cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6050
Views
0
Helpful
14
Replies

APs Disconnecting from Controller

jonathanb355
Level 1
Level 1

Hi, users are reporting frequent dropouts from the wireless network. The logs show some of the events below:

*apfReceiveTask: Jul 12 08:51:10.854: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'suguest'. Marking interface dirty.

AP 'AP4c4e.3557.8bf7', MAC: 20:bb:c0:65:dc:40 disassociated previously due to AP Reset. Uptime: 0 days, 05 h 11 m 54 s . Last reset reason: operator changed 11g mode.

Rogue AP : c4:0a:cb:a4:7f:71 removed from Base Radio MAC : a4:18:75:64:07:30 Interface no:0(802.11b/g)

Rogue AP : 00:08:30:38:01:b1 detected on Base Radio MAC : 3c:ce:73:57:f1:10 Interface no:0(802.11b/g) on Channel 1 with RSSI: -88 and SNR: 9 and Classification: unclassified

Rogue AP : 08:d0:9f:86:fe:71 detected on Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g) on Channel 11 with RSSI: -88 and SNR: 5 and Classification: unclassified

Rogue AP : c4:0a:cb:2c:0c:c0 detected on Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g) on Channel 11 with RSSI: -83 and SNR: 12 and Classification: unclassified

Rogue AP : c4:0a:cb:2c:2f:c0 removed from Base Radio MAC : b4:e9:b0:af:cd:70 Interface no:0(802.11b/g)

Rogue AP : 82:7d:5e:79:35:6f removed from Base Radio MAC : b4:e9:b0:af:cd:70 Interface no:0(802.11n(2.4 GHz))

IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP0006.f616.e8de, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 1, srcMac: 82:7D:5E:79:35:6F 

IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-Mac, Detecting AP Name: AP0006.f616.e8de, Radio Type: 802.11b/g, Preced: 5, Hits: 300, Channel: 1, srcMac: 82:7D:5E:79:35:6F 

Rogue AP : 0c:85:25:32:1d:40 removed from Base Radio MAC : b4:e9:b0:af:cf:80 Interface no:0(802.11b/g)

Can anyone help me troubleshoot?

Thanks.

1 Accepted Solution

Accepted Solutions

You are running 7.2, but it appears you did not install the FUS since the recovery image is 6.x.  I would suggest installing the FUS as you can run into some WLC stability issues if you don't.

View solution in original post

14 Replies 14

George Stefanick
VIP Alumni
VIP Alumni

It's rather inconclusive as to what's going on based on your logs. Your logs show a few things.

1. Dhcp interface marked dirty means something is likely wrong with your dhcp server. I would check to make sure the dhcp server is working. No dhcp would break clients trying to get on the network

2. The second log item states the network went down because someone changed it to 802.11g. Note where it says operator

3. The third item is typical rogue reports

I might suggest seeing this issue with your own eyes. Also check that dhcp server ..

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thanks George.

1. The dhcp server appears to be working. Users are currently getting addresses and connecting.

2. Do you know what would change the mode to 802.11g? No changes were made to the configuration but this item appears in the logs numerous times.

3. There are other APs in the area; is this a red herring?

Thanks.

You don't have RLDP enabled do you?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi Scott, it is not enabled:

Rogue Policies      

Rogue Location Discovery Protocol  MonitorModeAps AllAps Disable 

Expiration Timeout for Rogue AP and Rogue Client entries 1200 Seconds 

Validate rogue clients against AAA   Enabled not checked

Detect and report Ad-Hoc Networks   Enabled checked

Rogue Detection Report Interval (10 to 300 Sec)   10

Rogue Detection Minimum RSSI (-70 to -128)   -128

Rogue Detection Transient Interval (120 to 1800 Sec)  

Auto Contain

Auto Containment Level  1

Auto Containment only for Monitor mode APs   Enabled not checked

Rogue on Wire   Enabled not checked

Using our SSID   Enabled not checked

Valid client on Rogue AP   Enabled not checked

AdHoc Rogue AP   Enabled not checked

   
 
 
 
 
 

Should I enable it?

No. This will cause issues with client being disconnected to look for rogues.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

It's hard to say.. I might suggest checking the issue out for yourself. Do you have specific clients that are having this problem ?

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thanks George, the feedback from the users did not indicate any pattern as such, they said it happened randomly and would lose connectivity. The SSID also disappeared from their search.

I am going to attend the site next week. Are there any steps you recommend I take whilst there, to help identfy the issue?

Thanks.

What firmware is the WLC running on?

Sent from Cisco Technical Support Nintendo App

Scott Fella
Hall of Fame
Hall of Fame

Take a look at the AP from the GUI. Open up the AP and on the main page toward the bottom you will see two values. One is uptime and the other is join time. If the ap looses power, the uptime will reflect that. Is there is a connectivity issue the join time will reflex that. The uptime should be a higher to what the join time is but should be close. AP's moving to another WLC can also cause the join time to be much lower than the uptime.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Indeed .. Try and catch the issue yourself .. Again look for a pattern. If you can reproduce the issue run a client debug . Is this WLAN any different from the others ?

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Shaoqin Li
Level 3
Level 3

haven't gone through all replies.

1. isnit hreap setup? what is the code version?

2. do you disable 802.11g on your wlc?

Sent from Cisco Technical Support iPad App

Thanks All, went to sight and there were a few issues. I rebooted a couple of the APs and they started working again. I need to install another AP to improve coverage in one particular area.

Leo,

Model 5508
Software Version 7.2.103.0
Field Recovery Image Version 6.0.182.0

Scott,

The difference between uptime vs join time is quite large on some of the AP:, ~50days vs ~4days, others are same e.g. 4days vs 4days.

Shaoqin,

1. I could not find the hreap option, in its place is flexconnect. 802

2. 802.11g is enabled

A little concerned a reboot resolved a few of the issues. I'll monitor these APs to check if they lose connection again.

Thanks.

You are running 7.2, but it appears you did not install the FUS since the recovery image is 6.x.  I would suggest installing the FUS as you can run into some WLC stability issues if you don't.

jonathanb355
Level 1
Level 1

Thanks All, upgraded FW and been monitoring this for a while; seems stable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: