Log Identifier Severity Explanation Action
CO_CLIENT_DELETE_REASON_DOT11_INVALID_PMKID Possible defect or config error Controller could not validate PMKID provided by client. This may have different triggers Update client to latest, if issue persists, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_EXCLUDE_WRONG_PSK Possible defect or config error Client excluded due to wrong PSK password Check PSK configuration on client
CO_CLIENT_DELETE_REASON_DOT11_DENIED_RATES Possible defect or config error Client sent invalid data rates during association request Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_INVALID_IE Possible defect or config error Client sent invalid Information Element Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_GROUP_CIPHER_INVALID Possible defect or config error Client requested invalid Group cipher during association Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_UNICAST_CIPHER_INVALID Possible defect or config error Client requested invalid Unicast cipher during association Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_AKMP_INVALID Possible defect or config error Client requested invalid Authentication Key Management during association Possible client side defect or configuration. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_UNSUPPORTED_RSN_VERSION Possible defect or config error Client invalid RSN version during association Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_INVALID_RSN_IE_CAPABILITIES Possible defect or config error Client provided invalid RSN capabilities during association Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_INVALID_PMK_LEN Possible defect or config error Controller received PMK with invalid length Possible Radius server issue. Collect RA traces to confirm and check server side
CO_CLIENT_DELETE_REASON_KEY_MGMT_INVALID_FRAME Possible defect or config error Invalid EAPoL message received from client. malformed EAP frame Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_INSTALL_BIT Possible defect or config error Invalid EAPoL message received from client. Unexpected install bit Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_INSTALL_BIT Possible defect or config error Invalid EAPoL message received from client. Key Error bit set Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_ACK_BIT Possible defect or config error Invalid EAPoL message received from client. Key ACK bit set Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_INVALID_KEY Possible defect or config error Invalid EAPoL message received from client. Invalid key type Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_SECURE_BIT Possible defect or config error Invalid EAPoL message received from client. Unexpected secure bit set Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_KEY_DESC_VER Possible defect or config error Invalid EAPoL message received from client. Key version mismatch Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_KEY_MGMT_NO_MIC_BIT Possible defect or config error Invalid EAPoL message received from client. Key MIC bit was not set Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_ANCHOR_NO_MEMORY Possible defect or config error Internal error, could not allocate data structures to handle client for anchored WLAN Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_NO_DOT1X_AUTH_CONFIG Possible defect or config error Authentication configuration is missing. Applies to 802.1x or MAB Check authentication lists in WLAN and AAA config in policy profile
CO_CLIENT_DELETE_REASON_NACK_IFID_EXISTS Possible defect or config error Controller internal error while creating client interface Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_DOT11_INVALID_QOS_PARAMETER Possible defect or config error Client sent invalid TSPEC during roaming Possible client defect or invalid configuration
CO_CLIENT_DELETE_REASON_DOT11_CIPHER_SUITE_REJECTED Possible defect or config error During RSN Information element processing, the group key provided by client is invalid This is probable client side issue. Check RA traces, and contact client manufacturer
CO_CLIENT_DELETE_REASON_EXCLUDE_PSK_FAIL Possible defect or config error Radius server sent an invalid PSK attribute Check Radius server logs and configuration
CO_CLIENT_DELETE_REASON_EXCLUDE_PSK_MODE_FAIL Possible defect or config error Radius server sent an invalid PSK mode attribute Check Radius server logs and configuration
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_BSSID_MISMATCH Possible defect or config error AP deleted client, as it sent managemnt frame with wrong BSSID address This is potential defect. It may need RA traces, AP logs and OTA to isolate trigger
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_NO_MEMORY Possible defect or config error AP was not able to allocate memory to handle client in WCP component. Possible defect or capacity problem Collect AP show tech, check AP load, and possibly contact TAC for further memory analysis
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DELETE_NO_PARENT_WGB Possible defect or config error AP deleted client as it received add request marked as WGB client for non-existing WGB entry. Possible defect Collect RA traces, AP debug
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_NO_OVERLAP_LEGACY_RATES Possible defect or config error Client legacy rates requested do not match association response rate. Possible defect (client side and network as it should have rejected) Collect OTA and RA traces for client
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_MAX_VHT_STREAMS Possible defect or config error Number of VHT streams requested for client is higher than 8. Possible defect Collect OTA and RA traces, AP debugs for client
CO_CLIENT_DELETE_REASON_MN_AP_WRONG_REPLAY_COUNTER May need validation Invalid replay counter received during EAPoL negotiation. Client should recover on new attempt Possible client side issue. If issue persists, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_GROUP_KEY_UPDATE_TIMEOUT May need validation Client did not complete Broadcast key rotation. This may happen if client was sleeping or out of coverage None required, as it may happen on normal scenarios. If issue persists, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_INVALID_FTIE May need validation Failure during FT processing for client. This may have different triggers RA trace needed to isolate fault
CO_CLIENT_DELETE_REASON_AAA_SERVER_UNAVAILABLE May need validation Radius server was not reachable Check WLC and Radius server logs for possible triggers. Confirm server is reachable and up
CO_CLIENT_DELETE_REASON_RADIO_DOWN May need validation AP sent radio down event, leading to client delete There are valid reasons for this to happen, if this is frequent even, check AP logs
CO_CLIENT_DELETE_REASON_DOT11_UNSPECIFIED_FAILURE May need validation Association response creation fail, possible due to client malformed request if issue persists, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_NOOP May need validation Default code when no other reason is known, it should have been replaced with corresponding delete trigger, internal error. Client will recover after a new session Collect RA trace for the client
CO_CLIENT_DELETE_REASON_NONE May need validation Default code when no other reason is known, it should have been replaced with corresponding delete trigger, related to SISF/Guest anchor component. Client will recover after a new session Collect RA trace for the client
CO_CLIENT_DELETE_REASON_SANET May need validation Error handling the security session of the client. Triggers could be FT roam, PMK error during iPSK, client orchestration If this happens frequently, collect RA trace for further investigation
CO_CLIENT_DELETE_REASON_CONNECT_TIMEOUT May need validation Client associated to Flex AP, and did not complete onboarding process, may be triggered if client was on low RF, or did not do local authentication None required, if this happens frequently, collect RA and AP side debugs for the client
CO_CLIENT_DELETE_REASON_DPATH_FAILURE May need validation Internal error processing operation for Client in dataplane If the issue persists, collect RA traces and contact Cisco Support
CO_CLIENT_DELETE_REASON_INTER_WNCD_ROAM_FAILURE May need validation Client removed after inter-WNCD roaming Validate tag and policy configuration. If this happens frequently, collect RA trace for further investigation
CO_CLIENT_DELETE_REASON_CLIENT_BLACKLIST May need validation Default client exclusion reason, when something more precise was not found If this happens frequently, collect RA trace for further investigation
CO_CLIENT_DELETE_REASON_SERVICE_UNAVAILABLE May need validation Session was disconnected, may be triggered by radio down None required, if this happens frequently, collect RA and AP side debugs for the client
CO_CLIENT_DELETE_REASON_SAE_AUTH_FAILURE May need validation Client failed SAE authentication Check configuration and configured password
CO_CLIENT_DELETE_REASON_DOT11_FAILURE_IGNORE_REQ May need validation SAE authentication protocol error. May be triggered by client side defect, or replay attack None required, if this happens frequently, collect RA and over the air capture for the client
CO_CLIENT_DELETE_REASON_DOT11_INVALID_MDIE May need validation 802.11r(FT) client sent invalid mobility domain Possible client side defect. Collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_DOT11_AID_ALLOC_CONFLICT_REQ May need validation AP-COS in Flex mode with central association. This is not supported scenario. Not applicable to releases 17.6 and higher Change the configuration on the policy profile.
CO_CLIENT_DELETE_REASON_KEY_MGMT_MIC_VALIDATION May need validation if WLAN is PSK, possible invalid password. For 802.1x, this is client side supplicant issue For PSK, check password on WLAN and client side. For 802.1x, contact client manufacturer
CO_CLIENT_DELETE_REASON_EXCLUDE_MAC_THEFT May need validation Client was deleted due to suspected mac theft, MAC was seen on different anchor or vlan in case of wired guest Check topology, and confirm if mac movement is possible, this is spoofing, or false positive
CO_CLIENT_DELETE_REASON_EXCLUDE_IP_THEFT May need validation Client tried to reuse IP registered to another device. High probability, it is client side issue Check client side logs, and confirm DHCP server configuration. Update client
CO_CLIENT_DELETE_REASON_EXCLUDE_POLICY_BIND_FAIL May need validation This is related to iPSK scenarios: AAA override returned password is not proper length or format, PSK is not configured properly for AAA override, Check Radius server returned attributes
CO_CLIENT_DELETE_REASON_EXCLUDE_ASSOC_FAIL May need validation Client deleted during association processing, or MAB error Check radius logs for client address. if no issues found, collect RA and over the air traces
CO_CLIENT_DELETE_REASON_DB_POPULATE_FAIL May need validation Internal error, Client handling failure during guest access or anchored WLAN Collect RA traces and contact Cisco Support
CO_CLIENT_DELETE_REASON_ANCHOR_CREATE_REQ_FAIL May need validation Internal error, Client Mobility error on anchored WLAN Collect RA traces and contact Cisco Support
CO_CLIENT_DELETE_REASON_ANCHOR_INVALID_MBSSID May need validation Internal error, could not map client to WLAN/Policy profile table (MBSSID) Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_ANCHOR_THROTTLED May need validation Internal error, controller detected congestion while creating WLAN anchor request for client Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_REAUTH_FAILURE May need validation AAA reauthentication failure. This should not be applicable to wireless clients None required
CO_CLIENT_DELETE_REASON_KEY_MGMT_PTK_COMPUTATION May need validation Invalid EAPoL message received from client Possible client side defect, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_EXCLUDE_MAC_AND_IP_THEFT May need validation Traffic for client arrived at different interface from the currently associated one. Possible race condition Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_FAIL May need validation QoS policies for client could not be applied Validate QoS config at WLAN, if no problems found, collect RA traces and contact Cisco Support
CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_SEND_FAIL May need validation Internal error. Controller could not send QoS update for client to AP or mobility Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_BIND_FAIL May need validation Internal error. AP could not apply QoS update for client Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_UNBIND_FAIL May need validation Internal error. AP could not apply QoS update for client Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_EXCLUDE_VLAN_FAIL May need validation Failure to apply authorization, possible VLAN not existing Check VLAN in use, and attributes returned by Radius server if using AAA override
CO_CLIENT_DELETE_REASON_EXCLUDE_ACL_FAIL May need validation Failure to apply authorization, possible ACL not existing Check ACL in use, and attributes returned by Radius server if using AAA override
CO_CLIENT_DELETE_REASON_EXCLUDE_PUNT_ACL_FAIL May need validation Failure to apply authorization, possible URL redirect ACL not existing Check URL redirect ACL in use, and attributes returned by Radius server if using AAA override
CO_CLIENT_DELETE_REASON_EXCLUDE_ACCOUNTING_FAIL May need validation Client deleted during accounting of authorization process Check RA traces for details
CO_CLIENT_DELETE_REASON_EXCLUDE_CTS_FAIL May need validation Registration of Trustsec CTS functions for client failed Check RA traces for details
CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_NO_DEF_FAIL May need validation Client deleted as URL filter does not exist Check WLAN/Flex profile configuration
CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_POSTAUTH_MISMATCH_FAIL May need validation Post authentication filter type received for client, is invalid Check configuration in WLAN profile
CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_ZERO_GID_FAIL May need validation For 17.3/17.6 this may indicate client did ARP flood Check client for applications doing network scan, in some scenarios it may need client driver updates
CO_CLIENT_DELETE_REASON_EXCLUDE_MISC_FAIL May need validation Default reason for policy error, when no more detailed information is available Check Radius server returned attributed. Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_EXCLUDE_REAUTH_FAILURE May need validation Registration for internal reauth for client failed Check RA traces for details
CO_CLIENT_DELETE_REASON_EXCLUDE_POLICY_FAILURE May need validation Unknown failure for EPM component for client policies Check RA traces for details
CO_CLIENT_DELETE_REASON_AAA_NOT_READY May need validation AAA subsystem not ready Confirm radius server is reachable, then collect RA traces for client, and contact Cisco Support
CO_CLIENT_DELETE_REASON_ASSOC_CONNECT_TIMEOUT May need validation Controller internal error. Client association processing was not completed in time, could be load issue Collect RA traces for further analysis, include AP logs if Flexmode
CO_CLIENT_DELETE_REASON_MOBILITY_CONNECT_TIMEOUT May need validation Controller internal error. Client mobility processing was not completed in time, could be load issue Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_S_IP_ANCHOR_CONNECT_TIMEOUT May need validation Controller internal error. Client IP static check on mobility was not completed in time, could be load issue Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_SM_SESSION_CONNECT_TIMEOUT May need validation Controller internal error. Client connection data creation in DB did not complete in time Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_GUEST_LAN_INVALID_MBSSID May need validation Internal controller error. It was not possible to find valid guest LAN and policy profile for client Collect RA traces and contact Cisco support
CO_CLIENT_DELETE_REASON_GUEST_LAN_NO_MEMORY May need validation Internal error, could not allocate data structures to handle client for wired guest LAN Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_GUEST_LAN_CREATE_REQ_FAIL May need validation Internal error, could not send client creation event for wired guest LAN Collect RA traces, show tech wireless, and contact Cisco Support
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_JOIN_FAIL May need validation EoGRE Tunnel join failed Check controller and gateway configuration
CO_CLIENT_DELETE_REASON_NACK_IFID_MISMATCH May need validation Controller internal error while updating client interface Collect RA traces for further analysis
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_VLAN May need validation Invalid VLAN for EoGRE client Check configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_EMPTY_DOMAIN May need validation No domain provided for EoGRE client Check authentication logs and configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_DOMAIN May need validation Unknown domain provided for EoGRE client Check authentication logs and configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_DOMAIN_SHUT May need validation Tunnel for domain is shut down Check authentication logs and configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_GW May need validation Destination GW for EoGRE client is invalid Check configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_GW_DOWN May need validation All destination GWs for EoGRE client are down Check configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_FLEX_NO_ACTIVE_GW May need validation EoGRE Flex LS AP reported no active GW Check AP logs and profile configuration
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RULE_MATCH May need validation Controller internal error. Rule matching for EoGRE client failed Collect RA traces and check with Cisco support
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_MSPAYLOAD May need validation Controller internal error. Application of AAA attributes for EoGRE client failed Collect RA traces and check with Cisco support
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_MSPAYLOAD May need validation Controller internal error. Creation of EoGRE client failed Collect RA traces and check with Cisco support
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_HANDOFF_ERROR May need validation Controller internal error. Mobility handling of EoGRE client failed Collect RA traces and check with Cisco support
CO_CLIENT_DELETE_REASON_QOS_FAILURE May need validation QOS module operation failed for the client If the issue persists, collect RA trace for further investigation
CO_CLIENT_DELETE_REASON_DOT11_ASSOC_DENIED_UNSPEC May need validation Used when WGB tries association to webauth WLAN Correct WGB configuration
CO_CLIENT_DELETE_REASON_DOT11_CCX_INSUFFICIENT_BANDWIDTH May need validation CAC TSPEC error due to insufficient bandwidth on AP radio Check CAC configuration, and collect RA trace
CO_CLIENT_DELETE_REASON_ABORT_RECEIVED May need validation Internal controller error. Client connection abort received during state processing Collect RA traces for further investigation
CO_CLIENT_DELETE_REASON_KEY_M1_FAILURE May need validation Controller internal error. It was not possible to send EAPoL M1 to AP Collect RA traces for further investigation
CO_CLIENT_DELETE_REASON_KEY_M3_FAILURE May need validation Controller internal error. It was not possible to send EAPoL M3 to AP Collect RA traces for further investigation
CO_CLIENT_DELETE_REASON_WLAN_ID_ATTR_MISMATCH May need validation Radius server returned a WLAN ID attribute, not matching client policy Check if this is expected, and confirm Radius server configuration vs controller WLANs
CO_CLIENT_DELETE_REASON_EXCLUDE_SUPPLICANT_NAME_FAIL May need validation Policy validation error of the supplicant name
CO_CLIENT_DELETE_REASON_EXCLUDE_USER_NAME_FAIL May need validation Error handling username attribute Collect RA traces
CO_CLIENT_DELETE_REASON_EXCLUDE_SERVICE_SET_ID_FAIL May need validation Invalid SSID name received from AAA server Check Radius server configuration and collect RA traces for more info
CO_CLIENT_DELETE_REASON_EXCLUDE_ANCHOR_VLAN_ID_FAIL May need validation Error handling Anchor VLAN ID attribute Check Radius server configuration and collect RA traces for more info
CO_CLIENT_DELETE_REASON_EXCLUDE_INTERIM_INTERVAL_FAIL May need validation Internal controller error while handling Accounting Interim interval settings Collect RA traces for more info
CO_CLIENT_DELETE_REASON_EXCLUDE_LINKLOCAL_BRIDGE_VLAN_FAIL May need validation Invalid Local-link bridging VLAN assigned to client Check configuration and RA traces
CO_CLIENT_DELETE_REASON_MBSSID_DOWN May need validation Client removed due to mobility tunnel going down Check mobility peer status
CO_CLIENT_DELETE_REASON_L3AUTH_FAIL May need validation Security processing for a L3 Auth failed (Webauth/guest) Confirm username/password and if required, collect RA trace
CO_CLIENT_DELETE_REASON_CAPWAP_DOWN May need validation Client was deleted due to CAPWAP tunnel failure Confirm if there are any network connectivity issues, if none found, check AP logs for any crash
CO_CLIENT_DELETE_REASON_WGB_CLIENT_DIRECT_ASSOC May need validation Mac address was seen as wired WGB client, has now associated as wireless client This is unusual scenario. Check if this is intentional
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_CLASS3_RECV May need validation AP triggered delete, as client sent class 3 frame (data, power save, some management) from non-authenticated client, may happen occasionally on connection recovery Nothing required, unless this is happening frequently. This may need RA trace and OTA capture
CO_CLIENT_DELETE_REASON_MN_AP_AUTH_RESP_REJECT May need validation AP deleted client, as Auth request was FT or SAE, and these are not enabled in the SSID Possible client side defect, may need OTA and config to validate
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_ASSOC_RESP_WITH_FAILURE_STATUS May need validation AP rejected association request. This could be due to invalid rates, or other incorrect information element If this happens frequently, it may need AP side logs + OTA
CO_CLIENT_DELETE_REASON_MN_CLIENT_ACL_MISMATCH May need validation AP deleted client during Facebook Express wifi feature, due to missing ACL Possible configuration error. Check assigned postauth ACL
CO_CLIENT_DELETE_REASON_MN_AP_AUTH_STOP May need validation AP deleted client during association phase. This may have different triggers, from internal AP process errors, normal delete on RLANs, etc If seen frequently or observing connection problems, collect AP logs and OTA for further analysis
CO_CLIENT_DELETE_REASON_MN_4WAY_HANDSHAKE_FAILED May need validation EAPoL 4WAY exchange failed at AP side, no specific trigger Collect AP logs/client debug for further analysis
CO_CLIENT_DELETE_REASON_MN_DEL_BAD_AID May need validation Association ID assigned by controller is already in use This may need further investigation for possible defect on either controller or AP. RA traces and AP logs will be needed
CO_CLIENT_DELETE_REASON_MN_DEL_ALL_ON_SLOT May need validation AP received request to delete all clients in the interface. Could be due to config change, or recovery from radio event This could be due to config request. If none was performed, check AP logs for possible radio recovery/reset that needs to be investigated
CO_CLIENT_DELETE_REASON_MN_DEL_STOP_REASSOC May need validation AP triggered delete, may be due to AP staggered upgrade in process, or client sent more than 3 continuous requests, or during some scenarios of inter-radio roaming Some triggers are normal during operation. If this happens frequently, collect AP debug client logs
CO_CLIENT_DELETE_REASON_MN_DEL_TX_DISASSOC May need validation AP Radio driver sent a client delete, or other component sent a downstream dissasociation request This should not be seen, may need additional investigation to confirm if it is valid trigger. Collect RA + AP debugs
CO_CLIENT_DELETE_REASON_MN_AP_4WAY_HANDSHAKE_FAILED May need validation AP side report of different failure points on EAPoL 4way. May be triggered by wrong PSK, or possible defects on client or infrastructure side If using PSK, check it, otherwise, collect RA trace and AP debugs, and either EPC or OTA capture.
CO_CLIENT_DELETE_REASON_MN_AP_TUNNEL_DOWN May need validation AP reports EoGRE tunnel down This is specific to EoGRE tunnel from AP. Check network connectivity and EoGRE configuration
CO_CLIENT_DELETE_REASON_MN_AP_RLAN_CENTRAL_SWITCH May need validation Client on RLAN with Central Switching, and AP lost CAPWAP tunnel (moved to standalone) Check AP network connectivity to controller
CO_CLIENT_DELETE_REASON_MN_AP_RLAN_DP_ADD_FAIL May need validation It was not possible to add RLAN client to AP dataplane, possible defect or load related issue Get AP logs and client debugs
CO_CLIENT_DELETE_REASON_MN_AP_RLAN_MAB_FAILURE May need validation Mac address bypass failed for RLAN client. Either not authorized client, invalid config, or radius server issue Check Radius configuration, and mac address entry in server
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DELETE_NO_ACL May need validation AP deleted client, as ACL name provided, was not present in AP Check ACL configuration, collect RA traces, AP logs, AP show tech
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_KEY_PLUMB_FAIL May need validation AP radio driver could not configure client encryption keys. Possible defect Collect AP debugs for client, this may need further analysis
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_MESH_KEY_PLUMB_FAIL May need validation AP radio driver could not configure mesh AP encryption keys. Possible defect Collect AP debugs for mesh AP, this may need further analysis
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DP_ADD_FAIL May need validation AP could not add client entry to data path during association processing. Possible defect Collect AP show tech, and debug client
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_AUTH_RESP_SEND_FAIL May need validation AP could not send Auth response to client, default delete reason for auth failures. Possible defect Collect AP show tech, OTA and debug client
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_ASSOC_RESP_SEND_FAIL May need validation AP could not send Association response to client, default delete reason for association failures. Possible defect Collect AP show tech, OTA and debug client
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DEAUTH_DISASSOC_SEND_FAIL May need validation AP could not send deauth or dissasociate to client. Possible defect Collect AP show tech, OTA and debug client
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_PSP_WHEN_UNAUTH May need validation A device sent Power Saving Poll without being associated to AP. May be client side state problem If this happens frequently, collect OTA, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_IOCTL_ERROR May need validation Driver could not obtain statistics for client, leading to client delete request If this happens frequently, collect OTA, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_FLEX_FT_FAILURE May need validation FT (802.11w) roaming failed for client, with AP in Flex mode. May be client side issue If this happens frequently, collect OTA, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DRIVER_ADD_FAIL May need validation AP could not add client entry to radio driver. Possible defect Collect OTA, ap show tech, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_CLIENT_NOT_FOUND May need validation AP could not add client entry to radio driver. Possible defect Collect OTA, ap show tech, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_MGMT_PKT_ALLOC_FAIL May need validation AP radio driver could not allocate memory to handle the client add. Possible defect Collect OTA, ap show tech, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_CIPHER May need validation AP driver deleted client, as requested crypto cipher is invalid or Unknown. Possible defect Collect OTA, ap show tech, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_AID May need validation AP driver reported invalid Association ID received for client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEY May need validation AP driver reported they key type sent for client is invalid type (direction, mode, etc). Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_FW_KEY_SET_FAILED May need validation AP driver could not program the client key into radio firmware. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_HT_VHT_RATES May need validation AP Radio driver received association response add with invalid HT/VHT rates or legacy rates with invalid size Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_LEGACY_RATES May need validation AP Radio driver received association response add with invalid legacy rates, or no rates at all Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_AID_INUSE May need validation AP Radio driver reports that association ID set for Client is already in use. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_CIPHER_ATTACH_FAIL May need validation AP Radio driver reports that it was not possible to link the cipher type to the key when adding the client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ALGORITHM_MISMATCH May need validation AP Radio driver reports mismatch between multicast/unicast cipher when trying to set key for client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEYLENGTH May need validation AP Radio driver reports mismatch invalid key length while adding client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEY_INDEX May need validation AP Radio driver reports mismatch invalid key index while adding client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_STADB_INIT_FAILED May need validation AP driver creation of IO control block for client failed. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ADDING_ENTRY_FAILED May need validation AP driver reports that IO control block for client could not be found. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ADDING_ENTRY_IN_FIRMWARE_FAILED May need validation AP driver reports that radio firmware could not add client. Possible defect Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_MN_AP_REASON_AP_MAX May need validation Default driver client delete reason, if no other trigger was found Collect OTA, ap show tech, controller show tech wireless, and client debug bundle
CO_CLIENT_DELETE_REASON_KEY_XCHNG_TIMEOUT Normal, in most scenarios This can happen during normal scenarios. Client deleted due to EAPoL M1 retries. Possible client side issue, or it roamed during auth phase If issue persists, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_SESSION_TIMEOUT Normal, in most scenarios Client removed after reaching session timeout. Normal scenario None required
CO_CLIENT_DELETE_REASON_IPLEARN_CONNECT_TIMEOUT Normal, in most scenarios Controller did not learn client IP address in the allowed time Check DHCP server and client IP configuration. Validate if DHCP required is set and client is performing DHCP negotiation. If all is correct, collect RA traces and EPC
CO_CLIENT_DELETE_REASON_BSSID_DOWN Normal, in most scenarios Triggered by configuration changes, for example WLAN or Policy profile modifications None required
CO_CLIENT_DELETE_REASON_MAX_SAQUERIES Normal, in most scenarios For PMF clients, triggered when client did not reply to SA queries and reached max retries. Could be triggered on failed roams, or client spoofing attacks None required, as it may happen on normal scenarios. If issue persists, collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_RESTART_PURGE Normal, in most scenarios Client was roaming during HA failure, or Association ID conflict was detected after failover None required
CO_CLIENT_DELETE_REASON_INTER_WNCD_ROAM_SUCCESS Normal, in most scenarios Client roamed across WNCD instances. This is normal scenario for default tag, or roaming across tags None required
CO_CLIENT_DELETE_REASON_INTER_CTRL_ROAM_SUCCESS Normal, in most scenarios Successful inter controller client roam None required
CO_CLIENT_DELETE_REASON_MOBILITY_FAILURE Normal, in most scenarios Client delete, either due to roaming while on IP learning state, or due to policy configuration mismatch Check logging details for client. In case of mismatch, correct configuration. Delete by IP learning will happen on normal scenarios
CO_CLIENT_DELETE_REASON_NAS_ERROR Normal, in most scenarios Default AAA disconnect reason None required
CO_CLIENT_DELETE_REASON_80211V_SMART_ROAM_FAILED Normal, in most scenarios Failure while sending 802.11v Transition request frame. Causes could be 11v not supported by client, or BSS transition is not enabled on the radio Check configuration. If this happens frequently, collect RA trace
CO_CLIENT_DELETE_REASON_DOT11V_ASSOC_FAILED Normal, in most scenarios Not in use None, this should not be triggered
CO_CLIENT_DELETE_REASON_FT_AUTH_RESPONSE Normal, in most scenarios Client failed pre-authentication during FT roaming None required, if this happens frequently, collect RA and AP side debugs for the client
CO_CLIENT_DELETE_REASON_AVC_REANCHORING Normal, in most scenarios WLAN Reanchor feature is enabled, and client was not using voice/video None required
CO_CLIENT_DELETE_REASON_CLIENT_EAP_ID_TIMEOUT Normal, in most scenarios Client did not reply to EAP requests in the specified retries/time Check client supplicant/user configuration. If persistent, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_CLIENT_DOT1X_TIMEOUT Normal, in most scenarios Client did not reply to 802.1x requests in the specified retries/time Check client supplicant/user configuration and AAA server logs. If persistent, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_EXCLUDE_WEB_AUTH_FAIL Normal, in most scenarios Client failed webauth, most probably wrong username or password Check client credentials
CO_CLIENT_DELETE_REASON_EXCLUDE_DOT1X_AUTH_FAIL Normal, in most scenarios Client provided wrong username or password during 802.1x authentication Check client credentials and supplicant configuration
CO_CLIENT_DELETE_REASON_EXCLUDE_DOT1X_TIMEOUT Normal, in most scenarios Client did not reply to 802.1x request. Not currently used Check client supplicant configuration
CO_CLIENT_DELETE_REASON_EXCLUDE_DOT11_AUTH_FAIL Normal, in most scenarios Failure during 802.11 auth request. Not currently used None required.
CO_CLIENT_DELETE_REASON_EXCLUDE_CONFIG Normal, in most scenarios Client was manually excluded by administrator Check controller configuration, if this was not intentional
CO_CLIENT_DELETE_REASON_SUPPLICANT_RESTART Normal, in most scenarios Not in use None required
CO_CLIENT_DELETE_REASON_PORT_ADMIN_DISABLED Normal, in most scenarios 802.1x or MAB has been disabled on the client interface. This should not be applicable to wireless clients None required
CO_CLIENT_DELETE_REASON_LOST_CARRIER Normal, in most scenarios AAA lost carrier failure. This should not be applicable to wireless clients None required
CO_CLIENT_DELETE_REASON_EXCLUDE_STATIC_IP_ANCHOR_FAIL Normal, in most scenarios Policy profile has static IP mobility enabled, and controller could not find valid anchor for client IP Check controllers configuration and IP address used by client. Could be client was using IP not valid in any controller in mobility group
CO_CLIENT_DELETE_REASON_MACAUTH_CONNECT_TIMEOUT Normal, in most scenarios Controller internal error. Client mac authentication was not completed in time, could be load issue or radius server Check radius server, then collect RA traces for further analysis, include AP logs if Flexmode
CO_CLIENT_DELETE_REASON_L2AUTH_CONNECT_TIMEOUT Normal, in most scenarios Client did not complete L2 auth like PSK or 802.1x, in time. Could be normal if client roamed or went out of coverage If it is not expected, collect RA traces for further analysis, include AP logs if Flexmode
CO_CLIENT_DELETE_REASON_L3AUTH_CONNECT_TIMEOUT Normal, in most scenarios Client did not complete webauth in time. Could be normal if client roamed or went out of coverage If it is not expected, collect RA traces for further analysis, include AP logs if Flexmode
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RESET Normal, in most scenarios EoGRE tunnel was reset Check network status
CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RECONCILIATION Normal, in most scenarios Unknown client deleted after HA failover None Required
CO_CLIENT_DELETE_REASON_WIRED_IDLE_TIMEOUT Normal, in most scenarios Wired client was deleted on idle timeout, normal scenario None required
CO_CLIENT_DELETE_REASON_IP_UPDATE_TIMEOUT Normal, in most scenarios Anchor informed of client IP timeout Anchored client did not complete IP negotiation in time. Check client config, DHCP server
CO_CLIENT_DELETE_REASON_AP_DELETE_MN Normal, in most scenarios AP-side triggered client delete, may be normal during operation None required. If this happens frequently collect RA trace and AP side debugs
CO_CLIENT_DELETE_REASON_DOT11_CAPS_UNSUPPORTED Normal, in most scenarios Invalid client capabilities during 802.11 frame parsing. Should not be seen None required
CO_CLIENT_DELETE_REASON_DOT11_CCX_INVALID_QOS_PARAMETER Normal, in most scenarios CCX QoS error, not in use None required
CO_CLIENT_DELETE_REASON_DOT11_CCX_NON_OPTIMAL_ASSOCIATION_CHOICE Normal, in most scenarios Client is trying to join to an non-optimal Access point when assisted roaming is enabled This can be intentional, depending on your configuration
CO_CLIENT_DELETE_REASON_WIRED_WGB_DELETE Normal, in most scenarios WGB removal triggered delete of its child clients None required
CO_CLIENT_DELETE_REASON_REMOTE_MOBILITY_DELETE Normal, in most scenarios Mobility requested client to be deleted, could have different triggers, like tunnel down Check RA traces
CO_CLIENT_DELETE_REASON_IP_DOWN_NO_IP Normal, in most scenarios Client sent a DHCP release IP address This can be normal scenario depending on client behavior
CO_CLIENT_DELETE_REASON_DOT11_CCX_QOS_POLICY Normal, in most scenarios CCX QoS policy error. Not in use None required
CO_CLIENT_DELETE_REASON_ROAM_ACROSS_POLICY_PROFILE_DENY Normal, in most scenarios Client roamed across policy profiles Check configuration. This can be intentional on some scenarios, but policy usage should be optimised for best roaming experience
CO_CLIENT_DELETE_REASON_EXCLUSION_POLICY_TEMPLATE_FAIL Normal, in most scenarios Error applying service template provided by AAA server Collect RA traces and Radius logs for further investigation
CO_CLIENT_DELETE_REASON_AP_UPGRADE Normal, in most scenarios Client deleted as AP is performing an upgrade None required
CO_CLIENT_DELETE_REASON_MAB_FAILED Normal, in most scenarios Client failed Mac Authentication Bypass Check if MAB configuration is correct
CO_CLIENT_DELETE_REASON_WLAN_CHANGE Normal, in most scenarios Client changed WLANs/SSID None required
CO_CLIENT_DELETE_REASON_VLAN_CHANGE Normal, in most scenarios On client reassociation or roaming, a new VLAN was assigned. This would be caused by AAA override, different policy profiles, etc None required
CO_CLIENT_DELETE_REASON_ADMIN_RESET Normal, in most scenarios Administrator removed the client, or in some scenarios, AAA server requested client delete None required
CO_CLIENT_DELETE_REASON_IDLE_TIMEOUT Normal, in most scenarios Client deleted due to inactivity. Normal scenario None required
CO_CLIENT_DELETE_REASON_MN_IDLE_TIMEOUT Normal, in most scenarios Client deleted by AP, due to inactivity. Normal scenario None required
CO_CLIENT_DELETE_REASON_USER_REQUEST Normal, in most scenarios Client deleted due to supplicant sending EAP Logoff. This may happen during machine authentication None required. If this is not intentional, do RA trace and check on client side logs
CO_CLIENT_DELETE_REASON_MM_TUNNEL_DOWN Normal, in most scenarios Client was deleted as Mobility tunnel to peer went down Check network connectivity, and remote mobility peer status
CO_CLIENT_DELETE_REASON_DOT11V_TIMER_TIMEOUT Normal, in most scenarios Client did not perform roaming on 802.11v transition request and timer expired None required. If impacting client stability, check configuration
CO_CLIENT_DELETE_REASON_DOT11_MAX_STA Normal, in most scenarios AP Radio has reached maximum capacity Check if non-default max client setting per radio has been set, or RF design if additional capacity is needed
CO_CLIENT_DELETE_REASON_WIRED_IAPP_DISASSOC Normal, in most scenarios WGB wired client deleted. This may be triggered by WGB client removed due to inactivity None required
CO_CLIENT_DELETE_REASON_WIRED_WGB_CHANGE Normal, in most scenarios Client mac address was reported by another WGB, so deleting previous entry Mac address seen by another WGB. Check if this is intentional
CO_CLIENT_DELETE_REASON_WIRED_VLAN_CHANGE Normal, in most scenarios WGB moved client to a different VLAN This is for WGB VLAN feature. Check if this is intentional
CO_CLIENT_DELETE_REASON_CLIENT_CREDENTIAL_FAILURE Normal, in most scenarios Wrong username or password Check client side user configuration
CO_CLIENT_DELETE_REASON_DANGLING_CLEANUP_TIMER Normal, in most scenarios Wired Client was deleted after WGB cleanup event Check why WGB was deleted
CO_CLIENT_DELETE_REASON_DEAUTH_OR_DISASSOC_REQ Normal, in most scenarios Client initiated a deauthentication or deauthentication None required in most scenarios. This is normal activity
CO_CLIENT_DELETE_REASON_CLIENT_DHCP_FAILURE Normal, in most scenarios Client reported DHCP error on deauth frame Check DHCP server, and collect RA trace
CO_CLIENT_DELETE_REASON_CLIENT_EAP_TIMEOUT_FAILURE Normal, in most scenarios Client reported EAP error on deauth frame Check AAA server, and collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_CLIENT_8021X_FAILURE Normal, in most scenarios Client reported authentication error on deauth frame Check AAA server, and collect RA trace and over the air capture
CO_CLIENT_DELETE_REASON_CLIENT_DEVICE_IDLE Normal, in most scenarios Client reported idle timeout on deauth frame None required
CO_CLIENT_DELETE_REASON_CLIENT_CAPTIVE_PORTAL_SECURITY_FAILURE Normal, in most scenarios Client reported webauth error on deauth frame Check webauth configuration and certificates
CO_CLIENT_DELETE_REASON_CLIENT_DECRYPTION_FAILURE Normal, in most scenarios Client reported decryption errors on deauth frame Get RA trace and over the air captures
CO_CLIENT_DELETE_REASON_CLIENT_INTERFACE_DISABLED Normal, in most scenarios Client informed it is going in deep sleep on deauth frame None required
CO_CLIENT_DELETE_REASON_CLIENT_USER_TRIGGERED_DISASSOC Normal, in most scenarios Client informed user requested disconnection None required
CO_CLIENT_DELETE_REASON_CLIENT_MISC_REASON Normal, in most scenarios Client reported generic reason in deauth frame None required
CO_CLIENT_DELETE_REASON_CLIENT_UNKNOWN_REASON Normal, in most scenarios Client reported generic reason in deauth frame None required
CO_CLIENT_DELETE_REASON_CLIENT_PEER_TRIGGERED Normal, in most scenarios Client reported AP sent disconnection in deauth frame None required
CO_CLIENT_DELETE_REASON_CLIENT_BEACON_LOSS Normal, in most scenarios Client reported disconnection due to AP beacon loss. This may be triggered by low RRSI/coverage, or AP radio resets Check AP logs for radio reset, and confirm client was not on low coverage scenario
CO_CLIENT_DELETE_REASON_DOT11_POOR_CHANNEL_CONDITIONS Normal, in most scenarios Client RSSI is lower than the configured RSSI threshold None required, as this may be intentional. Otherwise, check 802.11v and Low RSSI threshold settings.
CO_CLIENT_DELETE_REASON_MN_CHANNEL_SWITCH_AT_AP Normal, in most scenarios AP deleted client, triggered by a channel change request Normally, none needed, unless this is happening too frequently, more than 4 times a day per radio
CO_CLIENT_DELETE_REASON_MN_AP_IPLEARN_TIMEOUT Normal, in most scenarios AP reported that client did not complete adress learning process (static or DHCP) This may happen occasionally during normal scenarios if client roamed away or was out of coverage. If this is happening frequently or not expected, get RA + AP logs
CO_CLIENT_DELETE_REASON_MN_REASSOC_TIMEOUT Normal, in most scenarios AP deleted client as it did not complete onboarding after requesting a roaming (reasociation) This may happen occasionally during normal scenarios if client roamed away or was out of coverage. If this is happening frequently or not expected, get RA + AP logs
CO_CLIENT_DELETE_REASON_MN_DEL_DISASSOC Normal, in most scenarios AP deleted client due to dissaociation frame. Normally this only is applied for PMF(11w) enabled devices Non required, this happens during normal operation. If a large number of events are detected, get OTA to confirm source
CO_CLIENT_DELETE_REASON_MN_ASSOC_EXPIRED_AT_AP Normal, in most scenarios Client associated to stale SSID on AP, deleted during clean up process None required
CO_CLIENT_DELETE_REASON_MN_DHCP_TIMEOUT Normal, in most scenarios DHCP required is enabled, and client never completed DHCP negotiation May happen during normal scenarios, if client roams out of coverage during onboarding, or goes to sleep or is turned off, during onboarding. If seen on large counts per VLAN, do client debugging and check DHCP Server pool and status
CO_CLIENT_DELETE_REASON_MN_SA_QUERY_TIMEOUT Normal, in most scenarios AP deleted client as it did not reply SA query during PMF roaming (802.11w) May happen during normal scenarios. If frequently seen for specific client, it may be needed to do OTA, RA and AP client debug
CO_CLIENT_DELETE_REASON_MN_INTRA_AP_ROAM Normal, in most scenarios AP deleted client as it roamed across SSID in the same AP None required
CO_CLIENT_DELETE_REASON_MN_CHANNEL_SWITCH_AT_AP Normal, in most scenarios AP had a channel change, that triggered client deletion This may happen during normal scenarios. if this is seen very frequently on same AP, it may need RF analisys or RRM tunning
CO_CLIENT_DELETE_REASON_MN_DEL_REQUEST Normal, in most scenarios AP driver received a delete request for the client PENDING
CO_CLIENT_DELETE_REASON_MN_DEL_INTF_RESET Normal, in most scenarios AP radio interface has been shutdown This may happen by admin request
CO_CLIENT_DELETE_REASON_MN_DEL_REAPER_RADIO Normal, in most scenarios The radio role has changed, and can be uplink/repeater None needed
CO_CLIENT_DELETE_REASON_MN_DEL_SLOT_DISABLE Normal, in most scenarios Slow was disabled for MFP wlan None needed
CO_CLIENT_DELETE_REASON_MN_DEL_MIC_FAIL Normal, in most scenarios MIC (for TKIP) counter protection triggered, so AP deleted all clients None needed, if this happens frequently, check for possible client side issues
CO_CLIENT_DELETE_REASON_MN_DEL_VLAN_DEL Normal, in most scenarios VLAN/ACL mapping deleted, config change None required
CO_CLIENT_DELETE_REASON_MN_DEL_PAK_MAX_RETRY Normal, in most scenarios Client deleted by maximum frame retransmissions reached. This reason should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_TX_DEAUTH Normal, in most scenarios AP triggered a deauth during webauth/dot1x/run states, this may have been requested by controller May happen during normal scenario (for example timeout), if this is frequent or not-expected, collect RA traces for client
CO_CLIENT_DELETE_REASON_MN_DEL_SENSOR_STA_TIMEOUT Normal, in most scenarios Sensor station timeout. This reason should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_AGE_TIMEOUT Normal, in most scenarios AP triggered client delete, by session timeout None required, this is normal for local auth/standalone flex scenarios
CO_CLIENT_DELETE_REASON_MN_DEL_TX_FAIL_THOLD Normal, in most scenarios Bad Client, this reason code should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_UPLINK_RCV_TIMEOUT Normal, in most scenarios Uplink timeout, this reason code should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_SNSR_SCAN_NXT_RADIO Normal, in most scenarios Sensor AP in operation, this reason code should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_SNSR_SCAN_OTHER_BSSID Normal, in most scenarios Sensor AP in operation, this reason code should not be active None required
CO_CLIENT_DELETE_REASON_MN_DEL_AUTH_EXPIRED Normal, in most scenarios AP triggered a client delete, as client did auth phase, but never completed association May happen during normal scenario (for example timeout), if this is frequent or not-expected, collect RA traces for client
CO_CLIENT_DELETE_REASON_MN_AP_BY_FLEXGROUP_CHANGE Normal, in most scenarios AP Flexgroup name was changed by administrator, leading to client delete request None required, configuration change
CO_CLIENT_DELETE_REASON_MN_AP_EAPOL_LOGOFF Normal, in most scenarios Client sent EAP-Logoff. This may be due to normal operation (p.e. client user changed) or it may be client supplicant error, restarting auth This is normally expected, if happening frequently or leading to problems, this may need RA trace
CO_CLIENT_DELETE_REASON_MN_AP_EAP_REQ_TIMEOUT Normal, in most scenarios Client did not reply to EAP requests in the specified retries/time Check client supplicant/user configuration and AP state. If persistent, collect RA traces and over the air capture
CO_CLIENT_DELETE_REASON_MN_AP_MIC_VALIDATION Normal, in most scenarios MIC (for TKIP) counter protection triggered, so AP deleted all clients None needed, if this happens frequently, check for possible client side issues
CO_CLIENT_DELETE_REASON_MN_AP_INTER_AP_ROAM Normal, in most scenarios WLC requested to AP to delete client due to roaming event None needed
CO_CLIENT_DELETE_REASON_MN_AP_UNKNOWN_CLIENT Normal, in most scenarios Client Unknown, this should not be seen/not in use Collect RA traces for initial analysis
CO_CLIENT_DELETE_REASON_MN_AP_REAUTH_TIMEOUT Normal, in most scenarios Client did not complete reauthentication in the specified timer. This may happen on normal scenarios, if client is sleeping or out of coverage No action needed
CO_CLIENT_DELETE_REASON_MN_AP_CONT_IDLE_TIMEOUT Normal, in most scenarios Continuous idle timeout, this should not be seen/not in use None required
CO_CLIENT_DELETE_REASON_MN_AP_RLDP_CLEANUP Normal, in most scenarios Client deleted during RLDP (Rogue Link Detection Protocol) execution Expected action, depending on configuration. RLDP can be disabled, if not required by security policies
CO_CLIENT_DELETE_REASON_MN_AP_PEM_CLEANUP Normal, in most scenarios Client deleted by Policy Enforcement Module request. This should not be see/not in use None required
CO_CLIENT_DELETE_REASON_MN_AP_RLAN_DELETE Normal, in most scenarios All Clients on RLAN port have been deleted, this could be due to port going down, or port getting admin disabled. This could happen on normal scenarios, for example, turning off a RLAN connected device or due to admin port disable configuration. Check port config, cable, and connected device state
CO_CLIENT_DELETE_REASON_MN_AP_RLAN_INACTIVE_TIMEOUT Normal, in most scenarios RLAN client deleted due to inactivity timeout. This can happen on normal scenarios None needed
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_WEBAUTH_TIMER_EXPIRED Normal, in most scenarios AP deleted client, as it did not complete webauth authentication in time. This may happen on normal scenarios if this happens for clients actively trying to login, collect RA traces, and OTA
CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DOT1X_TIMER_EXPIRED Normal, in most scenarios AP deleted client, as it did not complete 802.1x authentication in time. if this happens for clients actively trying to authenticate, collect RA traces, AP debugs, and OTA
CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ASSOC_SCB_NOT_AUTHENTICATED Normal, in most scenarios AP is rejecting client association, as it did not do 802.11 authentication, possible client defect None required, or OTA is seen frequently
CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_AP Normal, in most scenarios AP deleted client, as max client setting per AP is configured None required, or check config in WLAN profile
CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_BSSID Normal, in most scenarios AP deleted client, as max client setting per WLAN is configured None required, or check config in WLAN profile
CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_RADIO Normal, in most scenarios AP deleted client, as max client setting per radio is configured None required, or check config in WLAN profile