Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Frequent disassociation on APs while running 802.1x

We are running Cisco 12xx APs in autonomous mode. Wireless clients seem to to disconnect at regular intervals - for some it's about every 30 sec and for others it's about every few

minutes. We have the APs select the least congested channel dynamically. We have further tried both the default radio settings as well as experimented with Best Range and Best Throughput options but the problem seems to stay.

The utilization on APs is only a few % so it processing does not seem to be the issue. We have seen clients jumping between APs while stationary on their desk as well as reassociating with the same APs within minutes. And the strange thing is that this problem occurs on some APs and not on others with some clients and not with all of them.

Clients have wireless settings pushed through GPO (using Windows wireless settings). Most wireless cards are built-in Intel model (2200BG/3945ABG series).

This is happening only after moving from static WEP to 802.1x.

I am wondering about the Association page on APs that give an 'inactivity timeout'. I have not seen a clear definition/use of this configuration. Right now it is set to a default 60 seconds for all devices.

Appreciate any help.

Thanks.

MAG

9 REPLIES
Community Member

Re: Frequent disassociation on APs while running 802.1x

What do you see on the events log of the AP?

Community Member

Re: Frequent disassociation on APs while running 802.1x

We see mostly dissassociation messages like ...

"the station has left the BSS"

and

"xxxx.xxxx.xxxx has roamed to xxxx.xxxx.xxxx"

Community Member

Re: Frequent disassociation on APs while running 802.1x

A couple qucik things to check:

-make sure users w/ this problem do not have multiple instances of the same SSID or profile.

-disable the lower data rates(1Mbps, 2Mbps, 5.5Mbps, etc) on your APs

Community Member

Re: Frequent disassociation on APs while running 802.1x

I checked. Only one instance of SSID profile is there.

Are you suggesting that by disabling the lower data rates we will be able to reduce/limit the effective range of the APs? Perhaps allowing clients to connect to only best available APs?

Community Member

Re: Frequent disassociation on APs while running 802.1x

Yes this should force clients to connect only to best available APs with less hand-offs happening. The range of the APs would be more in line with the power level assignment of the AP.

Re: Frequent disassociation on APs while running 802.1x

Make sure you're using the latest drivers for the Intel cards, you can suffer from all sorts of odd problems if using older ones.

Community Member

Re: Frequent disassociation on APs while running 802.1x

I have recommended the following to the client:

1) Adjust Association inactivity timers on the APs (does this actually play any role...the default was set to 60 seconds and I had them change to 3600 seconds)

2) update wireless drivers to latest version

3) Install MS patch KB893357

4) Balance range/throughput settings on AP to get cells with the right amount of overlap.

5) Have an RF site survey conducted

Appreciate all the responses.

Thanks.

MAG

Re: Frequent disassociation on APs while running 802.1x

You might also try this MS hotfix:

http://support.microsoft.com/kb/885453

It's an "on request" one but they won't charge you for it.

Community Member

Re: Frequent disassociation on APs while running 802.1x

While there is a difference in the protocols (static WEP vs. EAP), could this cause such a marked difference in AP performance that we need to take all the suggested measures i.e. the various suggestions that have been received like .... disabling lower data rates, increasing Association inactivity timeouts, etc.

I would think it is primarily the driver side protocol processing that might be the major cause.

Essentially, what I would like to have answered is why the same set of APs are working fine with static WEP while having problems with 802.1x. There is no loss (at least no observable loss) of packets between the RADIUS server (cisco ACS 4.0) and the APs.

316
Views
0
Helpful
9
Replies
CreatePlease to create content