cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4718
Views
0
Helpful
14
Replies

Flex Connect problems

IT Services
Level 1
Level 1

Good Afternoon,

I was hoping someone might be able to shed some light on an issue we are having. When we have our WLAN set to Central Authentication the clients stay connected with much longer UP times than when we have it set to Local AUTH. Our authentication server is the same for both modes. We receieve the following error right before the client reassociates:

apfReceiveTask: Dec 23 16:30:39.330: #LWAPP-3-INVALID_AID2: spam_api.c:1357 Association identifier 3 for client 00:db:df:19:91:46 is already in use by 00:db:df:19:91:46

Also another issue, which might be client related. When we connect to the AP's with Local Auth the client reports incomplete infromation:

Security Information

  • Encryption Cipher: NONE
  • EAP TYPE: 0

Quality Of Service Properties:

  • WMM State: Disabled

Does this essentially mean they are no working in Local Auth Mode? It is important to know if the clients connected to Flex AP's are using WMM.

Thoughts?

14 Replies 14

Sahil Mengi
Cisco Employee
Cisco Employee

Hi,

Does the client disconnect while stationary or during roaming?

What is the code running on this wlc?

Please share,

config paging disable

show wlan

If you can share this debug while capturing atleast one or two drop events.

debug client

debug dot11 management enable

Thanks,

Sahil

Sahil Mengi wrote:

Hi,

Does the client disconnect while stationary or during roaming?

What is the code running on this wlc?

Please share,

config paging disable

show wlan

If you can share this debug while capturing atleast one or two drop events.

debug client

debug dot11 management enable

Thanks,

Sahil

The client is stationary not roaming.

The controller is on 7.4.110.0

I will try to get you this information as soon as possible. Thanks for the response.

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

use latest 7.4 code, if not already. AID leak bugs were fixed on it.

regards to client detail, did you check, if client was on run state.

even with central switching and centrsl auth, sometimes i have seen eap type 0 for peap when client is on run state, however other fields were update.

I am on the 7.4.110 code. I see that they just released 7.4.121.0 but i dont think we'll jump on that right away.

The cleints are in RUN state but it still is strange that they always show WMM state Disabled. Do you think WMM is still running\working and it is just a cosmetic issue?

The client might not support WMM, which there are clients that do (Cisco phones) and clients that don't support WMM.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella wrote:

The client might not support WMM, which there are clients that do (Cisco phones) and clients that don't support WMM.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

@Scott,

Thanks for the response, however the strange this I know both clients i have been reviewing are both WMM capable. I am testing with an intel based CCXv4 certified WLAn client and a Spectralink 8440 VoWLAN phone. When I have the WLAN set for local AUTH\Local switch i dont see the EAP params and they show WMM disabled.  When i switch said WLAN to Central Auth\Local switch i see the EAP params and they show the WMM enabled and U-APSD shows active.

There is information from the client that doesn't get passed to the WLC since the mode is local switching. So when you are centrally switching and then locally switching, you will see various difference when looking at the client.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

This has nothing to do with Central Switching but rather Authentication. Did you mean Central V Local Auth?

I see this information when it uses Central Auth, is that because all the AUTH requests are going to the controller passing this information?

I just need to know that WMM is actually working in Flex Connect mode or if it is a bug i suppose.

I am probably going to ping Cisco's ears on this i was just hoping someone in the forum would have experienced this and had ruled out that its a problem

Unfortunately i dont have any air magnent or AIR PCAP cards to see if the phone or client is acutally using WMM.

Scott Fella
Hall of Fame
Hall of Fame

You have two Cisco engineers who have posted here. You either wait for them to respond or you call TAC. I don't think you will see wmm info when locally switching.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

You do see WMM information when using local switching just not local Auth. I will try to get some more information for the engineers on this post.

Thanks again.

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

#Check the trying client is wmm capable or not. If capable check the respective client doc to enable the same.

#once wmm enabled on the client or it is enabled by default for the given manufacturer, connect the client on centrally switched wlan, verify wmm status - If it showing wmm enabled then try connecting to the wlan in question and verify.

#There is an negative test to verify, if client is wmm or not. On centrally switched wlan set wmm to required, the non wmm client will not connect to it.

#When local switching is enabled, WLC doesn't snoop the client info, however AP can forward the client info to WLC, there is no doc that says what client info will get forwarded other than its IP via enabling learn client ip.

Saravanan,

Good idea for testing to verify that WMM is functioning as expected in Local Auth mode. I will enable WMM required on the WLAN and see if that allows the device to still connect.

As far as the Local Auth\Central Auth client UPTIME problem. I will to get valid logs. I know right now that a single client connecting to same Auth Servers via Central and Local Auth show different UPTIMES and this is proven to be the case for our other environments. I see hours or more of client uptime when using Central Auth and see much smaller uptimes with Local AUTH in use. I dont know if it is causing a client issue but just seems to be strange and causes some confusion when troubleshooting wireless issues.

Making a come back on this, here is what i have.

CSCul57266 Show client detail on WLC is inaccurate compared to the Flexconnect AP

Note# Specific case: Local Auth is enabled.

Workaround: Check "show capwap reap association" reflecting true stats.

Now for the stated/suspected client drops/reassociations, we would need logs.

This should validate if it truly is a drop issue, or just the incorrect stats displayed for those.

HTH

Sahil

Sahil Mengi wrote:

Making a come back on this, here is what i have.

CSCul57266 Show client detail on WLC is inaccurate compared to the Flexconnect AP

Note# Specific case: Local Auth is enabled.

Workaround: Check "show capwap reap association" reflecting true stats.

Now for the stated/suspected client drops/reassociations, we would need logs.

This should validate if it truly is a drop issue, or just the incorrect stats displayed for those.

HTH

Sahil

I checked the CAPWAP reap association on the AP and the clients infact appear to be dropping only when using Local Authentication in FLEX mode.

what debug logs should i run to provide the information you need?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: