Wireless Access

This is my environment, two controller 7240 and many ap 135.

When i move from one floor to another i lose connection, and receive error in authentication, wrong password on my samsung gt-s6310n. The data traffic is tunneled to the controller.

this the capture log:

Dec  4 14:25:51,<501102> <NOTI> |AP RS-ROMAITSS-0-25-AP1@10.170.20.149 stm|  Disassoc from sta: 00:e3:b2:38:d1:52: AP 10.170.20.149-9c:1c:12:ba:3c:03-RS-ROMAITSS-0-25-AP1 Reason STA has left and is disassociated
Dec  4 14:25:51,<501000> <DBUG> |AP RS-ROMAITSS-0-25-AP1@10.170.20.149 stm|  Station 00:e3:b2:38:d1:52: Clearing state
Dec  4 14:25:51,<501102> <NOTI> |stm|  Disassoc from sta: 00:e3:b2:38:d1:52: AP 10.170.20.149-9c:1c:12:ba:3c:03-RS-ROMAITSS-0-25-AP1 Reason STA has left and is disassociated
Dec  4 14:25:51,<522036> <INFO> |authmgr|  MAC=00:e3:b2:38:d1:52 Station DN: BSSID=9c:1c:12:ba:3c:03 ESSID=INTELECOMITALIA VLAN=2251 AP-name=RS-ROMAITSS-0-25-AP1
Dec  4 14:25:51,<522077> <DBUG> |authmgr|  MAC=00:e3:b2:38:d1:52 ingress 0x0x10405 (tunnel 1029), u_encr 64, m_encr 4112, slotport 0x0x2000 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Dec  4 14:25:51,<522234> <DBUG> |authmgr|  Setting idle timer for user 00:e3:b2:38:d1:52 to 14400 seconds (idle timeout: 14400 ageout: 0).
Dec  4 14:25:51,<522152> <DBUG> |authmgr|  station free: bssid=9c:1c:12:ba:3c:03, @=0x0x16ac97c.
Dec  4 14:25:51,<501000> <DBUG> |stm|  Station 00:e3:b2:38:d1:52: Clearing state
Dec  4 14:25:51,<501105> <NOTI> |AP RS-ROMAITSS-0-25-AP1@10.170.20.149 stm|  Deauth from sta: 00:e3:b2:38:d1:52: AP 10.170.20.149-9c:1c:12:ba:3c:03-RS-ROMAITSS-0-25-AP1 Reason STA has left and is deauthenticated
Dec  4 14:25:51,<501044> <NOTI> |AP RS-ROMAITSS-0-25-AP1@10.170.20.149 stm|  Station 00:e3:b2:38:d1:52: No authentication found trying to de-authenticate to BSSID 9c:1c:12:ba:3c:03 on AP RS-ROMAITSS-0-25-AP1
Dec  4 14:25:51,<501105> <NOTI> |stm|  Deauth from sta: 00:e3:b2:38:d1:52: AP 10.170.20.149-9c:1c:12:ba:3c:03-RS-ROMAITSS-0-25-AP1 Reason STA has left and is deauthenticated
Dec  4 14:25:51,<501044> <NOTI> |stm|  Station 00:e3:b2:38:d1:52: No authentication found trying to de-authenticate to BSSID 9c:1c:12:ba:3c:03 on AP RS-ROMAITSS-0-25-AP1

this is the output of show auth-tracebuf

Dec  4 14:25:46  station-up             *  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          -      -     wpa2 aes
Dec  4 14:25:46  eap-id-req            <-  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          1      5     
Dec  4 14:25:46  eap-id-resp           ->  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          1      13    37506512
Dec  4 14:25:51  eap-failure           <-  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          1      4     server timeout
Dec  4 14:25:51  eap-failure           <-  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          2      4     station timeout
Dec  4 14:25:51  eap-id-req            <-  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          2      5     
Dec  4 14:25:51  eap-id-resp           ->  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          2      13    37506512
Dec  4 14:25:51  station-down           *  00:e3:b2:38:d1:52  9c:1c:12:ba:3c:03          -      -    

i think a problem on radius server? someone can help me

Yes.  You need to look to see if your radius server is overloaded, or is not answering for some reason..

"show aaa authentication-server radius statistics" will let you know if you have a problem.

this is my output:

RS-ROMAITDG-100-CT9) #show aaa authentication-server radius statistics

RADIUS Server Statistics
------------------------
Server   Acct Rq  Raw Rq    PAP Rq  CHAP Rq  MSCHAP Rq  MSCHAPv2 Rq  Mismatch Rsp  Bad Auth  Acc      Rej     Acct Rsp  Chal      Ukn Rsp  Tmout   AvgRspTm  Tot Rq    Tot Rsp   Rd Err  Uptime    SEQ
------   -------  ------    ------  -------  ---------  -----------  ------------  --------  ---      ---     --------  ----      -------  -----   --------  ------    -------   ------  ------    ---

RADIUS6  176308   5398306   2       0        0          19           2713          0         265774   60945   167987    4997923   0        452503  810       5574635   5495342   0       0:0:0     255/253

*AvgRspTm is in msec, Uptime is in d:h:m, SEQ is in Total/Free

Orphaned requests = 0

can you help me to find some problem ?

According to that output, you have had 452503 timeouts to that radius server.  You probably need to figure out what why that is happening.

You can suggest to me other command to demonstrate the problem on radius server.

I do not know you infrastructure, so I would not know where to start.  Here is a query below for radius timeouts in the forum that might give you and idea.  Depending on the server, you would look in the Radius Server log to get an idea...

http://community.arubanetworks.com/t5/forums/searchpage/tab/message?filter=labels%2Clocation&location=category%3Adiscuss&location=category%3Adiscuss&q=radius+timeout

I was wondering if you knew other commands to run on controller, not on radius or on the infrastructure. To to highlight the problem.

The commands in your first post are the most definitive commands related to this issue.

I would check to make sure the ports that uplink from your controller to your switch do not have any errors.

ok  thank you..  :)