debug a client mac-address and check where it fails.
(config)#logging level debugging user
(config)#logging level debugging user-debug <device mac-address>
Check the output of
show log user | include <mac-addr of client>
show log user-debug | include <mac-addr of client>
show auth-tracebuf mac <mac-address of client being debugged>
what are the type of clients?
Do the client move, while getting dropped?
Code version on the controller?
Does the client able to get back its connectivity after getting dropped?