Steve,
I haven't seen this symptom yet - you should open a TAC case. I did see something like you describe when I changed the User Idle Timeout to a larger value (43200, or 12 hours) in an attempt to prevent premature deauthentication of systems that have not been active. Once I set it 300 back things were fine again. TAC informed me of the bug below. CSCsl51486 Bug Details Top of Form EW : Client not able to join when User idle timeout set to max value Symptom: Clients are disassociated immediately if User Idle Timeout is set to more than 65,535 seconds. Conditions: There are no specific conditions. Workaround: Avoid setting Idle Timeout to greater than 65,535 seconds. Bottom of Form 4.2 WLC Idle-Timeout values can cause clients to not associate Symptom: Depending on which idle-timeout value is configured on the controller, it can prevent clients from assoicating to the WLAN. In customer testing, the values that do not work apprear to random. Although range stil states that 90 - 100000 is valid, Dmitry said 86400 is the actual maximum in 4.2. Need that verifed as well. 86400 does work as does 32768, but 32769 does not for example. Attached debugs show client passes L2 authentication and gets IP. WLC does a gratuitous ARP and then one second later show idle-timeout and disconnects the client. Client shows it is still connected and retains its IP so it also appears the AP does not send the de-auth. Conditions: Workaround: Change idle-timeout value to something that works like 86400 Further Problem Description: ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Steve Whitson Sent: Tuesday, March 25, 2008 1:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code? Yes. the problem started with v4.1.171.0 after about one year of stability on the dos/arp storm workaround. We use stand alone 4402. DHCP is set as required. We are only using lwaps. I looked at v5.0 as documentation that seemed to suggest resolution for most of the known bugs -then found out that release was not compatible with our 1000 series ap's. prior to install. Cisco engineering also suggested waiting to deploy that release but that was mute due to the hardware incompatibly. Only one full controller crash generating a log. The system hangs preventing authentication and existing authenticated users are impacted. Seems like a denial of service between the clients and ap's but that was supposed to be fixed after 4.1.171.0. I have tried several configuration changes and have a couple of tac requests in process with cisco. What are you experiencing ? Steve Johnson, Bruce T wrote: Hey Steve, Curious as to those high load hangs. We're running 4.2.99 on several WiSM-based controllers. What's the symptom? Do you have to reboot the controllers? Thanks, ************************************* Bruce T. Johnson Network Engineer Partners Healthcare 617-726-9662 mailto:[EMAIL PROTECTED] ************************************** ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Steve Whitson Sent: Tuesday, March 25, 2008 12:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Anyone using 5.0 Cisco WiSM/WLC code? Hi Peter I have been experiencing high load hangs on v 4.2.099.0 and wanted to migrate to V5.0 for more stability. However v5.0 is not compatible with Cisco Aironet 1000 Series Access Points. "The 1000 series access points are not supported for use with controller software release 5.0.148.0". Must use 1130 series AP and above. It looked like there was no planed improvement to the 4.x code leaving many of us with a large and costly legacy system in place. I thought that ought v4.2.099.0 to be the latest code you can run on the Cisco 4400 standalone controllers with 1000 series access points however, I just noted that on March 17 v4.2.112.0 is released. Nothing above v4.1.185.0 is assure ware certified however. I am now looking at v4.2.112.0 trying for more stability... -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] Peter Arbouin wrote: Hi, I would be interested to hear from anyone who has upgraded to version 5.0 as we are considering upgrading. Regards, Peter. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Email: [EMAIL PROTECTED] The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Steve Whitson Network / Telecom Administrator Educational Technology Services California College of the Arts Phone: 415.703.9507 Email: [EMAIL PROTECTED] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. Thank you for your compliance. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
