Yes, re-entering WLCCP passwords and credentials helped to fix the problem on a few APs.

But, there were still some APs which couldnt be authenticated.

To fix the problem, I upgraded the software of these APs: 12.3(4)JA => 12.3(7)JA3

I didn't upgrade all APs yet, but those which have the 12.3(7)JA3 version dont have authentication problems anymore

Thanks for your help anyway.

Hello

do you use an ACS for the authentication of the infrastructure? If yes, what Version do you have?

There is a bug, beginning with 3.3

best regards

Oliver

Hello,

We don't use Cisco Access Control Server, anyway it's interesting to know this issue

we are using this version of 3.3...what is the bug?

Are there any specific debug methods that helped solve this issue?

I have a WLSE running 2.12FCS, 44 1231G's and one subnet out of 4 is not authenticating. I have beat my head against the wall for about a week now. The specific message I am seeing that is unique to the misbehaving subnet is "WNM MAC yet unknown" - I have tried "ip proxy-arp" and putting in static arp entries, upgrading to 12.3(7)JA3 and so on, but zero sucess. I have copied the config from a working WDS master that sucessfully auths to the misbehaving WDS master but still no authentcation of the WLSE/WNM. Incidently, I never see the wlse try to authenticate against the local radious server... The debug available to tell me whats going on seems to be very limited.

Anyone have any more ideas?

Thanks,

Richard

Hello,

The debug method i used is the following:

- I tried those commands on the WLSE:

Dumptcp port 2887 host [WDS IP Address] log

Dumptcp proto udp host [WDS IP Address] log

then i downloaded the dumptcp.cal file and opened it (with Ethereal for example).

this log showed that only SNMP paquets were received by the WLSE

- then i tried to use debug commands WDS AP having an issue:

i opened 2 telnet sessions on the same WDS AP

in the 1° one, i used the following commands:

debug wlccp packet

debug wlccp wds

terminal monitor

in the 2° one, i stopped and re-activated the WDS by typing:

no wlccp wnm ip address

wlccp wnm ip address [WLSE IP Address]

then i looked the result in the first session and didnt see ANYTHING which could have had a link with WLSE authentication

that's why i supposed that the WDS AP was the origin of the problem and i tried to upgrade its software

hope this helps

Simon,

Thanks for your help - I have *finally* been able to resolve this issue. As per your suggestion, I enabled only the two debugs on the WDS AP. I usually enabled a large number more.... The debug read like this when enabling "wlccp wnm":

Mar 2 01:15:40.866: %WLCCP_NM-6-RESET: Resetting WLCCP_NM because WNM IP address has changed

*Mar 2 01:15:40.908: %WLCCP_NM-6-WNM_LINK_UP: Link to WNM is up

*Mar 2 01:15:40.910: WLCCP WDS Rx: Lateral AAA Request

*Mar 2 01:15:40.910: Org=10-00c0.9fb4.e9c8 Rsp=08-0016.47ea.2b68

*Mar 2 01:15:40.910: Len=42 ID=29 Hops=0 Flags=0000

*Mar 2 01:15:40.911: Requester=10-00c0.9fb4.e9c8 Type=0/4/0 Stat=00

*Mar 2 01:15:40.911: WDS: WLCCP_TYPE_AAA (START) rcvd, Org = 00c0.9fb4.e9c8, Rsp = 0016.47ea.2b68, Req 00c0.9fb4.e9c8, id 29 auth 4 key 0

*Mar 2 01:15:40.912: WDS: WLCCP_TYPE_AAA (EAPOL) sent with Source IP = 10.20.10.221, Org = 0016.47ea.2b68, Rsp = 00c0.9fb4.e9c8, Req 00c0.9fb4.e9c8, auth 4,

****SNIP****

*Mar 2 01:15:40.982: WDS: DOT11_AAA_FAILURE ...

which pretty much indicated the user/pass on WLSE didn't match the local details on the AP. I must have messed this up while I was struggling with the bug in 12.3(4)JA and never fixed it :(

Anyway, many many thanks!

Richard

Simon,

I'm out of ideas on this one. The debugging for the WLSE part of WDS is very short and needs serious work by Cisco IMHO.

Hmm one idea - can you return the access point to defaults and start config from scratch? This worked for a prob I had this week....

Regards,

Richard