| CO_CLIENT_DELETE_REASON_DOT11_INVALID_PMKID |
Possible defect or config error |
Controller could not validate PMKID provided by client. This may have different triggers |
Update client to latest, if issue persists, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_EXCLUDE_WRONG_PSK |
Possible defect or config error |
Client excluded due to wrong PSK password |
Check PSK configuration on client |
| CO_CLIENT_DELETE_REASON_DOT11_DENIED_RATES |
Possible defect or config error |
Client sent invalid data rates during association request |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_INVALID_IE |
Possible defect or config error |
Client sent invalid Information Element |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_GROUP_CIPHER_INVALID |
Possible defect or config error |
Client requested invalid Group cipher during association |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_UNICAST_CIPHER_INVALID |
Possible defect or config error |
Client requested invalid Unicast cipher during association |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_AKMP_INVALID |
Possible defect or config error |
Client requested invalid Authentication Key Management during association |
Possible client side defect or configuration. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_UNSUPPORTED_RSN_VERSION |
Possible defect or config error |
Client invalid RSN version during association |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_INVALID_RSN_IE_CAPABILITIES |
Possible defect or config error |
Client provided invalid RSN capabilities during association |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_INVALID_PMK_LEN |
Possible defect or config error |
Controller received PMK with invalid length |
Possible Radius server issue. Collect RA traces to confirm and check server side |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_INVALID_FRAME |
Possible defect or config error |
Invalid EAPoL message received from client. malformed EAP frame |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_INSTALL_BIT |
Possible defect or config error |
Invalid EAPoL message received from client. Unexpected install bit |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_INSTALL_BIT |
Possible defect or config error |
Invalid EAPoL message received from client. Key Error bit set |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_ACK_BIT |
Possible defect or config error |
Invalid EAPoL message received from client. Key ACK bit set |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_INVALID_KEY |
Possible defect or config error |
Invalid EAPoL message received from client. Invalid key type |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_SECURE_BIT |
Possible defect or config error |
Invalid EAPoL message received from client. Unexpected secure bit set |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_KEY_DESC_VER |
Possible defect or config error |
Invalid EAPoL message received from client. Key version mismatch |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_NO_MIC_BIT |
Possible defect or config error |
Invalid EAPoL message received from client. Key MIC bit was not set |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_ANCHOR_NO_MEMORY |
Possible defect or config error |
Internal error, could not allocate data structures to handle client for anchored WLAN |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_NO_DOT1X_AUTH_CONFIG |
Possible defect or config error |
Authentication configuration is missing. Applies to 802.1x or MAB |
Check authentication lists in WLAN and AAA config in policy profile |
| CO_CLIENT_DELETE_REASON_NACK_IFID_EXISTS |
Possible defect or config error |
Controller internal error while creating client interface |
Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_DOT11_INVALID_QOS_PARAMETER |
Possible defect or config error |
Client sent invalid TSPEC during roaming |
Possible client defect or invalid configuration |
| CO_CLIENT_DELETE_REASON_DOT11_CIPHER_SUITE_REJECTED |
Possible defect or config error |
During RSN Information element processing, the group key provided by client is invalid |
This is probable client side issue. Check RA traces, and contact client manufacturer |
| CO_CLIENT_DELETE_REASON_EXCLUDE_PSK_FAIL |
Possible defect or config error |
Radius server sent an invalid PSK attribute |
Check Radius server logs and configuration |
| CO_CLIENT_DELETE_REASON_EXCLUDE_PSK_MODE_FAIL |
Possible defect or config error |
Radius server sent an invalid PSK mode attribute |
Check Radius server logs and configuration |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_BSSID_MISMATCH |
Possible defect or config error |
AP deleted client, as it sent managemnt frame with wrong BSSID address |
This is potential defect. It may need RA traces, AP logs and OTA to isolate trigger |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_NO_MEMORY |
Possible defect or config error |
AP was not able to allocate memory to handle client in WCP component. Possible defect or capacity problem |
Collect AP show tech, check AP load, and possibly contact TAC for further memory analysis |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DELETE_NO_PARENT_WGB |
Possible defect or config error |
AP deleted client as it received add request marked as WGB client for non-existing WGB entry. Possible defect |
Collect RA traces, AP debug |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_NO_OVERLAP_LEGACY_RATES |
Possible defect or config error |
Client legacy rates requested do not match association response rate. Possible defect (client side and network as it should have rejected) |
Collect OTA and RA traces for client |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_MAX_VHT_STREAMS |
Possible defect or config error |
Number of VHT streams requested for client is higher than 8. Possible defect |
Collect OTA and RA traces, AP debugs for client |
| CO_CLIENT_DELETE_REASON_MN_AP_WRONG_REPLAY_COUNTER |
May need validation |
Invalid replay counter received during EAPoL negotiation. Client should recover on new attempt |
Possible client side issue. If issue persists, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_GROUP_KEY_UPDATE_TIMEOUT |
May need validation |
Client did not complete Broadcast key rotation. This may happen if client was sleeping or out of coverage |
None required, as it may happen on normal scenarios. If issue persists, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_INVALID_FTIE |
May need validation |
Failure during FT processing for client. This may have different triggers |
RA trace needed to isolate fault |
| CO_CLIENT_DELETE_REASON_AAA_SERVER_UNAVAILABLE |
May need validation |
Radius server was not reachable |
Check WLC and Radius server logs for possible triggers. Confirm server is reachable and up |
| CO_CLIENT_DELETE_REASON_RADIO_DOWN |
May need validation |
AP sent radio down event, leading to client delete |
There are valid reasons for this to happen, if this is frequent even, check AP logs |
| CO_CLIENT_DELETE_REASON_DOT11_UNSPECIFIED_FAILURE |
May need validation |
Association response creation fail, possible due to client malformed request |
if issue persists, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_NOOP |
May need validation |
Default code when no other reason is known, it should have been replaced with corresponding delete trigger, internal error. Client will recover after a new session |
Collect RA trace for the client |
| CO_CLIENT_DELETE_REASON_NONE |
May need validation |
Default code when no other reason is known, it should have been replaced with corresponding delete trigger, related to SISF/Guest anchor component. Client will recover after a new session |
Collect RA trace for the client |
| CO_CLIENT_DELETE_REASON_SANET |
May need validation |
Error handling the security session of the client. Triggers could be FT roam, PMK error during iPSK, client orchestration |
If this happens frequently, collect RA trace for further investigation |
| CO_CLIENT_DELETE_REASON_CONNECT_TIMEOUT |
May need validation |
Client associated to Flex AP, and did not complete onboarding process, may be triggered if client was on low RF, or did not do local authentication |
None required, if this happens frequently, collect RA and AP side debugs for the client |
| CO_CLIENT_DELETE_REASON_DPATH_FAILURE |
May need validation |
Internal error processing operation for Client in dataplane |
If the issue persists, collect RA traces and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_INTER_WNCD_ROAM_FAILURE |
May need validation |
Client removed after inter-WNCD roaming |
Validate tag and policy configuration. If this happens frequently, collect RA trace for further investigation |
| CO_CLIENT_DELETE_REASON_CLIENT_BLACKLIST |
May need validation |
Default client exclusion reason, when something more precise was not found |
If this happens frequently, collect RA trace for further investigation |
| CO_CLIENT_DELETE_REASON_SERVICE_UNAVAILABLE |
May need validation |
Session was disconnected, may be triggered by radio down |
None required, if this happens frequently, collect RA and AP side debugs for the client |
| CO_CLIENT_DELETE_REASON_SAE_AUTH_FAILURE |
May need validation |
Client failed SAE authentication |
Check configuration and configured password |
| CO_CLIENT_DELETE_REASON_DOT11_FAILURE_IGNORE_REQ |
May need validation |
SAE authentication protocol error. May be triggered by client side defect, or replay attack |
None required, if this happens frequently, collect RA and over the air capture for the client |
| CO_CLIENT_DELETE_REASON_DOT11_INVALID_MDIE |
May need validation |
802.11r(FT) client sent invalid mobility domain |
Possible client side defect. Collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_DOT11_AID_ALLOC_CONFLICT_REQ |
May need validation |
AP-COS in Flex mode with central association. This is not supported scenario. Not applicable to releases 17.6 and higher |
Change the configuration on the policy profile. |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_MIC_VALIDATION |
May need validation |
if WLAN is PSK, possible invalid password. For 802.1x, this is client side supplicant issue |
For PSK, check password on WLAN and client side. For 802.1x, contact client manufacturer |
| CO_CLIENT_DELETE_REASON_EXCLUDE_MAC_THEFT |
May need validation |
Client was deleted due to suspected mac theft, MAC was seen on different anchor or vlan in case of wired guest |
Check topology, and confirm if mac movement is possible, this is spoofing, or false positive |
| CO_CLIENT_DELETE_REASON_EXCLUDE_IP_THEFT |
May need validation |
Client tried to reuse IP registered to another device. High probability, it is client side issue |
Check client side logs, and confirm DHCP server configuration. Update client |
| CO_CLIENT_DELETE_REASON_EXCLUDE_POLICY_BIND_FAIL |
May need validation |
This is related to iPSK scenarios: AAA override returned password is not proper length or format, PSK is not configured properly for AAA override, |
Check Radius server returned attributes |
| CO_CLIENT_DELETE_REASON_EXCLUDE_ASSOC_FAIL |
May need validation |
Client deleted during association processing, or MAB error |
Check radius logs for client address. if no issues found, collect RA and over the air traces |
| CO_CLIENT_DELETE_REASON_DB_POPULATE_FAIL |
May need validation |
Internal error, Client handling failure during guest access or anchored WLAN |
Collect RA traces and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_ANCHOR_CREATE_REQ_FAIL |
May need validation |
Internal error, Client Mobility error on anchored WLAN |
Collect RA traces and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_ANCHOR_INVALID_MBSSID |
May need validation |
Internal error, could not map client to WLAN/Policy profile table (MBSSID) |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_ANCHOR_THROTTLED |
May need validation |
Internal error, controller detected congestion while creating WLAN anchor request for client |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_REAUTH_FAILURE |
May need validation |
AAA reauthentication failure. This should not be applicable to wireless clients |
None required |
| CO_CLIENT_DELETE_REASON_KEY_MGMT_PTK_COMPUTATION |
May need validation |
Invalid EAPoL message received from client |
Possible client side defect, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_EXCLUDE_MAC_AND_IP_THEFT |
May need validation |
Traffic for client arrived at different interface from the currently associated one. Possible race condition |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_FAIL |
May need validation |
QoS policies for client could not be applied |
Validate QoS config at WLAN, if no problems found, collect RA traces and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_SEND_FAIL |
May need validation |
Internal error. Controller could not send QoS update for client to AP or mobility |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_BIND_FAIL |
May need validation |
Internal error. AP could not apply QoS update for client |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_EXCLUDE_QOS_POLICY_AP_UNBIND_FAIL |
May need validation |
Internal error. AP could not apply QoS update for client |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_EXCLUDE_VLAN_FAIL |
May need validation |
Failure to apply authorization, possible VLAN not existing |
Check VLAN in use, and attributes returned by Radius server if using AAA override |
| CO_CLIENT_DELETE_REASON_EXCLUDE_ACL_FAIL |
May need validation |
Failure to apply authorization, possible ACL not existing |
Check ACL in use, and attributes returned by Radius server if using AAA override |
| CO_CLIENT_DELETE_REASON_EXCLUDE_PUNT_ACL_FAIL |
May need validation |
Failure to apply authorization, possible URL redirect ACL not existing |
Check URL redirect ACL in use, and attributes returned by Radius server if using AAA override |
| CO_CLIENT_DELETE_REASON_EXCLUDE_ACCOUNTING_FAIL |
May need validation |
Client deleted during accounting of authorization process |
Check RA traces for details |
| CO_CLIENT_DELETE_REASON_EXCLUDE_CTS_FAIL |
May need validation |
Registration of Trustsec CTS functions for client failed |
Check RA traces for details |
| CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_NO_DEF_FAIL |
May need validation |
Client deleted as URL filter does not exist |
Check WLAN/Flex profile configuration |
| CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_POSTAUTH_MISMATCH_FAIL |
May need validation |
Post authentication filter type received for client, is invalid |
Check configuration in WLAN profile |
| CO_CLIENT_DELETE_REASON_EXCLUDE_FQDN_ZERO_GID_FAIL |
May need validation |
For 17.3/17.6 this may indicate client did ARP flood |
Check client for applications doing network scan, in some scenarios it may need client driver updates |
| CO_CLIENT_DELETE_REASON_EXCLUDE_MISC_FAIL |
May need validation |
Default reason for policy error, when no more detailed information is available |
Check Radius server returned attributed. Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_EXCLUDE_REAUTH_FAILURE |
May need validation |
Registration for internal reauth for client failed |
Check RA traces for details |
| CO_CLIENT_DELETE_REASON_EXCLUDE_POLICY_FAILURE |
May need validation |
Unknown failure for EPM component for client policies |
Check RA traces for details |
| CO_CLIENT_DELETE_REASON_AAA_NOT_READY |
May need validation |
AAA subsystem not ready |
Confirm radius server is reachable, then collect RA traces for client, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_ASSOC_CONNECT_TIMEOUT |
May need validation |
Controller internal error. Client association processing was not completed in time, could be load issue |
Collect RA traces for further analysis, include AP logs if Flexmode |
| CO_CLIENT_DELETE_REASON_MOBILITY_CONNECT_TIMEOUT |
May need validation |
Controller internal error. Client mobility processing was not completed in time, could be load issue |
Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_S_IP_ANCHOR_CONNECT_TIMEOUT |
May need validation |
Controller internal error. Client IP static check on mobility was not completed in time, could be load issue |
Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_SM_SESSION_CONNECT_TIMEOUT |
May need validation |
Controller internal error. Client connection data creation in DB did not complete in time |
Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_GUEST_LAN_INVALID_MBSSID |
May need validation |
Internal controller error. It was not possible to find valid guest LAN and policy profile for client |
Collect RA traces and contact Cisco support |
| CO_CLIENT_DELETE_REASON_GUEST_LAN_NO_MEMORY |
May need validation |
Internal error, could not allocate data structures to handle client for wired guest LAN |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_GUEST_LAN_CREATE_REQ_FAIL |
May need validation |
Internal error, could not send client creation event for wired guest LAN |
Collect RA traces, show tech wireless, and contact Cisco Support |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_JOIN_FAIL |
May need validation |
EoGRE Tunnel join failed |
Check controller and gateway configuration |
| CO_CLIENT_DELETE_REASON_NACK_IFID_MISMATCH |
May need validation |
Controller internal error while updating client interface |
Collect RA traces for further analysis |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_VLAN |
May need validation |
Invalid VLAN for EoGRE client |
Check configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_EMPTY_DOMAIN |
May need validation |
No domain provided for EoGRE client |
Check authentication logs and configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_DOMAIN |
May need validation |
Unknown domain provided for EoGRE client |
Check authentication logs and configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_DOMAIN_SHUT |
May need validation |
Tunnel for domain is shut down |
Check authentication logs and configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_INVALID_GW |
May need validation |
Destination GW for EoGRE client is invalid |
Check configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_GW_DOWN |
May need validation |
All destination GWs for EoGRE client are down |
Check configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_FLEX_NO_ACTIVE_GW |
May need validation |
EoGRE Flex LS AP reported no active GW |
Check AP logs and profile configuration |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RULE_MATCH |
May need validation |
Controller internal error. Rule matching for EoGRE client failed |
Collect RA traces and check with Cisco support |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_MSPAYLOAD |
May need validation |
Controller internal error. Application of AAA attributes for EoGRE client failed |
Collect RA traces and check with Cisco support |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_MSPAYLOAD |
May need validation |
Controller internal error. Creation of EoGRE client failed |
Collect RA traces and check with Cisco support |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_HANDOFF_ERROR |
May need validation |
Controller internal error. Mobility handling of EoGRE client failed |
Collect RA traces and check with Cisco support |
| CO_CLIENT_DELETE_REASON_QOS_FAILURE |
May need validation |
QOS module operation failed for the client |
If the issue persists, collect RA trace for further investigation |
| CO_CLIENT_DELETE_REASON_DOT11_ASSOC_DENIED_UNSPEC |
May need validation |
Used when WGB tries association to webauth WLAN |
Correct WGB configuration |
| CO_CLIENT_DELETE_REASON_DOT11_CCX_INSUFFICIENT_BANDWIDTH |
May need validation |
CAC TSPEC error due to insufficient bandwidth on AP radio |
Check CAC configuration, and collect RA trace |
| CO_CLIENT_DELETE_REASON_ABORT_RECEIVED |
May need validation |
Internal controller error. Client connection abort received during state processing |
Collect RA traces for further investigation |
| CO_CLIENT_DELETE_REASON_KEY_M1_FAILURE |
May need validation |
Controller internal error. It was not possible to send EAPoL M1 to AP |
Collect RA traces for further investigation |
| CO_CLIENT_DELETE_REASON_KEY_M3_FAILURE |
May need validation |
Controller internal error. It was not possible to send EAPoL M3 to AP |
Collect RA traces for further investigation |
| CO_CLIENT_DELETE_REASON_WLAN_ID_ATTR_MISMATCH |
May need validation |
Radius server returned a WLAN ID attribute, not matching client policy |
Check if this is expected, and confirm Radius server configuration vs controller WLANs |
| CO_CLIENT_DELETE_REASON_EXCLUDE_SUPPLICANT_NAME_FAIL |
May need validation |
Policy validation error of the supplicant name |
|
| CO_CLIENT_DELETE_REASON_EXCLUDE_USER_NAME_FAIL |
May need validation |
Error handling username attribute |
Collect RA traces |
| CO_CLIENT_DELETE_REASON_EXCLUDE_SERVICE_SET_ID_FAIL |
May need validation |
Invalid SSID name received from AAA server |
Check Radius server configuration and collect RA traces for more info |
| CO_CLIENT_DELETE_REASON_EXCLUDE_ANCHOR_VLAN_ID_FAIL |
May need validation |
Error handling Anchor VLAN ID attribute |
Check Radius server configuration and collect RA traces for more info |
| CO_CLIENT_DELETE_REASON_EXCLUDE_INTERIM_INTERVAL_FAIL |
May need validation |
Internal controller error while handling Accounting Interim interval settings |
Collect RA traces for more info |
| CO_CLIENT_DELETE_REASON_EXCLUDE_LINKLOCAL_BRIDGE_VLAN_FAIL |
May need validation |
Invalid Local-link bridging VLAN assigned to client |
Check configuration and RA traces |
| CO_CLIENT_DELETE_REASON_MBSSID_DOWN |
May need validation |
Client removed due to mobility tunnel going down |
Check mobility peer status |
| CO_CLIENT_DELETE_REASON_L3AUTH_FAIL |
May need validation |
Security processing for a L3 Auth failed (Webauth/guest) |
Confirm username/password and if required, collect RA trace |
| CO_CLIENT_DELETE_REASON_CAPWAP_DOWN |
May need validation |
Client was deleted due to CAPWAP tunnel failure |
Confirm if there are any network connectivity issues, if none found, check AP logs for any crash |
| CO_CLIENT_DELETE_REASON_WGB_CLIENT_DIRECT_ASSOC |
May need validation |
Mac address was seen as wired WGB client, has now associated as wireless client |
This is unusual scenario. Check if this is intentional |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_CLASS3_RECV |
May need validation |
AP triggered delete, as client sent class 3 frame (data, power save, some management) from non-authenticated client, may happen occasionally on connection recovery |
Nothing required, unless this is happening frequently. This may need RA trace and OTA capture |
| CO_CLIENT_DELETE_REASON_MN_AP_AUTH_RESP_REJECT |
May need validation |
AP deleted client, as Auth request was FT or SAE, and these are not enabled in the SSID |
Possible client side defect, may need OTA and config to validate |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_ASSOC_RESP_WITH_FAILURE_STATUS |
May need validation |
AP rejected association request. This could be due to invalid rates, or other incorrect information element |
If this happens frequently, it may need AP side logs + OTA |
| CO_CLIENT_DELETE_REASON_MN_CLIENT_ACL_MISMATCH |
May need validation |
AP deleted client during Facebook Express wifi feature, due to missing ACL |
Possible configuration error. Check assigned postauth ACL |
| CO_CLIENT_DELETE_REASON_MN_AP_AUTH_STOP |
May need validation |
AP deleted client during association phase. This may have different triggers, from internal AP process errors, normal delete on RLANs, etc |
If seen frequently or observing connection problems, collect AP logs and OTA for further analysis |
| CO_CLIENT_DELETE_REASON_MN_4WAY_HANDSHAKE_FAILED |
May need validation |
EAPoL 4WAY exchange failed at AP side, no specific trigger |
Collect AP logs/client debug for further analysis |
| CO_CLIENT_DELETE_REASON_MN_DEL_BAD_AID |
May need validation |
Association ID assigned by controller is already in use |
This may need further investigation for possible defect on either controller or AP. RA traces and AP logs will be needed |
| CO_CLIENT_DELETE_REASON_MN_DEL_ALL_ON_SLOT |
May need validation |
AP received request to delete all clients in the interface. Could be due to config change, or recovery from radio event |
This could be due to config request. If none was performed, check AP logs for possible radio recovery/reset that needs to be investigated |
| CO_CLIENT_DELETE_REASON_MN_DEL_STOP_REASSOC |
May need validation |
AP triggered delete, may be due to AP staggered upgrade in process, or client sent more than 3 continuous requests, or during some scenarios of inter-radio roaming |
Some triggers are normal during operation. If this happens frequently, collect AP debug client logs |
| CO_CLIENT_DELETE_REASON_MN_DEL_TX_DISASSOC |
May need validation |
AP Radio driver sent a client delete, or other component sent a downstream dissasociation request |
This should not be seen, may need additional investigation to confirm if it is valid trigger. Collect RA + AP debugs |
| CO_CLIENT_DELETE_REASON_MN_AP_4WAY_HANDSHAKE_FAILED |
May need validation |
AP side report of different failure points on EAPoL 4way. May be triggered by wrong PSK, or possible defects on client or infrastructure side |
If using PSK, check it, otherwise, collect RA trace and AP debugs, and either EPC or OTA capture. |
| CO_CLIENT_DELETE_REASON_MN_AP_TUNNEL_DOWN |
May need validation |
AP reports EoGRE tunnel down |
This is specific to EoGRE tunnel from AP. Check network connectivity and EoGRE configuration |
| CO_CLIENT_DELETE_REASON_MN_AP_RLAN_CENTRAL_SWITCH |
May need validation |
Client on RLAN with Central Switching, and AP lost CAPWAP tunnel (moved to standalone) |
Check AP network connectivity to controller |
| CO_CLIENT_DELETE_REASON_MN_AP_RLAN_DP_ADD_FAIL |
May need validation |
It was not possible to add RLAN client to AP dataplane, possible defect or load related issue |
Get AP logs and client debugs |
| CO_CLIENT_DELETE_REASON_MN_AP_RLAN_MAB_FAILURE |
May need validation |
Mac address bypass failed for RLAN client. Either not authorized client, invalid config, or radius server issue |
Check Radius configuration, and mac address entry in server |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DELETE_NO_ACL |
May need validation |
AP deleted client, as ACL name provided, was not present in AP |
Check ACL configuration, collect RA traces, AP logs, AP show tech |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_KEY_PLUMB_FAIL |
May need validation |
AP radio driver could not configure client encryption keys. Possible defect |
Collect AP debugs for client, this may need further analysis |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_MESH_KEY_PLUMB_FAIL |
May need validation |
AP radio driver could not configure mesh AP encryption keys. Possible defect |
Collect AP debugs for mesh AP, this may need further analysis |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DP_ADD_FAIL |
May need validation |
AP could not add client entry to data path during association processing. Possible defect |
Collect AP show tech, and debug client |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_AUTH_RESP_SEND_FAIL |
May need validation |
AP could not send Auth response to client, default delete reason for auth failures. Possible defect |
Collect AP show tech, OTA and debug client |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_ASSOC_RESP_SEND_FAIL |
May need validation |
AP could not send Association response to client, default delete reason for association failures. Possible defect |
Collect AP show tech, OTA and debug client |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DEAUTH_DISASSOC_SEND_FAIL |
May need validation |
AP could not send deauth or dissasociate to client. Possible defect |
Collect AP show tech, OTA and debug client |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_PSP_WHEN_UNAUTH |
May need validation |
A device sent Power Saving Poll without being associated to AP. May be client side state problem |
If this happens frequently, collect OTA, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_EVENT_IOCTL_ERROR |
May need validation |
Driver could not obtain statistics for client, leading to client delete request |
If this happens frequently, collect OTA, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_FLEX_FT_FAILURE |
May need validation |
FT (802.11w) roaming failed for client, with AP in Flex mode. May be client side issue |
If this happens frequently, collect OTA, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DRIVER_ADD_FAIL |
May need validation |
AP could not add client entry to radio driver. Possible defect |
Collect OTA, ap show tech, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_CLIENT_NOT_FOUND |
May need validation |
AP could not add client entry to radio driver. Possible defect |
Collect OTA, ap show tech, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_MGMT_PKT_ALLOC_FAIL |
May need validation |
AP radio driver could not allocate memory to handle the client add. Possible defect |
Collect OTA, ap show tech, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_CIPHER |
May need validation |
AP driver deleted client, as requested crypto cipher is invalid or Unknown. Possible defect |
Collect OTA, ap show tech, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_AID |
May need validation |
AP driver reported invalid Association ID received for client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEY |
May need validation |
AP driver reported they key type sent for client is invalid type (direction, mode, etc). Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_FW_KEY_SET_FAILED |
May need validation |
AP driver could not program the client key into radio firmware. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_HT_VHT_RATES |
May need validation |
AP Radio driver received association response add with invalid HT/VHT rates or legacy rates with invalid size |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_LEGACY_RATES |
May need validation |
AP Radio driver received association response add with invalid legacy rates, or no rates at all |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_AID_INUSE |
May need validation |
AP Radio driver reports that association ID set for Client is already in use. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_CIPHER_ATTACH_FAIL |
May need validation |
AP Radio driver reports that it was not possible to link the cipher type to the key when adding the client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ALGORITHM_MISMATCH |
May need validation |
AP Radio driver reports mismatch between multicast/unicast cipher when trying to set key for client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEYLENGTH |
May need validation |
AP Radio driver reports mismatch invalid key length while adding client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_INVALID_KEY_INDEX |
May need validation |
AP Radio driver reports mismatch invalid key index while adding client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_STADB_INIT_FAILED |
May need validation |
AP driver creation of IO control block for client failed. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ADDING_ENTRY_FAILED |
May need validation |
AP driver reports that IO control block for client could not be found. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ADDING_ENTRY_IN_FIRMWARE_FAILED |
May need validation |
AP driver reports that radio firmware could not add client. Possible defect |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_MN_AP_REASON_AP_MAX |
May need validation |
Default driver client delete reason, if no other trigger was found |
Collect OTA, ap show tech, controller show tech wireless, and client debug bundle |
| CO_CLIENT_DELETE_REASON_KEY_XCHNG_TIMEOUT |
Normal, in most scenarios |
This can happen during normal scenarios. Client deleted due to EAPoL M1 retries. Possible client side issue, or it roamed during auth phase |
If issue persists, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_SESSION_TIMEOUT |
Normal, in most scenarios |
Client removed after reaching session timeout. Normal scenario |
None required |
| CO_CLIENT_DELETE_REASON_IPLEARN_CONNECT_TIMEOUT |
Normal, in most scenarios |
Controller did not learn client IP address in the allowed time |
Check DHCP server and client IP configuration. Validate if DHCP required is set and client is performing DHCP negotiation. If all is correct, collect RA traces and EPC |
| CO_CLIENT_DELETE_REASON_BSSID_DOWN |
Normal, in most scenarios |
Triggered by configuration changes, for example WLAN or Policy profile modifications |
None required |
| CO_CLIENT_DELETE_REASON_MAX_SAQUERIES |
Normal, in most scenarios |
For PMF clients, triggered when client did not reply to SA queries and reached max retries. Could be triggered on failed roams, or client spoofing attacks |
None required, as it may happen on normal scenarios. If issue persists, collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_RESTART_PURGE |
Normal, in most scenarios |
Client was roaming during HA failure, or Association ID conflict was detected after failover |
None required |
| CO_CLIENT_DELETE_REASON_INTER_WNCD_ROAM_SUCCESS |
Normal, in most scenarios |
Client roamed across WNCD instances. This is normal scenario for default tag, or roaming across tags |
None required |
| CO_CLIENT_DELETE_REASON_INTER_CTRL_ROAM_SUCCESS |
Normal, in most scenarios |
Successful inter controller client roam |
None required |
| CO_CLIENT_DELETE_REASON_MOBILITY_FAILURE |
Normal, in most scenarios |
Client delete, either due to roaming while on IP learning state, or due to policy configuration mismatch |
Check logging details for client. In case of mismatch, correct configuration. Delete by IP learning will happen on normal scenarios |
| CO_CLIENT_DELETE_REASON_NAS_ERROR |
Normal, in most scenarios |
Default AAA disconnect reason |
None required |
| CO_CLIENT_DELETE_REASON_80211V_SMART_ROAM_FAILED |
Normal, in most scenarios |
Failure while sending 802.11v Transition request frame. Causes could be 11v not supported by client, or BSS transition is not enabled on the radio |
Check configuration. If this happens frequently, collect RA trace |
| CO_CLIENT_DELETE_REASON_DOT11V_ASSOC_FAILED |
Normal, in most scenarios |
Not in use |
None, this should not be triggered |
| CO_CLIENT_DELETE_REASON_FT_AUTH_RESPONSE |
Normal, in most scenarios |
Client failed pre-authentication during FT roaming |
None required, if this happens frequently, collect RA and AP side debugs for the client |
| CO_CLIENT_DELETE_REASON_AVC_REANCHORING |
Normal, in most scenarios |
WLAN Reanchor feature is enabled, and client was not using voice/video |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_EAP_ID_TIMEOUT |
Normal, in most scenarios |
Client did not reply to EAP requests in the specified retries/time |
Check client supplicant/user configuration. If persistent, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_CLIENT_DOT1X_TIMEOUT |
Normal, in most scenarios |
Client did not reply to 802.1x requests in the specified retries/time |
Check client supplicant/user configuration and AAA server logs. If persistent, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_EXCLUDE_WEB_AUTH_FAIL |
Normal, in most scenarios |
Client failed webauth, most probably wrong username or password |
Check client credentials |
| CO_CLIENT_DELETE_REASON_EXCLUDE_DOT1X_AUTH_FAIL |
Normal, in most scenarios |
Client provided wrong username or password during 802.1x authentication |
Check client credentials and supplicant configuration |
| CO_CLIENT_DELETE_REASON_EXCLUDE_DOT1X_TIMEOUT |
Normal, in most scenarios |
Client did not reply to 802.1x request. Not currently used |
Check client supplicant configuration |
| CO_CLIENT_DELETE_REASON_EXCLUDE_DOT11_AUTH_FAIL |
Normal, in most scenarios |
Failure during 802.11 auth request. Not currently used |
None required. |
| CO_CLIENT_DELETE_REASON_EXCLUDE_CONFIG |
Normal, in most scenarios |
Client was manually excluded by administrator |
Check controller configuration, if this was not intentional |
| CO_CLIENT_DELETE_REASON_SUPPLICANT_RESTART |
Normal, in most scenarios |
Not in use |
None required |
| CO_CLIENT_DELETE_REASON_PORT_ADMIN_DISABLED |
Normal, in most scenarios |
802.1x or MAB has been disabled on the client interface. This should not be applicable to wireless clients |
None required |
| CO_CLIENT_DELETE_REASON_LOST_CARRIER |
Normal, in most scenarios |
AAA lost carrier failure. This should not be applicable to wireless clients |
None required |
| CO_CLIENT_DELETE_REASON_EXCLUDE_STATIC_IP_ANCHOR_FAIL |
Normal, in most scenarios |
Policy profile has static IP mobility enabled, and controller could not find valid anchor for client IP |
Check controllers configuration and IP address used by client. Could be client was using IP not valid in any controller in mobility group |
| CO_CLIENT_DELETE_REASON_MACAUTH_CONNECT_TIMEOUT |
Normal, in most scenarios |
Controller internal error. Client mac authentication was not completed in time, could be load issue or radius server |
Check radius server, then collect RA traces for further analysis, include AP logs if Flexmode |
| CO_CLIENT_DELETE_REASON_L2AUTH_CONNECT_TIMEOUT |
Normal, in most scenarios |
Client did not complete L2 auth like PSK or 802.1x, in time. Could be normal if client roamed or went out of coverage |
If it is not expected, collect RA traces for further analysis, include AP logs if Flexmode |
| CO_CLIENT_DELETE_REASON_L3AUTH_CONNECT_TIMEOUT |
Normal, in most scenarios |
Client did not complete webauth in time. Could be normal if client roamed or went out of coverage |
If it is not expected, collect RA traces for further analysis, include AP logs if Flexmode |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RESET |
Normal, in most scenarios |
EoGRE tunnel was reset |
Check network status |
| CO_CLIENT_DELETE_REASON_TUNNEL_EOGRE_RECONCILIATION |
Normal, in most scenarios |
Unknown client deleted after HA failover |
None Required |
| CO_CLIENT_DELETE_REASON_WIRED_IDLE_TIMEOUT |
Normal, in most scenarios |
Wired client was deleted on idle timeout, normal scenario |
None required |
| CO_CLIENT_DELETE_REASON_IP_UPDATE_TIMEOUT |
Normal, in most scenarios |
Anchor informed of client IP timeout |
Anchored client did not complete IP negotiation in time. Check client config, DHCP server |
| CO_CLIENT_DELETE_REASON_AP_DELETE_MN |
Normal, in most scenarios |
AP-side triggered client delete, may be normal during operation |
None required. If this happens frequently collect RA trace and AP side debugs |
| CO_CLIENT_DELETE_REASON_DOT11_CAPS_UNSUPPORTED |
Normal, in most scenarios |
Invalid client capabilities during 802.11 frame parsing. Should not be seen |
None required |
| CO_CLIENT_DELETE_REASON_DOT11_CCX_INVALID_QOS_PARAMETER |
Normal, in most scenarios |
CCX QoS error, not in use |
None required |
| CO_CLIENT_DELETE_REASON_DOT11_CCX_NON_OPTIMAL_ASSOCIATION_CHOICE |
Normal, in most scenarios |
Client is trying to join to an non-optimal Access point when assisted roaming is enabled |
This can be intentional, depending on your configuration |
| CO_CLIENT_DELETE_REASON_WIRED_WGB_DELETE |
Normal, in most scenarios |
WGB removal triggered delete of its child clients |
None required |
| CO_CLIENT_DELETE_REASON_REMOTE_MOBILITY_DELETE |
Normal, in most scenarios |
Mobility requested client to be deleted, could have different triggers, like tunnel down |
Check RA traces |
| CO_CLIENT_DELETE_REASON_IP_DOWN_NO_IP |
Normal, in most scenarios |
Client sent a DHCP release IP address |
This can be normal scenario depending on client behavior |
| CO_CLIENT_DELETE_REASON_DOT11_CCX_QOS_POLICY |
Normal, in most scenarios |
CCX QoS policy error. Not in use |
None required |
| CO_CLIENT_DELETE_REASON_ROAM_ACROSS_POLICY_PROFILE_DENY |
Normal, in most scenarios |
Client roamed across policy profiles |
Check configuration. This can be intentional on some scenarios, but policy usage should be optimised for best roaming experience |
| CO_CLIENT_DELETE_REASON_EXCLUSION_POLICY_TEMPLATE_FAIL |
Normal, in most scenarios |
Error applying service template provided by AAA server |
Collect RA traces and Radius logs for further investigation |
| CO_CLIENT_DELETE_REASON_AP_UPGRADE |
Normal, in most scenarios |
Client deleted as AP is performing an upgrade |
None required |
| CO_CLIENT_DELETE_REASON_MAB_FAILED |
Normal, in most scenarios |
Client failed Mac Authentication Bypass |
Check if MAB configuration is correct |
| CO_CLIENT_DELETE_REASON_WLAN_CHANGE |
Normal, in most scenarios |
Client changed WLANs/SSID |
None required |
| CO_CLIENT_DELETE_REASON_VLAN_CHANGE |
Normal, in most scenarios |
On client reassociation or roaming, a new VLAN was assigned. This would be caused by AAA override, different policy profiles, etc |
None required |
| CO_CLIENT_DELETE_REASON_ADMIN_RESET |
Normal, in most scenarios |
Administrator removed the client, or in some scenarios, AAA server requested client delete |
None required |
| CO_CLIENT_DELETE_REASON_IDLE_TIMEOUT |
Normal, in most scenarios |
Client deleted due to inactivity. Normal scenario |
None required |
| CO_CLIENT_DELETE_REASON_MN_IDLE_TIMEOUT |
Normal, in most scenarios |
Client deleted by AP, due to inactivity. Normal scenario |
None required |
| CO_CLIENT_DELETE_REASON_USER_REQUEST |
Normal, in most scenarios |
Client deleted due to supplicant sending EAP Logoff. This may happen during machine authentication |
None required. If this is not intentional, do RA trace and check on client side logs |
| CO_CLIENT_DELETE_REASON_MM_TUNNEL_DOWN |
Normal, in most scenarios |
Client was deleted as Mobility tunnel to peer went down |
Check network connectivity, and remote mobility peer status |
| CO_CLIENT_DELETE_REASON_DOT11V_TIMER_TIMEOUT |
Normal, in most scenarios |
Client did not perform roaming on 802.11v transition request and timer expired |
None required. If impacting client stability, check configuration |
| CO_CLIENT_DELETE_REASON_DOT11_MAX_STA |
Normal, in most scenarios |
AP Radio has reached maximum capacity |
Check if non-default max client setting per radio has been set, or RF design if additional capacity is needed |
| CO_CLIENT_DELETE_REASON_WIRED_IAPP_DISASSOC |
Normal, in most scenarios |
WGB wired client deleted. This may be triggered by WGB client removed due to inactivity |
None required |
| CO_CLIENT_DELETE_REASON_WIRED_WGB_CHANGE |
Normal, in most scenarios |
Client mac address was reported by another WGB, so deleting previous entry |
Mac address seen by another WGB. Check if this is intentional |
| CO_CLIENT_DELETE_REASON_WIRED_VLAN_CHANGE |
Normal, in most scenarios |
WGB moved client to a different VLAN |
This is for WGB VLAN feature. Check if this is intentional |
| CO_CLIENT_DELETE_REASON_CLIENT_CREDENTIAL_FAILURE |
Normal, in most scenarios |
Wrong username or password |
Check client side user configuration |
| CO_CLIENT_DELETE_REASON_DANGLING_CLEANUP_TIMER |
Normal, in most scenarios |
Wired Client was deleted after WGB cleanup event |
Check why WGB was deleted |
| CO_CLIENT_DELETE_REASON_DEAUTH_OR_DISASSOC_REQ |
Normal, in most scenarios |
Client initiated a deauthentication or deauthentication |
None required in most scenarios. This is normal activity |
| CO_CLIENT_DELETE_REASON_CLIENT_DHCP_FAILURE |
Normal, in most scenarios |
Client reported DHCP error on deauth frame |
Check DHCP server, and collect RA trace |
| CO_CLIENT_DELETE_REASON_CLIENT_EAP_TIMEOUT_FAILURE |
Normal, in most scenarios |
Client reported EAP error on deauth frame |
Check AAA server, and collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_CLIENT_8021X_FAILURE |
Normal, in most scenarios |
Client reported authentication error on deauth frame |
Check AAA server, and collect RA trace and over the air capture |
| CO_CLIENT_DELETE_REASON_CLIENT_DEVICE_IDLE |
Normal, in most scenarios |
Client reported idle timeout on deauth frame |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_CAPTIVE_PORTAL_SECURITY_FAILURE |
Normal, in most scenarios |
Client reported webauth error on deauth frame |
Check webauth configuration and certificates |
| CO_CLIENT_DELETE_REASON_CLIENT_DECRYPTION_FAILURE |
Normal, in most scenarios |
Client reported decryption errors on deauth frame |
Get RA trace and over the air captures |
| CO_CLIENT_DELETE_REASON_CLIENT_INTERFACE_DISABLED |
Normal, in most scenarios |
Client informed it is going in deep sleep on deauth frame |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_USER_TRIGGERED_DISASSOC |
Normal, in most scenarios |
Client informed user requested disconnection |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_MISC_REASON |
Normal, in most scenarios |
Client reported generic reason in deauth frame |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_UNKNOWN_REASON |
Normal, in most scenarios |
Client reported generic reason in deauth frame |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_PEER_TRIGGERED |
Normal, in most scenarios |
Client reported AP sent disconnection in deauth frame |
None required |
| CO_CLIENT_DELETE_REASON_CLIENT_BEACON_LOSS |
Normal, in most scenarios |
Client reported disconnection due to AP beacon loss. This may be triggered by low RRSI/coverage, or AP radio resets |
Check AP logs for radio reset, and confirm client was not on low coverage scenario |
| CO_CLIENT_DELETE_REASON_DOT11_POOR_CHANNEL_CONDITIONS |
Normal, in most scenarios |
Client RSSI is lower than the configured RSSI threshold |
None required, as this may be intentional. Otherwise, check 802.11v and Low RSSI threshold settings. |
| CO_CLIENT_DELETE_REASON_MN_CHANNEL_SWITCH_AT_AP |
Normal, in most scenarios |
AP deleted client, triggered by a channel change request |
Normally, none needed, unless this is happening too frequently, more than 4 times a day per radio |
| CO_CLIENT_DELETE_REASON_MN_AP_IPLEARN_TIMEOUT |
Normal, in most scenarios |
AP reported that client did not complete adress learning process (static or DHCP) |
This may happen occasionally during normal scenarios if client roamed away or was out of coverage. If this is happening frequently or not expected, get RA + AP logs |
| CO_CLIENT_DELETE_REASON_MN_REASSOC_TIMEOUT |
Normal, in most scenarios |
AP deleted client as it did not complete onboarding after requesting a roaming (reasociation) |
This may happen occasionally during normal scenarios if client roamed away or was out of coverage. If this is happening frequently or not expected, get RA + AP logs |
| CO_CLIENT_DELETE_REASON_MN_DEL_DISASSOC |
Normal, in most scenarios |
AP deleted client due to dissaociation frame. Normally this only is applied for PMF(11w) enabled devices |
Non required, this happens during normal operation. If a large number of events are detected, get OTA to confirm source |
| CO_CLIENT_DELETE_REASON_MN_ASSOC_EXPIRED_AT_AP |
Normal, in most scenarios |
Client associated to stale SSID on AP, deleted during clean up process |
None required |
| CO_CLIENT_DELETE_REASON_MN_DHCP_TIMEOUT |
Normal, in most scenarios |
DHCP required is enabled, and client never completed DHCP negotiation |
May happen during normal scenarios, if client roams out of coverage during onboarding, or goes to sleep or is turned off, during onboarding. If seen on large counts per VLAN, do client debugging and check DHCP Server pool and status |
| CO_CLIENT_DELETE_REASON_MN_SA_QUERY_TIMEOUT |
Normal, in most scenarios |
AP deleted client as it did not reply SA query during PMF roaming (802.11w) |
May happen during normal scenarios. If frequently seen for specific client, it may be needed to do OTA, RA and AP client debug |
| CO_CLIENT_DELETE_REASON_MN_INTRA_AP_ROAM |
Normal, in most scenarios |
AP deleted client as it roamed across SSID in the same AP |
None required |
| CO_CLIENT_DELETE_REASON_MN_CHANNEL_SWITCH_AT_AP |
Normal, in most scenarios |
AP had a channel change, that triggered client deletion |
This may happen during normal scenarios. if this is seen very frequently on same AP, it may need RF analisys or RRM tunning |
| CO_CLIENT_DELETE_REASON_MN_DEL_REQUEST |
Normal, in most scenarios |
AP driver received a delete request for the client |
PENDING |
| CO_CLIENT_DELETE_REASON_MN_DEL_INTF_RESET |
Normal, in most scenarios |
AP radio interface has been shutdown |
This may happen by admin request |
| CO_CLIENT_DELETE_REASON_MN_DEL_REAPER_RADIO |
Normal, in most scenarios |
The radio role has changed, and can be uplink/repeater |
None needed |
| CO_CLIENT_DELETE_REASON_MN_DEL_SLOT_DISABLE |
Normal, in most scenarios |
Slow was disabled for MFP wlan |
None needed |
| CO_CLIENT_DELETE_REASON_MN_DEL_MIC_FAIL |
Normal, in most scenarios |
MIC (for TKIP) counter protection triggered, so AP deleted all clients |
None needed, if this happens frequently, check for possible client side issues |
| CO_CLIENT_DELETE_REASON_MN_DEL_VLAN_DEL |
Normal, in most scenarios |
VLAN/ACL mapping deleted, config change |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_PAK_MAX_RETRY |
Normal, in most scenarios |
Client deleted by maximum frame retransmissions reached. This reason should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_TX_DEAUTH |
Normal, in most scenarios |
AP triggered a deauth during webauth/dot1x/run states, this may have been requested by controller |
May happen during normal scenario (for example timeout), if this is frequent or not-expected, collect RA traces for client |
| CO_CLIENT_DELETE_REASON_MN_DEL_SENSOR_STA_TIMEOUT |
Normal, in most scenarios |
Sensor station timeout. This reason should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_AGE_TIMEOUT |
Normal, in most scenarios |
AP triggered client delete, by session timeout |
None required, this is normal for local auth/standalone flex scenarios |
| CO_CLIENT_DELETE_REASON_MN_DEL_TX_FAIL_THOLD |
Normal, in most scenarios |
Bad Client, this reason code should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_UPLINK_RCV_TIMEOUT |
Normal, in most scenarios |
Uplink timeout, this reason code should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_SNSR_SCAN_NXT_RADIO |
Normal, in most scenarios |
Sensor AP in operation, this reason code should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_SNSR_SCAN_OTHER_BSSID |
Normal, in most scenarios |
Sensor AP in operation, this reason code should not be active |
None required |
| CO_CLIENT_DELETE_REASON_MN_DEL_AUTH_EXPIRED |
Normal, in most scenarios |
AP triggered a client delete, as client did auth phase, but never completed association |
May happen during normal scenario (for example timeout), if this is frequent or not-expected, collect RA traces for client |
| CO_CLIENT_DELETE_REASON_MN_AP_BY_FLEXGROUP_CHANGE |
Normal, in most scenarios |
AP Flexgroup name was changed by administrator, leading to client delete request |
None required, configuration change |
| CO_CLIENT_DELETE_REASON_MN_AP_EAPOL_LOGOFF |
Normal, in most scenarios |
Client sent EAP-Logoff. This may be due to normal operation (p.e. client user changed) or it may be client supplicant error, restarting auth |
This is normally expected, if happening frequently or leading to problems, this may need RA trace |
| CO_CLIENT_DELETE_REASON_MN_AP_EAP_REQ_TIMEOUT |
Normal, in most scenarios |
Client did not reply to EAP requests in the specified retries/time |
Check client supplicant/user configuration and AP state. If persistent, collect RA traces and over the air capture |
| CO_CLIENT_DELETE_REASON_MN_AP_MIC_VALIDATION |
Normal, in most scenarios |
MIC (for TKIP) counter protection triggered, so AP deleted all clients |
None needed, if this happens frequently, check for possible client side issues |
| CO_CLIENT_DELETE_REASON_MN_AP_INTER_AP_ROAM |
Normal, in most scenarios |
WLC requested to AP to delete client due to roaming event |
None needed |
| CO_CLIENT_DELETE_REASON_MN_AP_UNKNOWN_CLIENT |
Normal, in most scenarios |
Client Unknown, this should not be seen/not in use |
Collect RA traces for initial analysis |
| CO_CLIENT_DELETE_REASON_MN_AP_REAUTH_TIMEOUT |
Normal, in most scenarios |
Client did not complete reauthentication in the specified timer. This may happen on normal scenarios, if client is sleeping or out of coverage |
No action needed |
| CO_CLIENT_DELETE_REASON_MN_AP_CONT_IDLE_TIMEOUT |
Normal, in most scenarios |
Continuous idle timeout, this should not be seen/not in use |
None required |
| CO_CLIENT_DELETE_REASON_MN_AP_RLDP_CLEANUP |
Normal, in most scenarios |
Client deleted during RLDP (Rogue Link Detection Protocol) execution |
Expected action, depending on configuration. RLDP can be disabled, if not required by security policies |
| CO_CLIENT_DELETE_REASON_MN_AP_PEM_CLEANUP |
Normal, in most scenarios |
Client deleted by Policy Enforcement Module request. This should not be see/not in use |
None required |
| CO_CLIENT_DELETE_REASON_MN_AP_RLAN_DELETE |
Normal, in most scenarios |
All Clients on RLAN port have been deleted, this could be due to port going down, or port getting admin disabled. This could happen on normal scenarios, for example, turning off a RLAN connected device or due to admin port disable configuration. |
Check port config, cable, and connected device state |
| CO_CLIENT_DELETE_REASON_MN_AP_RLAN_INACTIVE_TIMEOUT |
Normal, in most scenarios |
RLAN client deleted due to inactivity timeout. This can happen on normal scenarios |
None needed |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_WEBAUTH_TIMER_EXPIRED |
Normal, in most scenarios |
AP deleted client, as it did not complete webauth authentication in time. This may happen on normal scenarios |
if this happens for clients actively trying to login, collect RA traces, and OTA |
| CO_CLIENT_DELETE_REASON_MN_AP_CLSM_DOT1X_TIMER_EXPIRED |
Normal, in most scenarios |
AP deleted client, as it did not complete 802.1x authentication in time. |
if this happens for clients actively trying to authenticate, collect RA traces, AP debugs, and OTA |
| CO_CLIENT_DELETE_REASON_MN_AP_DRIVER_ASSOC_SCB_NOT_AUTHENTICATED |
Normal, in most scenarios |
AP is rejecting client association, as it did not do 802.11 authentication, possible client defect |
None required, or OTA is seen frequently |
| CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_AP |
Normal, in most scenarios |
AP deleted client, as max client setting per AP is configured |
None required, or check config in WLAN profile |
| CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_BSSID |
Normal, in most scenarios |
AP deleted client, as max client setting per WLAN is configured |
None required, or check config in WLAN profile |
| CO_CLIENT_DELETE_REASON_MN_AP_MAX_STA_ON_RADIO |
Normal, in most scenarios |
AP deleted client, as max client setting per radio is configured |
None required, or check config in WLAN profile |