Re: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Mark Duling
Thanks for all the replies everyone. Well I'm not used to looking at AP logs, but I just logged into one AP on the list and on the day it happened all I see are some of these: %DOT11-4-CCMP_REPLAY AES-CCMP TSC replays and two of these for a client: %DOT11-4-FLUSH_DEAUTH: Consecutive tx

Re: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Jeffrey D. Sessler
Did you go back and correlate the event? For example, SSH into a few of the WAP’s and look at their logs to see what they thought happened. Did the CAPWAP uptime actually change on their WAPs qne/or the hours they report being connected. The WAP logs tend to be very informative. If you use

RE: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Lee H Badman
OK- you have far fewer APs than us- but we are on your code. I don’t want to muddy the waters and prejudice your conclusions as you really need TAC to work you through this minefield. But know that there are bugs and circumstances related to some shared resource between 802.1X and CAPWAP

Re: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Mark Duling
>> Out of curiosity- how many APs, clients (in general) and are you doing 802.1X? It's roughly 250 APs out of approximately 1k, so about 1/4 our the total APs. Yes, we are doing 802.1x. We don't have a large set of mobility groups, so it doesn't sound like CSCva66176. On Mon, Sep 11, 2017 at

RE: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Manon Lessard
Hi I saw such events when we faced bug CSCva66176 but it was massive and recurrent. When we moved from WISM2 to 8540s last May, thinking I should be careful I kept my old controllers (that were turned off) in the list of devices in the

RE: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

2017-09-11 Thread Lee H Badman
Out of curiosity- how many APs, clients (in general) and are you doing 802.1X? Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e

spurious cpi report of mass AP disassociation

2017-09-11 Thread Mark Duling
We're using Cisco 8540 on code 8.2.151.0. Last week CPI reported a great number of simultaneous AP disassociations and then reassociation. CPI shows all the events had the exact same timestamp right down to the hundredth second. It was just a single event. But I can find no event preceding it

Cisco ISE issues version 2.1.0.474 (Patch 3)

2017-09-11 Thread Matlick, Michael
Good afternoon, We are curious if there are any other campuses out there which are running Cisco ISE version 2.1.0.474 (patch 3). We are running into issues where users on our 802.1x enabled SSID are able to authenticate sometimes, but not always (intermittent connectivity).

eduroam AUP, revisit

2017-09-11 Thread Lee H Badman
Sorry to rehash a topic like this, but throwing the net out there again after only getting one reply (Thanks, Marcello). How are you who participate in eduroam as IDPs (Identity Providers) making "reasonable effort" to inform your users about their responsibilities when visiting other campuses