Hi Rob,

Thank you for your reply. But the problem I see is not client excluded by web auth failure, but excluded by "802.11 Assoc Failure". What could cause the "802.11 Assoc Failure"? Once I remove the client from the excluded list, she got associated immediately. It doesn't seems like a client issue.

Also I do not see anywhere we can configure the threshold to trigger the exclusion.

Thanks!

Zhenning

Zhenning,

Rob pointed you in the right direction. This is from the Controller Configuration Guide under Security:

Configuring Client Exclusion Policies

Follow these steps to configure the controller to exclude clients under certain conditions using the controller GUI.

Step 1 Click Security > Wireless Protection Policies > Client Exclusion Policies to access the Client Exclusion Policies page.

Step 2 Check any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.

Excessive 802.11 Association Failures?Clients are excluded on the sixth 802.11 association attempt, after five consecutive failure

As for troubleshooting this problem I would begin by looking for sources of interference which might be causing the high number of association failures.

You said that once you removed the client from the excluded list they associated immediately.

Good.

Can you now reproduce it? Is it happening at a certain time of day, in a particular location, or to a certain set of NIC cards?

Let us know what you find out.

Hope this helps.

Paul

Hi Paul,

I am not able to reproduce the issue. The client has not been excluded again after that.

Yesterday I just saw another client got excluded with reason "802.11 Assoc Failure" and I have following debugs for this client:

Association received from mobile 00:04:e2:7e:cc:c3 on AP 00:17:0f:e7:b7:80

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 STA: 00:04:e2:7e:cc:c3 - rates (4): 130 132 139 12 0 0 0 0 0 0 0 0 0 0 0 0

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 Sending Assoc Response to station 00:04:e2:7e:cc:c3 on BSSID 00:17:0f:e7:b7:80 (status 18)

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 Scheduling deletion of Mobile Station: 00:04:e2:7e:cc:c3 (callerId: 22) in 3 seconds

Does it mean the client is using some data rates that the WLC does not support? On WLC, we set 1Mbps, 2Mbps, 5.5Mbps and 11Mbps to be mandatory. Anything wrong with that? The strange thing is after a few hours, I saw the client successfully associated with the controller. I did not change anything. I do not know what happened.

Thanks!

What model of controller and version of software are you using? What models of APs? Are you using H-REAP?

Do you have a WCS? If so, what version of software?

How do you have the NIC card set for Power Management? Is it CAM (Constantly Awake) or in Power Saving Mode?

How many users would you say are trying to associate with the AP when you notice a client having 802.11 Association Failure errors? You might simply have an over-subscribed AP.

In any event, I would read the release notes and check for bugs.

Hope this helps.