Link to home
Start Free TrialLog in
Avatar of mschwen
mschwen

asked on

Wireless Connectivity Issues Cisco WLC with 6.0.182.0 code.

I have a Cisco 4402 WLC running on 6.0.182.0 code. We have 24 1131 access points providing sufficient coverage of our entire building. I have verified it is not a coverage issue. This problem is only happening with out Accounting department. The authentication is 802.1x, WPA, AES, and using a Cisco ACS server for username credentials.

When people in accounting (All Microsoft Windows Shop) get on the wireless they are getting randomly disconnected from the WLAN at random times, it pops right back up but it interrupts their processes they are running and they have to start over. I found logs on the WLC saying this for 1 client.

Sep 24 09:06:50 orm-wlc-1 orm-wlc-1: *Sep 24 09:06:50.695: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d
Sep 24 09:07:42 orm-wlc-1 orm-wlc-1: *Sep 24 09:07:42.843: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d
Sep 24 09:08:35 orm-wlc-1 orm-wlc-1: *Sep 24 09:08:35.177: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d
Sep 24 09:08:35 orm-wlc-1 orm-wlc-1: *Sep 24 09:08:35.252: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:1b:77:60:0b:6d
Sep 24 09:08:38 orm-wlc-1 orm-wlc-1: *Sep 24 09:08:38.042: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d
Sep 24 09:09:13 orm-wlc-1 orm-wlc-1: *Sep 24 09:09:13.759: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d
Sep 24 09:09:27 orm-wlc-1 orm-wlc-1: *Sep 24 09:09:27.320: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M5 retransmissions exceeded for client 00:1b:77:60:0b:6d

That pretty much repeats, that is the only log I can see at all with this client. I tested with my MAC and am not having this issue at all, any clues?
Avatar of mschwen
mschwen

ASKER

It seems the problem exists only on XP machines, like some sort of timer expires then it resets the connection, here is the output from a debug on the WLC.


*Sep 24 15:14:02.177: 00:22:5f:1f:2c:41 Key exchange done, data packets from mobile 00:22:5f:1f:2c:41 should be forwarded shortly
*Sep 24 15:14:02.177: 00:22:5f:1f:2c:41 Sending EAPOL-Key Message to mobile 00:22:5f:1f:2c:41
                                                                                                state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.03
*Sep 24 15:14:02.177: 00:22:5f:1f:2c:41 Updated broadcast key sent to mobile 00:22:5F:1F:2C:41 
*Sep 24 15:14:02.195: 00:22:5f:1f:2c:41 Received EAPOL-Key from mobile 00:22:5f:1f:2c:41
*Sep 24 15:14:02.196: 00:22:5f:1f:2c:41 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 00:22:5f:1f:2c:41
*Sep 24 15:14:02.196: 00:22:5f:1f:2c:41 Stopping retransmission timer for mobile 00:22:5f:1f:2c:41
 
(Cisco Controller) >
(Cisco Controller) >*Sep 24 15:18:15.735: 00:22:5f:1f:2c:41 DHCP received op BOOTREQUEST (1) (len 308, port 1, encap 0xec03)
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP selecting relay 1 - control block settings:
                        dhcpServer: 10.10.0.150, dhcpNetmask: 255.255.254.0,
                        dhcpGateway: 10.12.24.1, dhcpRelay: 10.12.24.4  VLAN: 60
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP selected relay 1 - 10.10.0.150 (local address 10.12.24.4, gateway 10.12.24.1, VLAN 60, port 1)
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP transmitting DHCP INFORM (8)
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP   xid: 0x4cc65d35 (1288068405), secs: 0, flags: 0
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP   chaddr: 00:22:5f:1f:2c:41
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP   ciaddr: 10.12.24.58,  yiaddr: 0.0.0.0
*Sep 24 15:18:15.736: 00:22:5f:1f:2c:41 DHCP   siaddr: 0.0.0.0,  giaddr: 10.12.24.4
*Sep 24 15:18:15.737: 00:22:5f:1f:2c:41 DHCP sending REQUEST to 10.12.24.1 (len 350, port 1, vlan 60)
*Sep 24 15:18:15.737: 00:22:5f:1f:2c:41 DHCP selecting relay 2 - control block settings:
                        dhcpServer: 10.10.0.150, dhcpNetmask: 255.255.254.0,
                        dhcpGateway: 10.12.24.1, dhcpRelay: 10.12.24.4  VLAN: 60
*Sep 24 15:18:15.737: 00:22:5f:1f:2c:41 DHCP selected relay 2 - NONE
*Sep 24 15:18:15.737: 00:22:5f:1f:2c:41 DHCP received op BOOTREPLY (2) (len 314, port 1, encap 0xec00)
*Sep 24 15:18:15.737: 00:22:5f:1f:2c:41 DHCP sending REPLY to STA (len 422, port 1, vlan 0)
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP transmitting DHCP ACK (5)
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP   xid: 0x4cc65d35 (1288068405), secs: 0, flags: 0
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP   chaddr: 00:22:5f:1f:2c:41
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP   ciaddr: 10.12.24.58,  yiaddr: 0.0.0.0
*Sep 24 15:18:15.738: 00:22:5f:1f:2c:41 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0

Open in new window

Avatar of Darr247
Darr247
Flag of United States of America image
In your first message all the errors are from the same client...  if you ping the computers in accounting, then do
arp -a
in a command window, you should be able to find out which one has MAC address 00:1b:77:60:0b:6d.
i.e. if you don't have a record of all your MAC addresses.

I would suspect something is wrong with that specific client. e.g. antenna loose/blocked/unhooked-from-card, cordless phone or microwave right next to it, et cetera.
Avatar of mschwen
mschwen

ASKER

I posted the logs with that specific client. The other computers are having the same issue, that was just 1 example. I think it is possible that clients need to have the latest drivers installed but am not convinced that will fix it. Its only XP clients and its not all the XP clients having issues just most of them. All XP machines are either on SP2 or SP3.
Avatar of Darr247
Darr247
Flag of United States of America image
Try upgrading the drivers, but it still sounds like interference is corrupting some of the signal... according to
http://www.cisco.com/en/US/docs/wireless/controller/message/guide/msgs4.html#wp1000139
the message means the credentials were not correct, but if that were true they would *never* be able to connect.
Avatar of mschwen
mschwen

ASKER

Exactly, that is what is so puzzling about this situation, I think the credentials are right but the timer never gets reset so it expires, once the timer expires the client think's the credentials are wrong and requests to the WLC to re authenticate. It's very strange.
Avatar of datelsys
datelsys
Check the power management settings on the WNIC's. Turn CAM on if PSP/PSM is on.

Device Manager / Wireless NIC / Advanced
ASKER CERTIFIED SOLUTION
Avatar of mschwen
mschwen
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial