Have you tried this by enabling DHCP snooping for the vlan 330 on your 5760 & trust 5760 uplink ? In the below I have assume 10G port of 5760 is map to a etherchannel (Po1). Otherwise trust the physical interface.
ip dhcp snooping
ip dhcp snooping vlan 330
interface Port-channel x
switchport trunk native vlan x
switchport trunk allowed vlan x,y,z
switchport mode trunk
ip dhcp snooping trust
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

Flexconnect Local Switching Hosts Do Not Receive IP Addresses

Hello,
My WLC software version is 7.4.110.0. I have a branch office in my lab. The AP in my branch is configured as flexconnect with native VLAN of 700. The SSID that I have in the branch office is configured to do local switching. The show wlan is added below.
My tunneled SSID still working and I can still receive IP addresses from it. My issue is last week I have the Flexconnect working with no problem, then this morning I can connect to the SSID, but I'm not receiving IP addresses for my test wireless clients.
Thanks
[code]
WLAN Identifier.................................. 2
Profile Name..................................... ACS Guest
Network Name (SSID).............................. RMTGuest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... RK2WLC5508-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... 172.28.27.130
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream          Downstream
Average Data Rate................................   0                      0
Average Realtime Data Rate.......................   0                      0
Burst Data Rate..................................   0                      0
Burst Realtime Data Rate.........................   0                      0
Per-Client Rate Limits........................... Upstream          Downstream
Average Data Rate................................   0                      0
Average Realtime Data Rate.......................   0                      0
--More-- or (q)uit
Burst Data Rate..................................   0                      0
Burst Realtime Data Rate.........................   0                      0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
--More-- or (q)uit
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Enabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID     IP Address            Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
[/code]

is the VLAN still mapped on the AP, and allowed across the trunk?
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Client not receive ip address - dhcp_reqd

Hi,
In my environment there's a 5508 (firmware 7.4.110.0) and ap 1600 with a ias radius server. All wlan are in flex-connect local switching, one client try to connect on a wlan but not receive ip address. After enabled debug aaa all i took the log corresponding :
Cisco Controller) >*emWeb: Feb 11 16:52:36.047: Created WARP Capabilities IE (length 12) for WLAN LAB
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Adding mobile on LWAPP AP 00:3a:9a:77:55:a0(0)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Association received from mobile on BSSID 00:3a:9a:77:55:06
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP radio
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Max Client Trap Threshold: 50 cur: 3
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP wlan
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Re-applying interface policy for client
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 In processSsidIE:4264 setting Central switched to FALSE
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific Local Bridging override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Local Bridging Interface Policy for station 18:3d:a2:25:01:a4 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Re-applying interface policy for client
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Processing WPA IE type 221, length 24 for mobile 18:3d:a2:25:01:a4
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 unsetting PmkIdValidatedByAp
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfMsAssoStateInc
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Idle to Associated
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2:session timeout forstation 18:3d:a2:25:01:a4 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Sending Assoc Response to station on BSSID 00:3a:9a:77:55:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Associated to Associated
*apfMsConnTask_2: Feb 11 16:54:22.506: 18:3d:a2:25:01:a4 Updating AID for REAP AP Client 00:3a:9a:77:55:a0 - AID ===> 4
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 1)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Received EAPOL START from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 2)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received Identity Response (count=2) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 EAP State update from Connecting to Authenticating for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticating state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=3) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 3)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=4) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 4)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=7) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 WARNING: updated EAP-Identifier 4 ===> 7 for STA 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 7, EAP Type 25)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Processing Access-Accept for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created for mobile, length = 253
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Creating a PKC PMKID Cache entry for station 18:3d:a2:25:01:a4 (RSN 0)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Sending EAP-Success to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Starting key exchange to mobile 18:3d:a2:25:01:a4, data packets will be dropped
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Entering Backend Auth Success state (id=7) for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Received Auth Success while in Authenticating state for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticated state
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-key in PTK_START state (message 2) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 apfMs1xStateInc
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Key exchange done, data packets from mobile 18:3d:a2:25:01:a4 should be forwarded shortly
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                    state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*pemReceiveTask: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask3: Feb 11 16:54:22.707: 18:3d:a2:25:01:a4 Sent EAPOL-Key M5 for mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 18:3d:a2:25:01:a4
*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.769: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
(Cisco Controller) >*emWeb: Feb 11 16:54:46.127: 18:3d:a2:25:01:a4 Central Switch = FALSE
*emWeb: Feb 11 16:54:46.128: 18:3d:a2:25:01:a4 Central Switch = FALSE
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*emWeb: Feb 11 16:55:36.461: 18:3d:a2:25:01:a4 Central Switch = FALSE
*emWeb: Feb 11 16:55:36.463: 18:3d:a2:25:01:a4 Central Switch = FALSE
From log i know that 802.1x passed, while dhcp don't send ip address. It seems that the local vlan id is 0 while in reality is 3... WHY ? i don't understand.
Someone can help me to find the problem? i think the problem is on the network, the dhcp ( the corporate router) is directly connected to the ap.

Are you setting your FlexConnect native vlan and the wlan to vlan mapping? You also need to make sure you have the ip helpers setup and that dhcp is working. I would configure a switch port to a vlan that the wireless users is suppose to be on locally at that site and connect a laptop to that port and make sure that the laptop gets an address.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****

Guest users not getting IP address

I am setting up Cisco wireless along with ISE 1.3 for guest wireless. The client is going to use the self-registration portal for guest wireless users. I followed this Cisco doc to configure the self-registration portal:
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configure-ise-00.html
I tested this in my home lab and everything works fine. However, at the client users are not getting IP addresses from the DHCP server. This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address. I have looked what I configured at home and the client and everything looks the same. In the back of my mind, I feel something is missing, but I can't figure out what it is.
Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.
Let me know what information you need and I will post it.
TIA,
Dan

Hello,
Some verifications below :
Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
The scenario is Local Switching or Central Switching ?
Regards

E4200 Guest Network Not Working

I cannot get the Guest Network feature to work.
Even though Guest SSID is enabled, it does not show up on any devices attempting to connect. Manually connecting by entering the Guest SSID fails (not recognized). On devices with the primary 5 and 2.4 GHz configured they do see the third network but without SSID (unknown) and are also unable to connect to it manually using the SSID.
Here are my settings:
Firmware: 1.0.02
E4200 is configured in Bridge mode (WAP).
5 GHz Network
Mode Mixed
SSID Astro2-an
Width Auto
Channel Auto (DFS)
SSID Broadcast Disabled
2.4 GHz Network
Mode Mixed
SSID Astro2-bgn
Width Auto
Channel Auto
SSID Broadcast Disabled
Guest Access
Allow yes
Name Astro2-bgn-guest (cannot be changed)
Guest Password testpassword
Total Guests Allowed 5
SSID Broadcast enabled
I did not try this before 1.0.02. Have rebooted modem and verified all configs (multiple times). The network is live in an office and can't keep screwing with it or drastically changing its settings.
Peter
Solved!
Go to Solution.

[email protected] wrote:
I have now tried 3 of these routers and the problem as I see it is when you set the E4200 to bridege mode with a static IP then the client receives a .33.x address receive the E4200's default gateway and a .33.1 as the dns servers. I don't see how the clients could resolve dns with these 2 entries.
Alas, I have think I have now figured out why some people can connect using the E4200 in bridge mode as a guest and some cannot. It is my belief that Cisco needs to update the firmware to allow you to enter dns values on the staic page because if you set the E4200 to obtain an IP address automatically then it receives good DNS info. You can verify my results by looking at the staus page in staic and dynamic mode.
I hope this helps people that are having problems.......
(Mod Note: Edited due to non-compliance of forum guidelines.)
Your findings are correct. However I don't see where adding a static DNS would work. What Cisco needs to do is provide the DNS of the connected gateway for internet access when in bridge mode for guest connections. Then restrict routing to just the gateway for internet access and no local routing.

Guest Network Not Working On Airport Time capsule

Whenever I enable the guest network and join it, it joins fine. but it wont load any webpages or the app store, or anything. all the devices im trying to connect, connect to the guest network fine. but they just wontt get wifi signal from the TC.
I can get the normal and 5GHz network to work.
I have the TC router connected to a Tp Link modem and setup as its own network.
If i change the router mode on the TC to DHCP and NAT it works but the amber light flashes on the TC which annoys me. then it stops working and i end up having to change under network in airport utility to off (bridge mode)
Please help somebody???
Any help will be much appreciated

Check the client is getting proper DNS address .. there is a bunch of bugs..
The main bug is that guest network does not actually work when the TC is in off bridge mode.. it looks like it is going to work but it doesn't.
The TC must be the main router of the network..
So bridge your TP-Link and use PPPOE client in the TC if that is allowed by your ISP.
Or simply ignore the double NAT and then the light will go green and not bother you any more..
Or an even better solution.. use the TP-Link wireless for guest.. and use the TC in bridge for main network.. there is nothing wrong with doing that.. and in fact it will work far better since guest network is still sharing the wireless on the TC and slowing it down.

EA4500 Guest Network not working

A few days ago I saw there was an upgrade for my router. I clicked on it and away I went. Since updating my guest network isn't working. My android and Kindle HD find the guest network, attach but no prompt for password ever shows up like it did before. The web page will time out and die. Does anyone have a clue why my devices don't prompt for a password anymore?

cperficio wrote:
A few days ago I saw there was an upgrade for my router. I clicked on it and away I went. Since updating my guest network isn't working. My android and Kindle HD find the guest network, attach but no prompt for password ever shows up like it did before. The web page will time out and die. Does anyone have a clue why my devices don't prompt for a password anymore?'i clicked on it and away it went' could be the problem. as much as linksys would like to think it works that way, it has been shown time and time again that the best way to update is to:download the update file to a pc with a wired connection factory reset the routerflash the file from that wired pcfactory reset againconfig from scratch not a backupyou might try to do a factory reset and config and see if it clears the issue. also on those devices that are not working try forgetting the connection and connect again.

Can connect to guest network, not main network.

I have a Time Capsule setup that works great. I have several Macs that run fine on the network. I have one older Power PC that will connect to the Time Capsule's guest network but not the main network despite having the correct password. Every time I try it says "connection failed." Ideas?

This information tells you that the Power Mac is not capable of connecting to a network using WPA2 Personal encryption.
Since we've drifted far away from a potential Time Capsule issue at this point, your best option will be to post in one of the Power Mac forums to see if there might be a way to upgrade the operating system to a level where it would support WPA2 Personal encryption.

Guest Network not working in latest Airport Extreme

Just bought the latest Airport Extreme (802.11ac), and want to enable the Guest Network.
- Installed latest firmware
- Set Airport in Bridge Mode
- Enabled Wireless Network
- Enabled Guest Network
There is no connecting to Guest Network (iphone) and if possible (macbook) there is no internet.
With a previous version of Time Capsule, the Guest Network in the same setting worked like a charm.
Anybody seen this before or is the Airport Extreme working different than a Time Capsule?

According to the theory what you are saying about the A1355 is not possible.. ie there is no guest in bridge.. I have tested it and can assure you it did NOT work.. it fooled me into thinking it should and I spent many hours working on it.. our forum expert here.. Bob Timmons set me straight.
Now I am always a believer in voodoo and gremlins and maybe the tooth fairy when it comes to wireless.. it is about 80% of the above and 20% science.. so please do the test again and see if it is possible.. but I can assure you.. apple have set guest network to off in bridge.
There are ways around it.. complicated methods. ie if you extend wireless to your TC.. from another apple router where the router is on, then guest can be used. You can also use a managed switch to set vlans for the guest.
See the following which I used to research this topic.
Guest network in bridge.
https://discussions.apple.com/thread/2815541?start=15&tstart=0
https://discussions.apple.com/thread/3617532
https://discussions.apple.com/thread/5247107?start=0&tstart=0
https://discussions.apple.com/thread/4787934?start=45&tstart=0
https://discussions.apple.com/message/23127620#23127620
Good Luck.. !!

Apple Airport Express guest network not really secure?

I've setup several of these devices and they work quite well but I setup the guest network on one and it's in the 172.X.X.X range and the local network is actually on the 192.X.X.X network.If I go to Start and Run and type in \\server it doesn't work but if I do \\192.168.1.2 it asks for the server credentials and allows someone to pull data! That's not a true "guest" network! Is this expected and normal? Do I need to return this device to the store and use something that actually protects the internal network?

GreatGeek wrote:
I've setup several of these devices and they work quite well but I setup the guest network on one and it's in the 172.X.X.X range and the local network is actually on the 192.X.X.X network.If I go to Start and Run and type in \\server it doesn't work but if I do \\192.168.1.2 it asks for the server credentials and allows someone to pull data! That's not a true "guest" network! Is this expected and normal? Do I need to return this device to the store and use something that actually protects the internal network?
It is not actually expected and normal. The guest network should be on a separate vlan to the main network. So even if you can get connection without wireless credentials the only access should be to the internet.
Tell us a bit more of the setup.
What is the main router? Is it setup to isolate vlans?
What about the switch.. again if it is managed or not and how are vlan setup?
What you might find is the Express is designed to work with the Extreme and in extend wireless mode where the network is correctly vlan isolated.
Have you tried another brand of wireless AP, with a guest mode.. because this might actually be a problem of the main router.. as it should not allow access.
I am not saying the Express are perfect by any means.. and people do occasionally report guest network functioning when it should not be.
What is model and firmware they are running.. ?
Are they plugged into the network by ethernet and setup in bridge.. then create a wireless network? Is it setup for roaming rather than extend or have you mixed them??
In the case where you use them in roaming.. the guest network should not work unless there is an airport extreme running as main router to provide vlan support.. or you have a managed switch.

N80ie Not Receiving IP Address

I have a N80ie with the Wireless Wizzard installed. Works like a charm with most WiFi networks except for my home network.
At home I have ADSL with a D-Link AP. I have NO PROBLEM connecting to the WiFi AP; however, neither the AP nor the ADSL router 'see' the phone in the network, not even whhen I use a fixed IP or reserved DHCP entry. Its driving me CRAZY cuz I want to use Gizmo!
HELP!

i got a serious question. i have the same phone as yours but i dont know how to use it, like the wi fi. i dont know how to set it up. can you help me.. appreciate it... thanks!!!

IPod Touch Not Receiving DNS Address

For the past week or so, my iPod Touch has not been receiving a DNS address from the wireless router in my workplace. The router is a Netgear RangeMax WPN824, currently using WPA-PSK encryption. The iPod indicates that it successfully connects to the router, but it does not have any internet connectivity in Safari, Mail, or any other internet-required apps, and when I check on the wireless connection, it does not have a DNS address assigned.
I have no trouble connecting to the wireless network using my laptop, and the IP configuration on my laptop indicates that the laptop gets a DNS address of 10.0.0.1. I've tried manually entering that address, as well as an OpenDNS address, into the wireless settings on the iPod, with no success.
My iPod Touch is running the 2.0.2 firmware, but one of my friends who uses the 1.1.x firmware is also unable to get any connectivity. Any suggestions, anyone?

Same here! All the other computers (MacBook, Gateway Vista desktop, husband's Toshiba XP laptop and my old Mac notebooks) on my wi-fi network are connecting just fine (using a Time Capsule as my router), but my iPod Touch either can't see my network or if it does, rejects my password (even though I enter it exactly the same way as on my other machines that do connect successfully). I went to Settings and there is no DHCP address or DNS server info; and numerous resets of the Touch's network settings were no help. I haven't called AppleCare (they're never open when I have the time) and am afraid they will tell me to update the TimeCapsule's firmware or AirPort Utility--which I did last week and promptly killed my network till I reverted to the previous versions.
I have all these fun killer apps but can't get online except with a computer. (Last resort is to see if I can get on to a wi-fi hotspot). I just paid ten bucks and killed 3 hours to break my iPod Touch. Is this an attempt by Apple to get us to buy yet another device or even an iPhone (which I DON'T want because my phone service is expensive enough as it is).

WLC2412-Clients Not receiving DHCP addresses

I recently upgraded a clients WLC and they keep saying they are unable to get an IP address from the DHCP server. It's a simple, flat network and here is what the logs are showing. Any advice would be greatly appreciated.
*apfReceiveTask: Apr 11 13:37:25.477: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:17.278: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:05.880: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:13:47.397: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:25.477: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:17.278: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:05.880: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:13:47.397: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.

(Cisco Controller) show>interface detailed management
Interface Name................................... management
MAC Address...................................... 64:00:f1:91:5d:40
IP Address....................................... 192.168.8.3
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.8.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 8
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 192.168.8.49
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled

Lightweight APs not receiving IP address following controller upgrade

Hi guys,
I have a 5508 controller, just upgraded from 6.0.182 to 7.0.98.0. Also LAG was switched off directly after upgrade.
Since the upgrade none of the 1142 LAPs are associating with the controller. I can see they are being issued IPs by the internal DHCP but putting a console cable and watching I am getting:
Not in Bound state.
*May 4 11:41:17.759: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*May 4 11:41:17.759: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
Nothing changed on switches... driving me nuts... Can anyone shed some light?
One Ap prior to the upgrade was on a static IP and that connected through without any problem, (it was an 1131 though, but I dont think that is the issue...)
Any help greatly appreciated!

Hi Scott, thanks for the assist.
I have installed the FUS image... we were only ever using one port, (port 1), and I have confirmed that the management interface is set to that. Also reset the AP but no change in behaviour.
I can see the internal DHCP server allocating addresses, then reissuing them one minute later...
AP on boot up gave this:
*Mar 1 00:13:19.761: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on GigabitEthernet0 (not full duplex), with Science_Prep-2950-24 FastEthernet0/24 (full duplex).
*Mar 1 00:13:19.761: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASSIC_NO_INJECTOR_CONFIGURED WS-C2950G-24-EI (0012.daab.2e18)
*Mar 1 00:13:19.761: -Verify the required power-injector is installed on this port: WS-C2950G-24-EI(Fas 0/24).
*Mar 1 00:13:19.761: -If a power-injector is installed, issue the command:"power inline negotiation injector installed"
*Mar 1 00:13:26.940: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
nothing changed in the switch cab from before the upgrade...

Apple devices not receiving IP address

Hello everyone,
I searched for a resolution to my problem but couldn't find one so hopefully I can get some help here.
We have a 2504 controller (Code 7.0.220.0) deployed with 7 LAPs. We have a few SSIDs, both with WPA/WPA2 configured. There is an external DHCP server that all clients get their IP address from. Laptops can connect to these SSIDs with no problem.
Lately tho, no APPLE devices (iphone 4, 4s, 5, ipads, etc) can get an IP address. They are all stuck in the DHCP_REQD state. I ran some debugs and I see that an APPLE device keeps getting a DHCPOFFER with an IP address but the APPLE device never accepts. Has anyone ever had this issue ?
Here is the debug of the client getting DHCP offers but never accepting:
*DHCP Socket Task: Oct 01 10:26:48.083: 3c:d0:f8:99:1b:fe DHCP setting server from OFFER (server 192.168.34.253, yiaddr 192.168.34.151)
*DHCP Socket Task: Oct 01 10:26:49.111: 3c:d0:f8:99:1b:fe DHCP received op BOOTREQUEST (1) (len 308,vlan 934, port 2, encap 0xec00)
*DHCP Socket Task: Oct 01 10:26:49.111: 3c:d0:f8:99:1b:fe DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 01 10:26:49.111: 3c:d0:f8:99:1b:fe DHCP received op BOOTREPLY (2) (len 257,vlan 934, port 2, encap 0xec00)
*DHCP Socket Task: Oct 01 10:26:49.112: 3c:d0:f8:99:1b:fe DHCP received op BOOTREPLY (2) (len 257,vlan 932, port 1, encap 0xec03)
*DHCP Socket Task: Oct 01 10:26:59.273: 3c:d0:f8:99:1b:fe DHCP received op BOOTREQUEST (1) (len 308,vlan 934, port 2, encap 0xec00)
*DHCP Socket Task: Oct 01 10:26:59.273: 3c:d0:f8:99:1b:fe DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 01 10:26:59.370: 3c:d0:f8:99:1b:fe DHCP received op BOOTREPLY (2) (len 298,vlan 932, port 1, encap 0xec03)
*DHCP Socket Task: Oct 01 10:26:59.370: 3c:d0:f8:99:1b:fe DHCP setting server from OFFER (server 192.168.34.253, yiaddr 192.168.34.153)
*DHCP Socket Task: Oct 01 10:27:00.377: 3c:d0:f8:99:1b:fe DHCP received op BOOTREQUEST (1) (len 308,vlan 934, port 2, encap 0xec00)
*DHCP Socket Task: Oct 01 10:27:00.377: 3c:d0:f8:99:1b:fe DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 01 10:27:00.377: 3c:d0:f8:99:1b:fe DHCP received op BOOTREPLY (2) (len 257,vlan 934, port 2, encap 0xec00)
I saw in another thread that disable WPA/TKIP can work, however this isn't an association issue because they association just fine, they just can get an IP address.
Any help would be great. Thanks!

Hey all,
Thanks again everyone for the help. Turns out after a lot of packet captures and pointless calls with TAC, I found the issue was a bug with the ASA firewall.
https://tools.cisco.com/bugsearch/bug/CSCuh79288
The DHCP lease time to Apple devices was 0 seconds (might be due to the fact that Apple devices request Options 119 and 252). The fix was configure "dhcprelay timeout 60" on the firewall.
Makes no sense I know but it fixed it.

5760 guest network not receiving IP address

Similar Messages

Maybe you are looking for