Re: Roaming issues with WLC5508 - FlexConnect with WPA2/PSK

JF · ‎07-02-2013

Hello,

On a wifi installation, some devices seem to lose connectivity sometimes. The interuption is very quick but significant for their applications.

The controller is a Cisco WLC5508 with the release 7.4.100.60 and the access points are Cisco 1242 (with two external antennas) and 1602.

APs are in Flexconnect mode, and SSID security is in WPA2/PSK.

I don't see any problem with my HP laptop, but with Samsung Galaxy Tab or LXE devices the problem is present.

In the message logs, i found this frequently :

*apfReceiveTask: Jul 01 11:50:17.521: #LWAPP-3-INVALID_AID2: spam_api.c:1357 Association identifier 9 for client 00:26:37:d5:fe:ba is already in use by 00:26:37:ed:0f:1a

And this :

*Dot1x_NW_MsgTask_4: Jul 01 10:01:02.144: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:861 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; KeyLen 24, Key type 1, client 00:26:c6:07:98:44

But i'm not sure that these logs occur a connectivity lost.

Is anyone had roaming issues with this configuration?

Thanks by advance for any response.

Scott Fella · ‎07-02-2013

Can you post the show run-config

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

JF · ‎07-02-2013

Hello Scott,

Please find attached the "show running-config" of the controller.

Thanks

Scott Fella · ‎07-02-2013

Try not to have both WPA and WPA2 setup. Either use WPA/TKIP or WPA2/AES

This is for your SSID: INTERNAL

Wi-Fi Protected Access (WPA/WPA2)............. Enabled

WPA (SSN IE)............................... Enabled

TKIP Cipher............................. Enabled

AES Cipher.............................. Disabled

WPA2 (RSN IE).............................. Enabled

TKIP Cipher............................. Disabled

AES Cipher.............................. Enabled

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎07-02-2013

Also you should only use channel 1, 6, 11 on the 2.4ghz. Looks like you also have channel 5 and 13.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎07-02-2013

One thing to note also in a mixed environment with 802.11n and non 802.11n access points. 802.11n clients will prefer to always roam to an 802.11n access point, thus may never try to roam to a non 802.11n access point until it drops. Keep that in mind since I don't know how your environment is. You are better off keeping all 802.11n aps together and non 802.11n aps together. If you do mix, then disable 802.11n.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***