Original Message:
Sent: Aug 05, 2024 09:57 AM
From: Tue Madsen
Subject: Lots of client roaming error events in Central
Client limit is 128 in the SSID profile but there is only between 2 - 8 connected clients/AP in general - including the AP's where these errors are being logged.
EDIT: Maybe I should mention especially the "AP is ressource constrained" error comes in almost "storms". I can have one client perhaps being responsible for 200 of these Loops of entries (two loops shown below) within 10 min on an access point. A small example of a pattern that can happen hundreds of times within minutes:
Aug 05, 2024, 14:40:15:627,"API120-001","AP","Client 802.11 De-authentication from Client","De-authentication sent from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 Reason: AP is resource constrained"
Aug 05, 2024, 14:40:15:619,"API120-001","AP","Client PMK/OKC Key Add","Operation ADD for key cache entry with sequence number 54321 and TTL 28800 seconds"
Aug 05, 2024, 14:40:15:603,"API120-001","AP","Client Radius Accounting Start","Radius Accounting start initiated from client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 to Radius Server 10.1.100.102"
Aug 05, 2024, 14:40:15:602,"API120-001","AP","Client Role Assigned","Role IBC WiFi assigned to client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:602,"API120-001","AP","Client Roaming","Roam probe sent by API120-001 for Client xx:xx:xx:xx:93:12"
Aug 05, 2024, 14:40:15:601,"API120-001","AP","Client 802.1x Radius Accept","802.1x Radius Accept received from Server 10.1.100.102 for client xx:xx:xx:xx:93:12 associated to BSSID MAC xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 "
Aug 05, 2024, 14:40:15:601,"API120-001","AP","Client EAP Success","EAP success to client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:306,"API120-001","AP","Client 802.11 Association Success","802.11 Association success to client xx:xx:xx:xx:93:12 from BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:305,"API120-001","AP","Client 802.11R Association Request","802.11r Association request from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:290,"API120-001","AP","Client 802.11 Authentication Success","802.11 Authentication success to client xx:xx:xx:xx:93:12 from BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:289,"API120-001","AP","Client 802.11 Authentication Request","802.11 Authentication request from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:039,"API120-001","AP","Client Radius Accounting Stop","Radius Accounting stop initiated from client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 to Radius Server 10.1.100.102"
Aug 05, 2024, 14:40:15:038,"API120-001","AP","Client Onboarding Event","Client Onboarding Event"
Aug 05, 2024, 14:40:15:037,"API120-001","AP","Client 802.11 De-authentication from Client","De-authentication sent from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 Reason: AP is resource constrained"
Aug 05, 2024, 14:40:15:028,"API120-001","AP","Client PMK/OKC Key Add","Operation ADD for key cache entry with sequence number 54319 and TTL 28800 seconds"
Aug 05, 2024, 14:40:15:021,"API120-001","AP","Client Radius Accounting Start","Radius Accounting start initiated from client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 to Radius Server 10.1.100.102"
Aug 05, 2024, 14:40:15:020,"API120-001","AP","Client Roaming","Roam probe sent by API120-001 for Client xx:xx:xx:xx:93:12"
Aug 05, 2024, 14:40:15:019,"API120-001","AP","Client EAP Success","EAP success to client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:019,"API120-001","AP","Client Role Assigned","Role IBC WiFi assigned to client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:15:018,"API120-001","AP","Client 802.1x Radius Accept","802.1x Radius Accept received from Server 10.1.100.102 for client xx:xx:xx:xx:93:12 associated to BSSID MAC xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 "
Aug 05, 2024, 14:40:14:748,"API120-001","AP","Client 802.11 Association Success","802.11 Association success to client xx:xx:xx:xx:93:12 from BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:14:747,"API120-001","AP","Client 802.11R Association Request","802.11r Association request from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:14:729,"API120-001","AP","Client 802.11 Authentication Success","802.11 Authentication success to client xx:xx:xx:xx:93:12 from BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:14:728,"API120-001","AP","Client 802.11 Authentication Request","802.11 Authentication request from client xx:xx:xx:xx:93:12 to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001"
Aug 05, 2024, 14:40:14:491,"API120-001","AP","Client Radius Accounting Stop","Radius Accounting stop initiated from client xx:xx:xx:xx:93:12 associated to BSSID xx:xx:xx:xx:9e:f2 on channel 11 of AP hostname API120-001 to Radius Server 10.1.100.102"
Aug 05, 2024, 14:40:14:490,"API120-001","AP","Client Onboarding Event","Client Onboarding Event"
Original Message:
Sent: Aug 05, 2024 09:51 AM
From: schmelzle
Subject: Lots of client roaming error events in Central
How many clients per AP? What is max clients set to in the SSID profile?
Original Message:
Sent: Aug 05, 2024 09:17 AM
From: Tue Madsen
Subject: Lots of client roaming error events in Central
Hi
Were running AOS 10.6.0.2 central managed on AP-635's with 7205 WLAN gateways for clients, and things seems to be working except for roaming which is very sluggish.
We have a TON of client roamaing error events in central like these:
- Onboarding failed for client xx:xx:xx:xx:xx:xx in Authentication/Association phase to BSSID yy:yy:yy:yy:yy:yy on channel 6 of AP hostname AP231. Reason: Pairwise master key (PMK-R0) key holder (R0KH) unreachable
- Onboarding failed for client xx:xx:xx:xx:xx:xx in Authentication/Association phase to BSSID yy:yy:yy:yy:yy:yy on channel 6 of AP hostname AP444. Reason: Invalid fast transition element (FTE)
- Onboarding failed for client xx:xx:xx:xx:xx:xx in Authentication/Association phase to BSSID yy:yy:yy:yy:yy:yy on channel 128- of AP hostname AP737. Reason: Association request rejected temporarily; try again later
- Onboarding failed for client xx:xx:xx:xx:xx:xx in Authentication/Association phase to BSSID yy:yy:yy:yy:yy:yy on channel 128- of AP hostname AP208. Reason: Invalid pairwise master key identifier (PMKID)
- Onboarding failed for client xx:xx:xx:xx:xx:xx in Deauthentication/Disassociation phase to BSSID yy:yy:yy:yy:yy:yy on channel 11 of AP hostname AP120. Reason: AP is resource constrained
We have enabled OCK and 802.11r & k on the WPA3-Enterprise CCM-128 SSID with WPA3 Transition Enabled
Is AOS10 still not mature for general production or is there some possible misconfiguration that can cause these thousands and thousands of errors a day (for about 300 clients)?