Cisco Cisco 2000 Series Wireless LAN Controller Guia De Informação
error messages?
A. When a request goes out from the WLC to the RADIUS server, each packet has a
sequence number to which the WLC expects a response. If there is no response, there is a
message that shows
sequence number to which the WLC expects a response. If there is no response, there is a
message that shows
radius−server not responding
.
The default time for the WLC to hear back from the RADIUS server is 2 seconds. This is set
from the WLC GUI under Security > authentication−server. The maximum is 30 seconds.
Therefore, it might be helpful to set this time out value to its maximum in order to resolve this
issue.
from the WLC GUI under Security > authentication−server. The maximum is 30 seconds.
Therefore, it might be helpful to set this time out value to its maximum in order to resolve this
issue.
Sometimes, the RADIUS servers perform 'silent discards' of the request packet that comes
from the WLC. The RADIUS server can reject these packets due to certificate mismatch and
several other reasons. This is a valid action by the server. Also, in such cases, the controller
will mark the RADIUS server as not responding.
from the WLC. The RADIUS server can reject these packets due to certificate mismatch and
several other reasons. This is a valid action by the server. Also, in such cases, the controller
will mark the RADIUS server as not responding.
In order to overcome the silent discards issue, disable the aggressive failover feature in the
WLC.
WLC.
If the aggressive failover feature is enabled in WLC, the WLC is too aggressive to mark the
AAA server as not responding. However, this should not be done because the AAA server
might not be responsive only to that particular client (by doing silent discard). It can be a
response to other valid clients (with valid certificates). However, the WLC might still mark
the AAA server as not responding and not functional.
AAA server as not responding. However, this should not be done because the AAA server
might not be responsive only to that particular client (by doing silent discard). It can be a
response to other valid clients (with valid certificates). However, the WLC might still mark
the AAA server as not responding and not functional.
In order to overcome this, disable the aggressive failover feature. Issue the config radius
aggressive−failover disable command from the controller CLI in order to perform this. If
this is disabled, then the controller only fails over to the next AAA server if there are 3
consecutive clients that fail to receive a response from the RADIUS server.
aggressive−failover disable command from the controller CLI in order to perform this. If
this is disabled, then the controller only fails over to the next AAA server if there are 3
consecutive clients that fail to receive a response from the RADIUS server.
Q. Several clients are unable to associate to an LWAPP and the
controller logs the
controller logs the
IAPP−3−MSGTAG015: iappSocketTask:
iappRecvPkt returned error
error message. Why does this happen?
A. This mostly happens due to an issue with the Intel adapters that support CCX v4, but that
run a client bundle version earlier than 10.5.1.0. If you upgrade the software to 10.5.1.0 or
later, this fixes this issue. Refer to Cisco bug ID CSCsi91347 (
run a client bundle version earlier than 10.5.1.0. If you upgrade the software to 10.5.1.0 or
later, this fixes this issue. Refer to Cisco bug ID CSCsi91347 (
registered customers only
) for
more information on this error message.
Q. I see this error message on the Wireless LAN Controller (WLC):
Reached Max EAP−Identity Request retries (21) for STA
00:05:4e:42:ad:c5
. Why?
A. This error message occurs when the user tries to connect to a EAP protected WLAN
network and has failed the preconfigured number of EAP attempts. When the user fails to
authenticate, the controller excludes the client and the client cannot connect to the network
until the exclusion timer expires or is manually overridden by the administrator.
network and has failed the preconfigured number of EAP attempts. When the user fails to
authenticate, the controller excludes the client and the client cannot connect to the network
until the exclusion timer expires or is manually overridden by the administrator.
Exclusion detects authentication attempts made by a single device. When that device exceeds
a maximum number of failures, that MAC address is not allowed to associate any longer.
a maximum number of failures, that MAC address is not allowed to associate any longer.
Exclusion occurs: