Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LAP drops client connections

Hello! we have WLC 5508 (6.0.188.0) and some converted APs   AIR-AP1141N-E-K9. Everything works fine except one moment:

1 of this converted APs is located beyond the office building, but it is still connected to our local network as if it was located within the office (there is a fiber channel between our cisco core switch and a switch, to which that 1 LAP is connected)

The trouble is that users can't have the normal wi-fi on that beyond LAP. I see few successful pings to the "associated" client then drops, again a little success, than long drops.

Logs from the WLC:

Feb 15 10:04:53 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:17.702: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:04:57 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:11:22.104: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:36:14 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:42:38.859: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:354 Invalid replay counter from client xx:xx:xx:xx:xx:xx - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01

Feb 15 10:37:07 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:32.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:12 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:37.061: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:16 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:40.888: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx

Feb 15 10:37:21 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:45.661: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

Feb 15 10:37:23 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:47.540: %DOT1X-1-INVALID_WPA_KEY_STATE: 1x_eapkey.c:1638 Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 2, client xx:xx:xx:xx:xx:xx

Feb 15 10:37:26 172.22.90.20 Wi-Fi_Controller: *Feb 15 10:43:50.461: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx

What could it be? Is it possible that some noises or whatever could cause it? The building with this problematic LAP is a kind of film studio...

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: LAP drops client connections

Well as long as the connection between the remote location and the location where the wlc is connected to is fine, then it can be interference. If you click on the ap from the wlc wireless tab, on the bottom of the image you can see the uptime and the join time. If these times are okay and not short, then the link is okay. Have you tried to swap an ap to see if you still have the same issue and I'm guessing that clients in the main building work fine, but when they go to the other site, they have issues on the same SSID. If you think it is interference, you might want to use a spectrum analyzer to determine that. Could be some of the lighting or various wireless devices they might use out there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: LAP drops client connections

Well... Your roaming will break if you roam from another ap and the client needs to roam to that AP. Click on the blue triangle next to the AP under Wireless then Radios 802.11bgn. You might be able to disable the radio there.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
24 REPLIES
Hall of Fame Super Silver

Re: LAP drops client connections

Well as long as the connection between the remote location and the location where the wlc is connected to is fine, then it can be interference. If you click on the ap from the wlc wireless tab, on the bottom of the image you can see the uptime and the join time. If these times are okay and not short, then the link is okay. Have you tried to swap an ap to see if you still have the same issue and I'm guessing that clients in the main building work fine, but when they go to the other site, they have issues on the same SSID. If you think it is interference, you might want to use a spectrum analyzer to determine that. Could be some of the lighting or various wireless devices they might use out there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

thank you much for your answer!

yes, due to your recommendations I am inclined to think that the problem is in the interference.. Although the D-link AP works fine there...

what would you advise, maybe to change in settigs to minify its influence?..

I have tried to change the channels in Wireless -- 802.11b/g/n --DCA, but it didn't seem to work... in Wireless-- Access Point -- Radios --

802.11b/g/n I still see the channel 1,6 or 11 ......

Re: LAP drops client connections

Natalia,

If you don't have any mission critical reason to stay on 6.0.x code, you might consider moving up to 7.0.x, preferably 7.0.220.0 or higher and then continue troubleshooting. If you have to stay on 6.0.x, consider upgrading to 6.0.220.0.

Another thing to consider is physical placement of the LAP. Do you have it mounted to a ceiling or wall? Is it near (within 40cm or so) sheet metal or a solid metal I-beam or other metal construction? As Scott mentioned, it is possible the AP is experiencing interference (or is interfering with itself). A best practice is to make sure that AP is mounted horizontally, typically to a ceiling or at the end of a mast extending downward from the ceiling, with the white dome facing the floor. Try to keep the AP vertically within 7m of the service area (i.e., don't mount it too high and away from where your mobile clients will be), and keep it away from hard metal surfaces.

Justin

New Member

Re: LAP drops client connections

Guys, thank you for your replies!

Justin, your advises will be useful for me in future.

We have found out that our AP is located between mobile television station and TV-cameras that broadcast on 2,4 GHz frequencies as our b/g/n  AP. As a solution we decided either to move the AP somewhere else or to change this to another one that is a/n. Hope one of these will help.

And as I was told today the D-Link AP also does not work fine while all the TV equipment is on =) only when it is off.

New Member

Re: LAP drops client connections

Is it possible to make the individual LAP work only in 5GHz using WLC? or how to disable the 2.4 GHz radio module on that LAP? I want it to support only 802.11a & 802.11n on only 5 GHz.

Thanks

Hall of Fame Super Silver

Re: LAP drops client connections

You go to the Wireless tab then on the left side click 802.11bgn, click networks and disable 802.11b. That will disable globally 2.4.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

no, I don't want to disable it globally! only on one LAP, not on all! is it possible?

I have read that I can manually configure the channel for an individual AP, that I can configure the LAP to use 40 MHz (Channel Bonding) in 5 GHz (802.11a/n). Is that what I need?

Hall of Fame Super Silver

Re: LAP drops client connections

Well... Your roaming will break if you roam from another ap and the client needs to roam to that AP. Click on the blue triangle next to the AP under Wireless then Radios 802.11bgn. You might be able to disable the radio there.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

thank you, Scott! that is what i needed!! thanks!

Hall of Fame Super Silver

Re: LAP drops client connections

No problem.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

sorry for disturbing again, Scott!

while I was trying to solve this,

"

Is it possible to make the individual LAP work only in 5GHz using WLC? or how to disable the 2.4 GHz radio module on that LAP? I want it to support only 802.11a & 802.11n on only 5 GHz.

"

I was making an experiment of changing Radio Policy on a WLAN for SSID, to which only Apple users are connecting. I had chosen "802.11a only", then "802.11a/g" only, but finally I left "All" as it was before.

But now Apple devices choose only radio 802.11g or 802.11a to connect to, although they could choose 802.11n before my experiments! Don't understand what went wrong and how to deal with it.

Hall of Fame Super Silver

Re: LAP drops client connections

EDIT:  You need to go to the wilreless tab on the WLC and then click on Access Points | Radios | 802,11 b/g/n.  Go to the right of the AP and click on the blue triange, click configure and disable the status.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

oh, I badly explained what I need again(((

I don't need only 2.4 Ghz now. I cited just to remind why I was doing this:

"  I was making an experiment of changing Radio Policy on a WLAN for SSID, to which only Apple users are connecting. I had chosen "802.11a only", then "802.11a/g" only, but finally I left "All" as it was before.   "

And now I am faced this problem :

But now Apple devices choose only radio 802.11g or 802.11a to connect to, although they could choose 802.11n before my experiments! " Now all that devices have only 54 Mbps as a Current Tx RateSet. They need 144 Mbps, which they had before, while connecting with radio 802.11n

Any ideas?

Hall of Fame Super Silver

Re: LAP drops client connections

I don't know... maybe the iPads only connect on the 2.4ghz when using 802.11N.  Since you only see 144mbps, I'm guessing that the iPads only connect on the 2.4ghz.  If you have the 5ghz setup for 802.11n and you have 40mhz channel width, then the highest you will see on a laptop is 300mbps.  To achieve 300mbps, you need to either have an open authentication or use wpa2/aes.  Also WMM needs to be enabled on the SSID.

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

not only iPads, but MacBooks, iPhones. but they don'y want to connect, using 802.11n, only 802.11g and 802.11a. How to make them connect, using 802.11n when Radio Policy is selected "All" for that WLAN??? doesn't matter 2.4 or 5 Ghz

Hall of Fame Super Silver

Re: LAP drops client connections

The WLC can't force them to use 802.11N, it's really up to the client devices.  As long as you configure the WLC to support 802.11n, then you have really done your part, itsup to Apple to figure that out:)

-Scott
*** Please rate helpful posts ***
New Member

Re: LAP drops client connections

:))))) I like this idea ))

thanks much for numerous help in this sometimes weird wireless world ))

Hall of Fame Super Silver

Re: LAP drops client connections

Yeah... some things are just out of your control:)

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: LAP drops client connections

Natalia,

One thing you can try is to use band select on the WLAN SSID Advanced Tab. You will have to set you radio policies to 'ALL'. This might help, but some iOS devices may still connect only on 2.4ghz.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

LAP drops client connections

You know, what is the answer?

iPads are culpable!!!

to make them connect to our LAPs we were forced to leave only WPA2 policy + TKIP encryption in WLAN Security Layer 2 parameters. Weird that we didn't mention the change of speed before. So, if we enable ALL methods of encryption on a WLAN - we get 144 Mbps and Apple devices, connected to LAP, using 802.11n! woohoo!

But we still need that iPads, so we should be grateful for 54 Mbps

Hall of Fame Super Silver

LAP drops client connections

From what I know, is that... default, WPA uses TKIP and WPA uses AES.  So when you setup a device that only gives you options for:

WPA-Personal --> WPA-TKIP

WPA2-Personal --> WPA2-AES

WPA-Enterprise --> WPA-TKIP

WPA2-Enterprise --> WPA2-AES

It uses the default encryption for the WPA(2).  IF you set your WLAN SSID for WPA2-AES with WMM enabled and 40 mhz channel width, what speeds doyou get on your 802.11N capable laptop or mac book?  You should see 300mbps, assuming you are near an AP:)  The iPad 2 & 3 you should see more than 54mbps, but not the iPad first gen.

-Scott
*** Please rate helpful posts ***
New Member

LAP drops client connections

I will learn about the expansion of the channel width to 40 MHz and will try to do that. Will let you know what I get)

Hall of Fame Super Silver

Re: LAP drops client connections

Sounds good. You have to disable the 5ghz first to make the change.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

LAP drops client connections

well, we've made a channel bonding today, also have made an aggregation of frames(A-MPDU) for the traffic, left only WPA2-AES on a WLAN SSID and got 300Mbps while connecting on the 5Ghz!

But we can't leave WPA2-AES, we need only WPA2-TKIP  because of an unknown reason, of which iPads can't connect to converted AIR-AP1141N-E-K9 with c1140-rcvk9w8-tar.124-21a.JA2 and send Decrypt errors to WLC, however there is no problems with connection to AIR-LAP1142N-E-K9 with the same IOS, when only WPA2-AES left in WLAN configuration.

Will be figuring this out somehow..

2018
Views
5
Helpful
24
Replies