This section provides the following information on the faults displayed in Faults > Display Faults. The following information is provided:
•Fault—The fault as it appears in the Display Faults table.
•Explanation—An explanation as to why the fault occurred.
•Related Setting—The threshold or policy you assigned to devices under Faults > Manage Fault Settings, IDS > Manage IDS Settings, or IDS > Manage Network-Wide IDS Settings, when applicable.
•Recommended Action—An action that can be taken to clear the displayed fault.
Access point ssid reclassified from Friendly to Rogue due to rule
An access point that was previously determined to be Friendly has been reclassified to Rogue:
ssid is the Service Set Identifier of the unmanaged radio's BSS.
rule is one of the following:
•Change in RSSI ordering between observers
The estimated proximity of the unmanaged radio between two observers has switched—if the WLSE thought that observer A was closer to radio R than observer B, it now thinks that observer B is closer to radio R than observer A.
•Difference in relative RSSI between original and current observers exceeded threshold
While radio R's strength changed by factor M between observer A and observer B, it changed by factor M+T between observer B and observer C. That is, it does not
IDS > Manage Network-Wide IDS Settings > Rogue AP Detection > Friendly to Rogue AP Reclassification
or
IDS > Manage Rogues
Use the fault details page to mark it friendly if the AP is known, or to delete it from the WLSE database if it is an unknown AP.
Access point ssid reclassified from Friendly to Rogue due to rule
(continued)
appear that radio R's change in strength is merely due to a change in its power configuration.
•Fewer than two observers
•Too long without any observations
AP CPU utilization is Degraded (utilization %)
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: AP CPU utilization is Ok.
Manage Fault Settings > Access Point/Bridge Thresholds > CPU Utilization
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
AP CPU utilization is Overloaded (utilization %)
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: CPU utilization is Ok.
Manage Fault Settings > Access Point/Bridge Thresholds > CPU Utilization
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
AP is not registered with a WDS
The managed access point is not registered with any WDS.
For Radio Manager functionality to work, all access points must register with a WDS. If an access point is not registered, it will be excluded from all the Radio Manager procedures, which will provide incorrect results.
Verify that the WLCCP AP credentials are configured correctly so that the AP can register with a WDS in its subnet.
For more information, see the managing devices information in the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.12.
AP memory utilization is Degraded (utilization %)
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: AP memory utilization is Ok.
Log in to the access point and enable the broadcast key rotation interval.
Device state is rogue access point: ssid
The WLSE detected a rogue access point (where ssid is the Service Set Identifier of the unmanaged radio's BSS). This is an access point that is not being managed and is unknown to the WLSE.
IDS > Manage Network-Wide IDS Settings > Rogue AP Detection
or
IDS > Manage Rogues
Use the fault details page to mark it friendly if the AP is known, or to delete it from the WLSE database if it is an unknown AP.
Device was not reachable via SNMP
The SNMP Agent could be down.
Using the SNMP threshold setting, you configure the WLSE to poll the sysUpTime MIB object periodically. If at any time the WLSE fails to poll this MIB object, the WLSE generates this fault.
Also, if while polling any other MIB objects for other fault policies or thresholds associated with the device, the WLSE observes the device is SNMP unreachable, it generates this fault.
And lastly, during rediscovery if a previously-discovered device is found to be SNMP unreachable, the WLSE generate this fault.
When this fault is cleared, the following message displays: Device was reachable via SNMP.
Firmware version policy violation (version number)
The wrong version number for policy checking has been entered.
When this fault is cleared, the following message displays: Firmware version is valid.
Manage Fault Settings > Access Point/Bridge Policies > Firmware Version
Make sure that the firmware version that is entered in the policy setting matches the firmware version on the access point.
The access point is running an unauthorized firmware version.
When this fault is cleared, the following message displays: Firmware version is valid.
Make sure that you have entered authorized versions in the policy setting.
Update the firmware on the access point to an authorized version.
HotStandBy is active
The access point that is configured for hot standby has become active.
The following conditions could cause the hot standby access point to become active: the primary access point is down, the Ethernet port is down, or the Radio port is down.
When this fault is cleared, the following message displays: HotStandBy is disabled.
Manage Fault Settings > Access Point/Bridge Policies > HotStandby Status
1. Check the primary access point, the Ethernet port, or the Radio port to see why the hot standby access point has been activated.
2. Correct the condition. For example, if the Radio Port on the formerly active access point was in a disabled state, then enable it using the access point GUI.
3. Launch the GUI for access point that is currently in Active Takeover mode.
4. Select Hot Standby, click Disabled , then click Apply.
5. Click Enabled, then enter the Radio MAC address of Monitored Radio Port, leave the Polling interval and Timeout for Each Polling fields blank,.
6. Click Apply to reconfigure the access point to Hot Standby mode.
Inconsistent device state found: MIB-name table-name. OID-name problem-details
One or more configuration values of the AP/BR are either out-of-range or are in conflict with another configuration value. The fault description and corresponding swan.log entry provide details about the suspect value, including the official public MIB name of the SNMP OID for which the error was found.
When a radio is declared to have an invalid configuration or has failed, it cannot be manipulated by Radio Management and is removed from SWAN RM operations. For example, if just the 802.11a radio on a WDS is not configured correctly, only that radio is excluded from RM operations; the 802.11b/g radio and the WDS remains fully RM-operational. This behavior can help you isolate the portions of your network that are affected by misconfigurations or failures.
Not applicable.
To resolve an inconsistent configuration, several possibilities exist:
•It is possible that the most recent Inventory failed for the device. Re-running inventory might clear the condition.
•If the configuration value being contested is user-editable, you can correct the problem using the WLSE templates, the AP/BR GUI, or the AP/BR CLI.
•If the configuration value being contested is not user-editable, this is probably an IOS error. You will need to upgrade the affected AP/BR to the most recent version of IOS.
MIC is not enabled for the selected VLAN on the access point.
When the fault is cleared, the following message displays: MIC is enabled.
Manage Fault Settings > Access Point/Bridge Policies > MIC per Vlan
Log into the access point and enable the VLAN. Then, using the WLSE fault settings, enable the MIC for that VLAN.
Radar Detected on Channel origChannel
On its current channel, the AP detected likely contention with a radar device, so it needs to leave that channel and find another. The AP will automatically scan for another channel, but might be unable to accept associations for one minute. This one minute delay is the required scan time on another Dynamic Frequency Selection channel that must elapse before the AP can accept associations.
When this fault is cleared, the following message displays: No radar detected on new channel newChannel
The WLSE will automatically handle the assignment of another channel for those APs affected by the Radar Detection. However, if these faults become common, you should re-run Assisted Configuration (RPG) soon after a DFS event has occurred (or just manually deselect the DFS channel from the Assisted Config Wizard). This will reorganize the site to avoid the affected channel and make future conflicts likely.
Vlan WEP key length policy violation
The WEP key length for the selected VLAN setting has been violated.
When this fault has been cleared, the following message displays: Vlan WEP key length is ok.
Determine which WLSE is supposed to manage that WDS from an RM perspective. Then modify the wnm configuration on the WDS to point to the correct WLSE.
For more information, see the managing devices information in the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.12.
WEP is disabled
WEP is not enabled for the VLAN defined on the access point. (Note that the VLAN number is displayed in the Type column under Faults > Display Faults.)
When the fault is cleared, the following message displays: WEP is enabled.
Verify that the WLSE credentials used to authenticate with the WDS are correct.
For more information, see the managing devices information in the online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.12.
Radio Interface Faults
Table 2-2 Radio Interface Faults
Fault Description
Explanation
Related Setting
Recommended Action
AP is in a Degraded state number associated clients
The fault threshold set for the degraded state has been exceeded.
When this fault is cleared, the following message displays: AP is in OK state.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Appeared up|down. Compensated for by Up/Down radio(s).
The indicated radio appeared up or down on this AP, so other radios were modified to maintain coverage.
After self healing has been applied to the other AP, this fault indicates the radio that had the failure.
Radio Manager > Self Healing > Finish
Display the Self Healing fault details page, then select the document with the eyeglasses. A list of radios with the old and new power settings is displayed. These radios can compensate for the downed or recovered radio. If self healing is configured to automatically apply changes, then these are the values that were applied. If self healing is configured for manual application of the compensation calculations, then the recommended values are shown with an option to apply them to the indicated radios.
Check the radio to determine why it is down and resolve the problem.
Broadcast SSID is enabled.
The broadcast mode for the SSID on the interface has been disabled.
When this fault is cleared, the following message displays: Broadcast SSID is disabled.
Log in to the access point and make sure that the that the SSID, which is in WLSE's "Do not Broadcast SSID" list is not selected for Broadcast on the access point.
Client association rate is Degraded number per minute
The fault threshold set for the degraded state has been exceeded.
When this fault is cleared, the following message displays: Client association rate is OK.
Manage Fault Settings > Radio-802.11x Thresholds > Association Rate
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Client association rate is Overloaded number per minute
The fault threshold set for the overloaded state has been exceeded.
When this fault is cleared, the following message displays: Client association rate is OK.
Compensation determination is in progress
The WLSE determined that a radio was down or back up. Self Healing is attempting to compensate for the failed or recovered radio.
Not applicable.
There is no action necessary; Self Healing is attempting to adjust the power on other neighboring radios (which can be on other floors) to maintain coverage.
Compensation calculation did not complete due to errors
Errors forced the cancellation of Self Healing compensation calculations.
Not applicable.
Display the Self Healing fault details page, then select the document with the eyeglasses. The error messages displayed on this page will explain the problem.
Determine the action necessary to clear the fault condition.
Compensation finished with errors
Self Healing compensation calculations finished but there were errors. For example, a power change cannot be applied to a radio because:
1) The community strings for the device are wrong for the AP.
2) AP is down or unreachable
3) Wrong configuration set on the radio
Not applicable.
Determine the action necessary to clear the fault condition.
For example, if WLSE determines that five radios are needed to compensate for a down radio and only one has bad community strings, the changes to the other four radios will take place.
Compensation did not complete due to timeout of timeout (mins)
Self Healing compensation calculations took longer than 30 minutes.
Not applicable.
Display the Self Healing fault details page, then select the document with the eyeglasses. The error messages displayed on this page will explain the problem.
Determine the action necessary to clear the fault condition.
Device state is switchport traced rogue access point.
The WLSE located the port of a switch to which this rogue is connected.
Not applicable.
Refer to the description on the Display Faults page, which has the switch port information.
Using the port information you can locate and physically remove the rogue AP, or you can disable the port from the Display Faults page.
EAP is disabled
The EAP per SSID has been disabled.
When this fault is cleared, the following message displays: EAP is enabled
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
The radio interfaces on the devices may be very under utilized, which can trigger the degradation problem.
For example, if a total of three packets are sent over the radio, and two of them are corrupt, the percentage would be 2/3 = 66%, and could trigger the alarm.
Remove the alarm from the profile associated with these devices.
Packet Error is in Overloaded state (error rate %)
The fault threshold set for the overloaded state has been exceeded.
When this fault is cleared, the following message displays: Packet Error is in OK state.
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Port is administratively set to down
The port has been set to Down by the administrator.
When this fault is cleared, the following message displays: Port is up
Manage Fault Settings > Radio-802.11x Thresholds > RF Port Status
There is no action necessary; the port has been deliberately shut down.
Port is down
The port is operationally down.
When this fault is cleared, the following message displays: Port is up
Manage Fault Settings > Radio-802.11x Thresholds > RF Port AdminStatus
Check the device to determine why the port is down.
The fault RF Port AdminStatus is enabled by default and must remain enabled with a default polling time of 5 minutes. Self healing ignores any radio set as administratively down, but this can only be detected if fault polling is enabled.
PSPF is disabled
The PSPF port has been disabled.
PSPF (Publicly Secure Packet Forwarding) is a feature that prevents client devices associated to a bridge or access point from inadvertently sharing files with other client devices on the wireless network.
When the fault is cleared, the following message displays: The PSPF is enabled.
Log in to the access point and enable the PSPF setting.
Requires healing: %reason%.
The indicated radio appeared up or down on this AP. Self Healing has been started.
After compensation results have been for other radios, this fault indicates the radio that had the failure.
Not applicable.
There is no action necessary; Self Healing will attempt to adjust the power on other radios on the floor to maintain coverage.
Possible reasons self healing is required:
•An applicable radio is avoiding or no longer avoiding radar.
•An AP has unregistered or re-registered with its WDS
•A radio that had its beacons heard by other radios has not been heard by any radio (and vice-versa)
Retry Count rate is Degraded number per minute
The retry count rate alarm indicates if the wireless medium is congested. The alarm will be raised if the MSDU retransmission rate per minute is greater than the specified threshold. For example, if the overloaded state is set to greater than 90, a fault will be raised for an interface that has more than 90 MSDUs that required retransmission in a minute.
When the fault is cleared, the following message displays: Retry Count rate is OK.
Manage Fault Settings > Radio-802.11x Thresholds > Max Retry Count
Verify the threshold settings. There could be too many clients or access points located near the radio interface for which fault is raised. Clear the alarm and increase the threshold, or reduce the polling time.
Retry Count rate is Overloaded number per minute
RF bandwidth utilization is Degraded (utilization %)
The fault threshold set for the degraded state has been exceeded.
When the fault is cleared, the following message displays: RF bandwidth utilization is OK
Manage Fault Settings > Radio-802.11x Thresholds > RF Port Utilization
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
RF bandwidth utilization is Overloaded (utilization %)
The fault threshold set for the overloaded state has been exceeded.
When the fault is cleared, the following message displays: RF bandwidth utilization is OK
Serving and non-serving channel Radio Monitoring must be enabled
For Self Healing to work, all radios on the floor must be configured with Radio Monitoring. The fault will indicate which radios need to be configured with both serving and non serving radio monitoring.
When the fault is cleared, the following message displays: Qualifies for Self Healing Monitoring.
Not applicable.
Enable Radio Monitoring for both serving and non-serving channels.
Or, use the Location Manager tool, Verify RM Capability.
WEP Error is in Degraded state (error rate %)
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: WEP Error is in OK state
Look at the fault description to determine which AP reported the interference, then take corrective action by removing the interference source.
Ad-hoc network creation detected: ssid
An ad-hoc network was formed by some wireless clients (where ssid is the Service Set Identifier of the UnmanagedRadio's BSS). One of your infrastructure APs or other clients sent this information to the WLSE via your WDS setup.
If the information is available, the WLSE will show the clients that are participating in the network (and that it can detect) in the fault details page. Use the Location Manager to find these APs and verify that this is not a security issue.
Ad-hoc network ssid reclassified from Friendly to Rogue due to rule
An ad-hoc network that was previously determined to be Friendly has been reclassified to Rogue:
ssid is the Service Set Identifier of the unmanaged radio's BSS.
rule is one of the following:
•Change in RSSI ordering between observers
The estimated proximity of the unmanaged radio between two observers has switched—if the WLSE thought that observer A was closer to radio R than observer B, it now thinks that observer B is closer to radio R than observer A.
IDS > Manage Network-Wide IDS Settings > Ad-hoc Network Detection > Friendly to Rogue AP Reclassification
or
IDS > Manage Rogues
Use the fault details page to mark it friendly if the network is known, or to delete it from the WLSE database if it is unknown.
Ad-hoc network ssid reclassified from Friendly to Rogue due to rule
(Cont.)
•Difference in relative RSSI between original and current observers exceeded threshold
While radio R's strength changed by factor M between observer A and observer B, it changed by factor M+T between observer B and observer C. That is, it does not appear that radio R's change in strength is merely due to a change in its power configuration.
•Fewer than two observers
•Too long without observations
CCMP DecryptErrorsClient is detected
The fault threshold has been exceeded for the number of decryption errors detected by the CCMP play mechanism on the interface.
Occasionally MIC failures can occur during key rotation. To diagnose the problem, you should:
•Check the IOS version.
•Enable 802.1x logs on the AP.
•Perform an SNMP walk of cDot11WidsProtectFailClientTable to determine which clients are reporting the TKIP MIC failure. If just one client is reporting the failure, it could be a client issue.
EAPOL FLOOD is detected (Flood count: floodcount)
The fault threshold has been exceeded.
When this fault is cleared, the following message displays: There is no EAPOL Flood detected.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Number of TKIP replay errors is Overloaded.
The fault threshold set for the overloaded state has been exceeded.
When the fault is cleared, the following message displays: Number of TKIP replay errors is OK.
Radio Role must be "roleScanner" to support Frame Monitoring (was x).
This fault is raised when a radio is initially configured for Frame Monitoring (where x is the integer value of the SNMP OID cd11IfStationRole from the CISCO-DOT11-IF-MIB), but then someone configures the radio out of scanning-only mode. As a side effect, this also disables Frame Monitoring.
When this fault is cleared, the following message displays: Radio Role is "roleScanner" and supports Frame Monitoring.
Radio Mgr > Frame Monitoring
Review your network to determine the action necessary to clear the fault condition.
Although this situation might simply be that an administrator no longer needs to monitor or scan a portion of their site any longer, it could also be an intruder who has somehow gained console access to a Scanning AP and is attempting to "blind" IDS services for a portion of a site.
TKIP Replay is detected
The fault threshold set has been exceeded.
When this fault is cleared, the following message displays: There is no TKIP Replay detected.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Unregistered Client(s) present
One or more unregistered clients have been detected in the wireless network, and are unsucessfully attempting to authenticate with the APs.
The unregistered client fault is triggered when an AP in scanning mode detects a number of probe requests and association requests from a station, client, or access point, which crosses the configuired threshold in the configured time.
The registration attempts are not being made to the scanning AP; the attempts are being made to regular APs that the scanning AP notices.
Set the priority of the fault to be generated and the threshold for the failed authentication attempts by the client.
Make a physical check near the scanning AP that reported this fault to see if there are any rogue clients.
(The fault is generated based on the configured Client Registration Request Count within a 15-minute period. The default is 100 registrations, but can be changed to 200, 300, 400 or 500. ) The scanning AP counts the packets per station.
This fault is cleared when no registration attempts are detected during the observation interval (the client leaves the wireless network or is not seen or reported by any Scanning APs).
Wireless Client MAC spoofing detected
The WLSE has detected a spoofed MAC address.
Whenever the WDS detects an authentication taking place for a known MAC address, it verifies that the same user ID is being used. If the user ID does not match, the authentication is rejected and a fault is issued.
When this fault is cleared, the following message displays: No Wireless Client MAC Spoofing Detected.
IDS > Manage IDS Settings > General IDS Settings > Wireless Client MAC Spoofing
Review your network to determine the action necessary to clear the fault condition.
WLSE Faults
Table 2-4 WLSE Faults
Fault Description
Explanation
Related Setting
Recommended Action
Auto Resite Survey Performance Degradations
There is at least one floor with a 20% difference in the base and current performance values on one or more floors configured for Auto Re-Site Survey.
The fault will clear when there are no longer any buildings or any floors with 20% differences in the performance values.
Radio Manager > Auto Re-Site Survey
Select the document with the eyeglasses in the detail view of the fault condition. A list of all buildings and floors that have performance degradations is displayed.
First, check the details for the floor and if needed, run Radio Manager Assisted Configuration. Then select Auto Re-Site Survey to set the new base values.
Data may not have been successfully restored from active.
The standby WLSE has detected a failure in the active WLSE and is becoming active before it successfully synchronized with the active WLSE.
Not applicable.
Make sure the WLSEs are correctly configured and functioning properly.
Duplicate IP Detection
During discovery, an AP with a duplicate IP is found and placed in the Duplicate IP folder under Devices > Managed > Manage/Unmanage.
This folder contains access points that are in the pending state. A device becomes pending and is placed in this folder when:
•The same IP address is assigned to more than one access point.
•An access point's IP address changes.
•You replace a managed access point.
The IP address shown for a device in this folder is the last known address for the device, before the address change occurred.
For information on how to move devices from the Duplicate IP folder, see the topic: Handling Duplicate IP Addresses on Access Points in the Managing Devices chapter of the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.12. or in the online help.
Fault Engine is overloaded with excessive polling.
The WLSE fault engine is overloaded due a large number of fault policy and threshold polling occurring at one time. This generally occurs when the WLSE is configured to monitor large number of fault policies and thresholds on large number of devices.
This fault will clear when the polling rate drops below the internally set threshold.
Not applicable.
•Make sure the WLSE has connectivity to the network.
•Reduce the amount of fault polling by disabling certain policies and thresholds.
Lost connectivity with router.
The WLSE is unable to ping the default router.
Not applicable.
Make sure that:
•Connectivity from the WLSE to the gateway router is okay.
•The gateway router is functioning properly.
Lost connectivity with standby on ip_address.
The standby WLSE indicated by the IP address is down.
Not applicable.
Make sure that:
•The standby WLSE is up and running.
•The standby WLSE is network accessible.
•Redundancy has been correctly setup on the Active WLSE.
Other node is running a different version. Redundancy will be turned off.
A mismatch of WLSE software version has been detected between the active and the standby WLSEs.
Not applicable.
Make sure the correct WLSE software has been installed on both the active and standby WLSEs.
Redundancy active mode enabled
The WLSE sending this message is now active.
Not applicable.
Confirm that both WLSEs are functioning respectively as Active and Standby.
Redundancy standby mode.
The WLSE sending this message is now in standby mode.
Not applicable.
Confirm that both WLSEs are functioning respectively as Active and Standby.
Redundancy turned off.
Redundancy has been disabled.
Not applicable.
Make sure the WLSEs are correctly configured and functioning properly.
Regained connectivity with router.
The WLSE that sent this message is now able to ping the default router.
Not applicable.
Confirm that both WLSEs are functioning respectively as Active and Standby.
Regained connectivity with standby on ip_address
The Standby WLSE is up.
Not applicable.
Confirm that both WLSEs are functioning respectively as Active and Standby.
System check failed on ip_address for reason: reason.
The system check failed.
Not applicable.
Make sure the WLSEs are correctly configured and functioning properly.
Make sure that the credentials are set correctly by selecting Devices > Discover > AAA Server.
EAP-FAST server is not available
EAP-FAST
Can be caused by any of the following reasons:
•WLSE IP Address is not configured as a NAS on the server.
•Shared secret key does not match the key configured on the server.
•Server is unreachable.
When this fault has been cleared, the following message displays: EAP-MD5 server is available
Manage Fault Settings > AAA > EAP-FAST > Response Time
Check server configuration to make sure that:
•WLSE IP address is configured as NAS on the server.
•Shared secret key matches the key configured on the server
EAP-FAST server is Degraded
EAP-FAST
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: EAP-FAST server is OK
Manage Fault Settings > AAA > EAP-FAST > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
EAP-FAST server is Overloaded
EAP-FAST5
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: EAP-FAST server is OK
Manage Fault Settings > AAA > EAP-FAST > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
EAP-MD5 server is not available
EAP-MD5
Can be caused by any of the following reasons:
•WLSE IP Address is not configured as a NAS on the server.
•Shared secret key does not match with the key configured on the server.
•Server is unreachable.
When this fault has been cleared, the following message displays: EAP-MD5 server is available
Manage Fault Settings > AAA > EAP-MD5 > Response Time
Check the server configuration to make sure that:
•The WLSE IP address is configured as NAS on the server.
•The shared secret key matches the key configured on the server
EAP-MD5 server is Degraded
EAP-MD5
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: EAP-MD5 server is OK
Manage Fault Settings > AAA > EAP-MD5 > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
EAP-MD5 server is Overloaded
EAP-MD5
Fault threshold for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: EAP-MD5 server is OK
Manage Fault Settings > AAA > EAP-MD5 > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
LEAP server is not available
LEAP
Can be caused by any of the following:
•You enabled this policy and are using a non-Cisco client with EAP.
•WLSE IP Address is not configured as a NAS on the server.
•Shared secret key does not match the key configured on the server.
•Server is unreachable.
When this fault has been cleared, the following message displays: LEAP server is available
Manage Fault Settings > AAA > LEAP > Response Time
Check the server configuration and make sure that:
•The WLSE IP address is configured as NAS on the server.
•The shared secret key matches the key configured on the server
LEAP server is Degraded
LEAP
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: LEAP server is OK.
Manage Fault Settings > AAA > LEAP > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
LEAP server is Overloaded
LEAP
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: LEAP server is OK.
Manage Fault Settings > AAA > LEAP > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
PAC is either invalid or expired. Please reimport new PAC file
EAP-FAST
PAC file is either invalid or expired.
This fault is not generated based on a threshold violation.
Generate a new PAC file from the EAP-FAST server you are trying to monitor and make sure that the expiry time is set properly when generating the PAC file.
PEAP server is not available
PEAP
Can be caused by any of the following reasons:
•PEAP monitoring is not enabled.
•WLSE IP Address is not configured as a NAS on the server.
•Shared secret key does not match with the key configured on the server.
•Server is unreachable.
•EAP-GTC is required for reports and faults.
When this fault has been cleared, the following message displays: PEAP server is available
Manage Fault Settings > AAA > PEAP > Response Time
Check the server configuration and make sure that:
•PEAP monitoring is enabled under Manage Fault Settings > AAA> PEAP > Response time.
•WLSE IP address is configured as NAS on the authentication server.
•If both NICs in the WLSE are assigned an IP, both should be added as NAS in the PEAP authentication server.
•Shared secret key matches the key configured on the server.
•WLSE requires EAP-GTC for PEAP monitoring, which is used for PEAP-related reports and faults. They will not work with MS-CHAPV2.
PEAP server is Degraded
PEAP
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: PEAP server is OK.
Manage Fault Settings > AAA > PEAP > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
PEAP server is Overloaded
PEAP
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: PEAP server is OK
Manage Fault Settings > AAA > PEAP > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
RADIUS server is not available
PEAP
Can be caused by any of the following reasons:
•WLSE IP Address is not configured as a NAS on the server.
•Shared secret key does not match with the key configured on the server.
•Server is unreachable.
When this fault has been cleared, the following message displays: RADIUS server is available
Manage Fault Settings > AAA > RADIUS > Response Time
Check your server configuration and make sure that:
•The WLSE IP address is configured as NAS on the server.
•The shared secret key matches the key configured on the server
RADIUS server is Degraded
PEAP
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: RADIUS server is OK.
Manage Fault Settings > AAA > RADIUS > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
RADIUS server is Overloaded
PEAP
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: RADIUS server is OK.
Manage Fault Settings > AAA > RADIUS > Response Time
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Switch Faults
Table 2-6 Switch Faults
Fault Description
Explanation
Related Setting
Recommended Action
CPU utilization is Degraded (utilization %)
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: CPU utilization is Ok.
Manage Fault Settings > Switch > CPU Utilization
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
CPU utilization is Overloaded (utilization %)
The fault threshold set for the overloaded state has been exceeded.
When this fault has been cleared, the following message displays: CPU utilization is Ok.
Manage Fault Settings > Switch > CPU Utilization
Verify that the fault threshold is set correctly.
If the threshold is set correctly, review your network to determine the action necessary to clear the fault condition.
Device was not reachable via SNMP
The SNMP Agent on the switch is down.
When this fault has been cleared, the following message displays: Device was reachable via SNMP.
Manage Fault Settings > Switch > SNMP Reachable
Make sure that the switch SNMP agent is active.
Module is down
The module is down.
When this fault has been cleared, the following message displays: Module is up.
Manage Fault Settings > Switch > Module Status
Check the module in the switch and correct the problem.
Port could not agree with other end on duplex mode
The port could not agree with the far end on port duplex, and is in disagree(3) mode.
When this fault has been cleared, the following message displays: Port duplex state is OK.
Not applicable.
Make sure the duplex mode on both ends match.
Port is administratively set to down
The port has been set to down by the administrator.
When this fault is cleared, the following message displays: Port is UP.
Manage Fault Settings > Switch > Port Status
Confirm that the switch port has been deliberately shut down, and that it is not down due to some other accidental operation.
Port is down.
The port is operationally down.
When this fault is cleared, the following message displays: Port is UP.
Manage Fault Settings > Switch > Port Status
Check the switch to determine why the port is down.
Switch memory utilization is Degraded (utilization %)
The fault threshold set for the degraded state has been exceeded.
When this fault has been cleared, the following message displays: Switch memory utilization is Ok.
Fault—The fault as it appears in the Display Faults table.