Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

wism excluded clients policy

We configured clients policy (all default settings) for web auth and WPA wlans. From time to time, I can see some clients are excluded with reason "802.11 assoc failure". What could be the reason for "802.11 assoc failure"? Could wism exclude the client by mistake?



Re: wism excluded clients policy

Today I have one user unable to associate to the WLAN. I checked and found she is in the excluded list and excluded reason is "802.11 assoc failure". I removed her from the list and she was able to associated immediatelly. I am not sure why she was excluded before. Could it be a bug?

Hall of Fame Super Red

Re: wism excluded clients policy

Hi Zhenning,

I beleive the default setting for web auth is a "5 strikes and your out" policy. Maybe this user is hitting this by accident (if they type like I do it's not impossible :)

From the WLC GUI, go to Security > Wireless Protection Policies > Client Exclusion Policies.

Hope this helps!



Re: wism excluded clients policy

Hi Rob,

Thank you for your reply. But the problem I see is not client excluded by web auth failure, but excluded by "802.11 Assoc Failure". What could cause the "802.11 Assoc Failure"? Once I remove the client from the excluded list, she got associated immediately. It doesn't seems like a client issue.

Also I do not see anywhere we can configure the threshold to trigger the exclusion.




Re: wism excluded clients policy


Rob pointed you in the right direction. This is from the Controller Configuration Guide under Security:

Configuring Client Exclusion Policies

Follow these steps to configure the controller to exclude clients under certain conditions using the controller GUI.

Step 1 Click Security > Wireless Protection Policies > Client Exclusion Policies to access the Client Exclusion Policies page.

Step 2 Check any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.

Excessive 802.11 Association Failures?Clients are excluded on the sixth 802.11 association attempt, after five consecutive failure

As for troubleshooting this problem I would begin by looking for sources of interference which might be causing the high number of association failures.

You said that once you removed the client from the excluded list they associated immediately.


Can you now reproduce it? Is it happening at a certain time of day, in a particular location, or to a certain set of NIC cards?

Let us know what you find out.

Hope this helps.



Re: wism excluded clients policy

Hi Paul,

I am not able to reproduce the issue. The client has not been excluded again after that.

Yesterday I just saw another client got excluded with reason "802.11 Assoc Failure" and I have following debugs for this client:

Association received from mobile 00:04:e2:7e:cc:c3 on AP 00:17:0f:e7:b7:80

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 STA: 00:04:e2:7e:cc:c3 - rates (4): 130 132 139 12 0 0 0 0 0 0 0 0 0 0 0 0

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 Sending Assoc Response to station 00:04:e2:7e:cc:c3 on BSSID 00:17:0f:e7:b7:80 (status 18)

Tue Oct 2 11:06:15 2007: 00:04:e2:7e:cc:c3 Scheduling deletion of Mobile Station: 00:04:e2:7e:cc:c3 (callerId: 22) in 3 seconds

Does it mean the client is using some data rates that the WLC does not support? On WLC, we set 1Mbps, 2Mbps, 5.5Mbps and 11Mbps to be mandatory. Anything wrong with that? The strange thing is after a few hours, I saw the client successfully associated with the controller. I did not change anything. I do not know what happened.



Re: wism excluded clients policy

What model of controller and version of software are you using? What models of APs? Are you using H-REAP?

Do you have a WCS? If so, what version of software?

How do you have the NIC card set for Power Management? Is it CAM (Constantly Awake) or in Power Saving Mode?

How many users would you say are trying to associate with the AP when you notice a client having 802.11 Association Failure errors? You might simply have an over-subscribed AP.

In any event, I would read the release notes and check for bugs.

Hope this helps.

CreatePlease to create content