detection anyways, so no need enable RLDP.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***