Guest Wireless client not getting IP addresses

Similar Messages

• DHCP via Hyper-V VM, Server2012r2 Hyper-V host, clients not getting IP address

  You have to authorize a dhcp server as Britv8 says. That's the only way it'll start dishing out leases. That's standard for Windows DHCP server in an AD Domain.
  Also there's 0 reason to mention Hyper-V here. The whole point of virtualization is to do hardware level abstraction.

  I recently encountered this. Setup:
  Initial setup of the system was at a different location from its final destination, with different network equipment (switches) between the two. No teaming is involved, however.
  Set up the system at its final destination, with DHCP via a Hyper-V VM (Server2012r2), Server2012r2 Hyper-V host, physical clients on the lan were not getting IP address.
  The physical server box has a 4-port Intel Gigabit ethernet card.
  I moved the setup (Hyper-V Virtual Switch manager) so that the interface for the DHCP server VM was isntead using one of two built-in Broadcom adapters.
  While this topic seemed promising,
  http://community.spiceworks.com/topic/251317-hyper-v-vm-not-leasing-ip-s-dhcp
  unfortunately, "fiddling about" was not what I was looking for as possible solution.
  My notes for the resolution:
  Hyper-V system running...
  This topic first appeared in the Spiceworks Community

• Wifi clients not getting IP addresses

  Hello Experts,
  I have a Cisco 1140 AP, and using express setup I have cnofigured a IP address to it. This AP is connected to our public network and is configured with a public ip address. We want the guest users to connect to Wifi and gain access to Internet.
  While the users connect to Wifi, I find their laptops getting IP address in series 169.x.x.x due to which they are unable to get to internet.
  Can somebody guide to what all configuration required so that laptops would get ip address?
  Thanks
  Arvind

  Hello George,
  I do not have any DHCP server, I want the AP to allocate IP addresses to wifi clients.
  Anshul,
  Is there any way the AP distribute the IP addresses? I want to have the AP act as an DHCP server and allocate IP address of wifi clients.
  If this is not possible in this AP model 1142N, any other Cisco AP model available, which can act as DHCP server?
  My requirement basically is:
  The AP should allocate IP in the range 192.168.x.x and I would connect the AP to the public network. The wifi clients should be able to get to Internet.
  Please suggest any other model in Cisco which should meet my requirement.
  Thanks
  Arvind

• Wireless clients cannot get ip address

  I have 7 WLANs configured all work fine but the latest. The 7th WLAN I configured will not let clients get an IP address. I can plug a wire into the port with the same VLAN configured on the port and I get an IP address but wireless clients connected to an AP on that port cannot get an IP adddress. Any suggestions would be appreciated.

  Hello,
  where is the DHCP server configured?
  - do all other 6 WLAN's work fine with the same DHCP server.
  - do you have any H-REAP VLAN mapping , or AP groups configured?
  they will override the WLAN-interface configuration.
  Kind regards
  Talal
  =======
  please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily

• Cisco ISE 1.2, Clients not getting IP address in closed mode

  Hello, I am running closed mode on my switchports. I have an issue where some clients come in in the morning, try to login, and will not get network access. I see that this is because they do not get an IP address. I am using MAB for authentication currently. They appear to MAB correctly and get Authorized in ISE, but they do not get an IP. Therefore, they also do not get the DACL of permit ANY. It's like the port gets de-authenticated during the night. Usually when the machine is rebooted it will come up with an IP address. Here is my switchport config...
   switchport access vlan 32
   switchport mode access
   switchport voice vlan 64
   logging event link-status
   authentication event fail action next-method
   authentication event server dead action authorize vlan 32
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize 
   authentication host-mode multi-auth
   authentication order mab dot1x
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer restart 600
   authentication timer reauthenticate 7200
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout quiet-period 300
   dot1x timeout tx-period 10
   dot1x timeout ratelimit-period 300
   dot1x timeout held-period 300
   service-policy input QoS-Input-Policy
   service-policy output QoS-Host-Port-Output-Policy
  end

  Thanks, here is the requested output of an Unauthorized client. I had to configure authentication open so they could still get access...
  SJ5051IDF1#show authen sess int g2/20 d
              Interface:  GigabitEthernet2/20
            MAC Address:  d4be.d94f.ab92
           IPv6 Address:  Unknown
           IPv4 Address:  10.42.32.109
              User-Name:  D4-BE-D9-4F-AB-92
                 Status:  Unauthorized
                 Domain:  DATA
         Oper host mode:  multi-auth
       Oper control dir:  both
        Session timeout:  N/A
      Common Session ID:  0A2A000B000034E367D4B998
        Acct Session ID:  Unknown
                 Handle:  0x21000508
         Current Policy:  POLICY_Gi2/20
  Local Policies:
  Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)
        Security Policy:  Should Secure
        Security Status:  Link Unsecure
  Method status list:
         Method           State
         mab              Authc Success
  SJ5051IDF1#
  SJ5051IDF1#
  SJ5051IDF1#show ip access int g2/20
  SJ5051IDF1#
  SJ5051IDF1#
  SJ5051IDF1#show access-list int g2/20
                                  ^
  % Invalid input detected at '^' marker.
  SJ5051IDF1#show access-list ?        
    <1-2799>    ACL number
    WORD        ACL name
    ipc         Show access-list config download info
    rate-limit  Show rate-limit access lists
    |           Output modifiers
    <cr>
  SJ5051IDF1#show access-list g2/20
  SJ5051IDF1#
  SJ5051IDF1#
  SJ5051IDF1#

• DHCP: Some clients not getting IP address

  Recently setup a new DHCP server on Mac OS X Server 10.5.8 running on an Xserve.  We migrated from a Linux server.
  The Xserve was originally just a file server.  So the only services currently running are: AFP, DHCP, NFS, and SMB.  No additional software is running.
  The DHCP server ran just fine for the first couple weeks.  But then we found some computers just stopped getting IP addresses from the DHCP server.  Some were new computers introduced to the network.  Some were laptops that had left and come back.  However, the DHCP server is definitely still giving out IP addresses and renewing them for most new and existing computers.  There have been five computers that have not gotten IP addresses so far, and that had been the case both on the wireless and on a wired connection.  Two were PC's, one running Windows 7 and one running Windows XP with Lenovo's ThinkVantage software.  The other three were different models of MacBook Pros.
  For those five computers, we managed to get them working in two ways.  One, we can select to use DHCP with a manual address.  When we do that, it manages to pick up all the other information from the DHCP server like DNS and gateway.  The second thing we can do is configure the DHCP server to supply a static IP address by providing it with the MAC address of these machines.  When we do that, the computers receive the IP address from the DHCP server.
  So I guess you could say the problem I'm experiencing is for a few computers the DHCP server seems to only be able to provide static addresses, but not dynamic ones with a lease time.
  I have logging set to the highest for the DHCP server.  Below is the first thing I noticed that keeps showing up.  Sometimes it shows a different MAC address than the one below.  None of the afflicted computers have that MAC address, though.  I have not seen any other errors in the logs for the DHCP server.
  Jan 24 12:09:47 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:47 fileserver bootpd[73839]: service time 0.000304 seconds
  Jan 24 12:09:50 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:50 fileserver bootpd[73839]: service time 0.000280 seconds
  Jan 24 12:09:54 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:54 fileserver bootpd[73839]: service time 0.000264 seconds
  Jan 24 12:10:03 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:03 fileserver bootpd[73839]: service time 0.000265 seconds
  Jan 24 12:10:11 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:11 fileserver bootpd[73839]: service time 0.000283 seconds
  Jan 24 12:10:19 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:19 fileserver bootpd[73839]: service time 0.000291 seconds
  Jan 24 12:10:28 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:28 fileserver bootpd[73839]: service time 0.000324 seconds

  Recently setup a new DHCP server on Mac OS X Server 10.5.8 running on an Xserve.  We migrated from a Linux server.
  The Xserve was originally just a file server.  So the only services currently running are: AFP, DHCP, NFS, and SMB.  No additional software is running.
  The DHCP server ran just fine for the first couple weeks.  But then we found some computers just stopped getting IP addresses from the DHCP server.  Some were new computers introduced to the network.  Some were laptops that had left and come back.  However, the DHCP server is definitely still giving out IP addresses and renewing them for most new and existing computers.  There have been five computers that have not gotten IP addresses so far, and that had been the case both on the wireless and on a wired connection.  Two were PC's, one running Windows 7 and one running Windows XP with Lenovo's ThinkVantage software.  The other three were different models of MacBook Pros.
  For those five computers, we managed to get them working in two ways.  One, we can select to use DHCP with a manual address.  When we do that, it manages to pick up all the other information from the DHCP server like DNS and gateway.  The second thing we can do is configure the DHCP server to supply a static IP address by providing it with the MAC address of these machines.  When we do that, the computers receive the IP address from the DHCP server.
  So I guess you could say the problem I'm experiencing is for a few computers the DHCP server seems to only be able to provide static addresses, but not dynamic ones with a lease time.
  I have logging set to the highest for the DHCP server.  Below is the first thing I noticed that keeps showing up.  Sometimes it shows a different MAC address than the one below.  None of the afflicted computers have that MAC address, though.  I have not seen any other errors in the logs for the DHCP server.
  Jan 24 12:09:47 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:47 fileserver bootpd[73839]: service time 0.000304 seconds
  Jan 24 12:09:50 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:50 fileserver bootpd[73839]: service time 0.000280 seconds
  Jan 24 12:09:54 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:09:54 fileserver bootpd[73839]: service time 0.000264 seconds
  Jan 24 12:10:03 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:03 fileserver bootpd[73839]: service time 0.000265 seconds
  Jan 24 12:10:11 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:11 fileserver bootpd[73839]: service time 0.000283 seconds
  Jan 24 12:10:19 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:19 fileserver bootpd[73839]: service time 0.000291 seconds
  Jan 24 12:10:28 fileserver bootpd[73839]: DHCP DISCOVER [en1]: 1,0:23:32:c1:31:c3
  Jan 24 12:10:28 fileserver bootpd[73839]: service time 0.000324 seconds

• Clients not getting IP address

  Hi, I have configured 5508 with multiple APs but clients on the internal SSID aren't getting an IP address. I have the IP helper address configured and I have also disabled DHCP proxy on the controller.
  I get the following from the client debug, I don't know what the below mac address is, it's not one my APs or the clients, I am not seeing this mac address on the controller at all but it shows up in the debug.
  type = Airespace AP - Learn IP address
     on AP 6c:9c:ed:87:23:c0
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Entering Backend Auth Success state (id=29) for mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Received Auth Success while in Authenticating state for mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 dot1x - moving mobile 08:11:96:20:94:28 into Authenticated state
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.589: 08:11:96:20:94:28 Received EAPOL-Key from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Received EAPOL-key in PTK_START state (message 2) from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 PMK: Sending cache add
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Stopping retransmission timer for mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Sending EAPOL-Key Message to mobile 08:11:96:20:94:28
                                                                                                                      state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Received EAPOL-Key from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 08:11:96:20:94:28
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 apfMs1xStateInc
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state DHCP_REQD (7)
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 6c:9c:ed:87:23:c0 vapId 1 apVapId 1for this client
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Not Using WMM Compliance code qosCap 00
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 6c:9c:ed:87:23:c0 vapId 1 apVapId 1
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) pemAdvanceState2 4793, Adding TMP rule
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.589: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Adding Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 6c:9c:ed:87:23:c0, slot 0, interface = 1, QOS = 0
    ACL Id = 255, Jum
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 100, IPv6 intf id = 0
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Successfully plumbed mobile rule (ACL ID 255)
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4809, Adding TMP rule
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 6c:9c:ed:87:23:c0, slot 0, interface = 1, QOS = 0
    ACL Id = 255, Jumbo
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 100, IPv6 intf id = 0
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
  *Dot1x_NW_MsgTask_0: Nov 25 16:14:17.596: 08:11:96:20:94:28 Stopping retransmission timer for mobile 08:11:96:20:94:28
  *pemReceiveTask: Nov 25 16:14:17.596: 08:11:96:20:94:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  *pemReceiveTask: Nov 25 16:14:17.596: 08:11:96:20:94:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

  Fair enough.  That MAC address in the debug looks like exactyl what I'd expect to see.....  It is either the Base Radio MAC address or the Ethernet MAC Address of the AP you are associated to.   So when you say it doesn't exist on your WLC, are you sure you are comparing to the Radio MAC as well as the Ethernet MAC list?
  As far as IP addressing goes, the WLC is not seeing anything at all regarding client doing dhcp. Nor is it seeing the client send packets with an IP address (as if it were static).
  What version of code is this?
  Every single client has this problem? On this one wlan or all wlans?
  Was it ever working?
  Better yet, if this is HREAP this becomes an entirely different story, so are you doing HREAP Local Switching?

• Guest users not getting IP address

  I am setting up Cisco wireless along with ISE 1.3 for guest wireless.  The client is going to use the self-registration portal for guest wireless users.  I followed this Cisco doc to configure the self-registration portal:
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configure-ise-00.html
  I tested this in my home lab and everything works fine.  However, at the client users are not getting IP addresses from the DHCP server.  This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address.  I have looked what I configured at home and the client and everything looks the same.  In the back of my mind, I feel something is missing, but I can't figure out what it is.  
  Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.  
  Let me know what information you need and I will post it.
  TIA,
  Dan

  Hello,
  Some verifications below :
  Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
  DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
  Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
  Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
  The scenario is Local Switching or Central Switching ?
  Regards

• WLC 5760 with internal DHCP server, clients no get IP address

  Hi all,
  I have  2  Cisco 5760 WLC (active-standby)  IOS-Xe 03.03.03SE  with  one WLAN.
   sh wlan summary 
  Number of WLANs: 1
  WLAN Profile Name                     SSID                           VLAN Status 
  1    Invitados_ADSL                   Guest                          905  UP
  sh vlan         
  VLAN Name                             Status    Ports
  1    default                          active    Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
                                                  Te2/0/4, Te2/0/5, Te2/0/6
  100  VLAN0100                         active    Te1/0/1, Te2/0/1
  101  Planta_1                         active    
  905  Internet                         active    Te1/0/2, Te2/0/2
  The DHCP server is internal.
  Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
  The workaround done by me to solve the issue is “clear  ip dhcp  binding *”.
  Some days later the problem appears again.
  I see this bug with a similar problem:
  NGWC blocks DHCP traffic if wireless broadcast disabled
  CSCun88928
  Description
  Symptom:
  Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
  In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
  Conditions:
  Seen on 3.3.2 IOS-XE
  Workaround:
  Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
  OR
  Enable "wireless broadcast" globally
  My DHCP configuration is:
  ip dhcp relay information trust-all
  ip dhcp snooping vlan 905
  ip dhcp snooping
  ip dhcp excluded-address 172.16.0.1 172.16.0.19
  ip dhcp excluded-address 172.16.1.250 172.16.1.254
  ip dhcp pool Invitados
   network 172.16.0.0 255.255.254.0
   default-router 172.16.0.1 
   dns-server 212.66.160.2 212.49.128.65 
   lease 0 8
  I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
  DHCP Snooping and Trust Configuration on CT5760
  ip dhcp snooping vlan 100, 200
  ip dhcp snooping wireless bootp-broadcast enable
  ip dhcp snooping
  interface TenGigabitEthernet1/0/1
  description Connection to Core Switch
  switchport trunk allowed vlan 100, 200
  switchport mode trunk
  ip dhcp relay information trusted ip dhcp snooping trust
  interface Vlan100
  description Client Vlan
  ip dhcp relay information trusted
  My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
  Thanks in advance.
  Regards.
  D

  Yes, test it with the command you mentioned
  ip dhcp snooping wireless bootp-broadcast enable
  HTH
  Rasika
  **** Pls rate all useful responses *****

• Airport wireless clients not seeing airport ethernet clients.

  I have a problem with airport wireless clients not being able to see airport ethernet clients on the same base station - bonjour does not work for this, appletalk does not work for this, and Remote Desktop does not work for this either. Is there a way around this? Is this normal or a bug? I can change the last surviving ethernet machine to wireless but I if I can avoid the cost that would be good.
  Miklos.

  It's ok, I got it working. I just reset the second airport, went through the "easy" set up, reset, went into manual config, changed the network to a WDS (to match the main base station) and changed the setting that allows further distribution of the network, and it's working perfectly now!!
  Hooray!!
  I have to say, of all my Apple experiences, the base station set up was the least "Apple", it was confusing, complex, and somewhat erratic, but now that I have the config perfect, it seems to be working without a hitch. I just hope they can include network templates in the next software (for other people since I'm good to go now anyway) - that would be more Apple - so that people can just go bang I have this config, and perhaps for the more obscure set ups a fine tune would work off a template to get people set up faster and easier and with less confusion.
  Miklos.

• Wireless Lan not getting Installed

  Hi, 

  Hi  ,
  Thank you for visiting the HP Forums! A great place where you can find solutions for your issues, with help from the community!
  I came across your post about the Notebook, and wanted to assist you! I have looked into your issue about your HP 15-ac027tx Notebook and issues with Wireless Lan not getting installed correctly. Here is a listing for the drivers page for your Notebook and Windows 7.
  Here is a link to the HP Support Assistant if you need it. Just download and run the application and it will help with the software and drivers on your system that need updating. It also has built into it Wireless assistance. Hope this helps. Thanks.

• Client not receive ip address - dhcp_reqd

  Hi,
  In my environment there's a  5508 (firmware 7.4.110.0) and ap 1600 with a ias radius server. All wlan are in flex-connect local switching, one client try to connect on a wlan but not receive ip address. After enabled debug aaa all i took the log corresponding :
  Cisco Controller) >*emWeb: Feb 11 16:52:36.047: Created WARP Capabilities IE (length 12) for WLAN LAB
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Adding mobile on LWAPP AP 00:3a:9a:77:55:a0(0)
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Association received from mobile on BSSID 00:3a:9a:77:55:06
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP radio
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Max Client Trap Threshold: 50  cur: 3
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP wlan
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Re-applying interface policy for client
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
  *apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 In processSsidIE:4264 setting Central switched to FALSE
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific Local Bridging override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Local Bridging Interface Policy for station 18:3d:a2:25:01:a4 - vlan 0, interface id 0, interface 'management'
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Re-applying interface policy for client
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE  statusCode is 0 and status is 0
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 suppRates  statusCode is 0 and gotSuppRatesElement is 1
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Processing WPA IE type 221, length 24 for mobile 18:3d:a2:25:01:a4
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 unsetting PmkIdValidatedByAp
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Initializing policy
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfMsAssoStateInc
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Idle to Associated
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2:session timeout forstation 18:3d:a2:25:01:a4 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is  0
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Stopping deletion of Mobile Station: (callerId: 48)
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Sending Assoc Response to station on BSSID 00:3a:9a:77:55:a0 (status 0) ApVapId 1 Slot 0
  *apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Associated to Associated
  *apfMsConnTask_2: Feb 11 16:54:22.506: 18:3d:a2:25:01:a4 Updating AID for REAP AP Client 00:3a:9a:77:55:a0 - AID ===> 4
  *dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
  *dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
  *dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 1)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Received EAPOL START from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 2)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received Identity Response (count=2) from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 EAP State update from Connecting to Authenticating for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticating state
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=3) for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 3)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 3, EAP Type 25)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=4) for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 4)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 4, EAP Type 25)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=7) for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 WARNING: updated EAP-Identifier 4 ===> 7 for STA 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 7, EAP Type 25)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Processing Access-Accept for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 acl from 255 to 255
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 Flex acl from 65535 to 65535
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting re-auth timeout to 1800 seconds, got from WLAN config.
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created for mobile, length = 253
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created in mscb for mobile, length = 253
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Creating a PKC PMKID Cache entry for station 18:3d:a2:25:01:a4 (RSN 0)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Sending EAP-Success to mobile 18:3d:a2:25:01:a4 (EAP Id 7)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Freeing AAACB from Dot1xCB as AAA auth is done for  mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Starting key exchange to mobile 18:3d:a2:25:01:a4, data packets will be dropped
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                      state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Entering Backend Auth Success state (id=7) for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Received Auth Success while in Authenticating state for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticated state
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-key in PTK_START state (message 2) from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                      state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 apfMs1xStateInc
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
    IPv4 ACL ID = 255, IP
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 0, Local Bridging intf id = 0
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Key exchange done, data packets from mobile 18:3d:a2:25:01:a4 should be forwarded shortly
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4
                                                                                                                      state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
  *pemReceiveTask: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  *spamApTask3: Feb 11 16:54:22.707: 18:3d:a2:25:01:a4 Sent EAPOL-Key M5 for mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 18:3d:a2:25:01:a4
  *Dot1x_NW_MsgTask_4: Feb 11 16:54:22.769: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4
  *apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
  *apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule
  *apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0
    IPv4 ACL ID = 255,
  *apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206  Local Bridging Vlan = 0, Local Bridging intf id = 0
  *apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
  *pemReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  (Cisco Controller) >*emWeb: Feb 11 16:54:46.127: 18:3d:a2:25:01:a4 Central Switch = FALSE
  *emWeb: Feb 11 16:54:46.128: 18:3d:a2:25:01:a4 Central Switch = FALSE
  (Cisco Controller) >
  (Cisco Controller) >
  (Cisco Controller) >
  (Cisco Controller) >*emWeb: Feb 11 16:55:36.461: 18:3d:a2:25:01:a4 Central Switch = FALSE
  *emWeb: Feb 11 16:55:36.463: 18:3d:a2:25:01:a4 Central Switch = FALSE
  From log i know that 802.1x passed, while dhcp don't send ip address. It seems that the local vlan id is 0 while in reality is 3... WHY ? i don't understand.
  Someone can help me to find the problem? i think the problem is on the network, the dhcp ( the corporate router) is directly connected to the ap.

  Are you setting your FlexConnect native vlan and the wlan to vlan mapping?  You also need to make sure you have the ip helpers setup and that dhcp is working.  I would configure a switch port to a vlan that the wireless users is suppose to be on locally at that site and connect a laptop to that port and make sure that the laptop gets an address.
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Cisco Flex Connect and users can not get IP Address by WAN

  Hello my name is Ivan
  I have a wlc 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.
  My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip.
  The request is passing by the wan in this way
  Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .
  perhaps i should use local deploy? The wlc is in the central site.
  Can you help me to resolving this issue please? , perhaps any advice?
  Regards
  Ivan.

  Thanks Osita
  If I configure Central Authentication and  I configure central switching I need to create a dynamic interafce for each remote site and each dynamic interface associated with a different VLAN ID, because I can not associate a single interface dynamic to the same  VLAN ID, but in my case the client remote in each remote site have the same network segment with the same VLAN ID with the same SSID for guests. My goal is to configure web authentication with the local DHCP server at each remote site, will this work?.Each remote site have its own server dhcp.
  If I configure authentication central authentication with central switching with web authenticacion as I set in my scenario?
  My issues are the interfaces dynamics, because I have the same network to the customer guest with the same ID VLan in each remote site
  Regards

• Wireless client keep loosing IP address.

  Hi,
  I am in hot water, i am not good with wireless i have wireless LAN in my network which is connected to wired network. the problem is my clients get connected to the network but suddently they loose connectivity and start dhcp request and get limited connecitivity with automatic ip address.
  My network design is like this.
  1. I have a three floor building every floor has its own core and access layer and floors are connected layer 3 (not usual layer 2).
  2. Wireless Controllers 4402 are in layer 3 mode and are on ground floor and AP are everywhere in building.
  3. Wireless controllers are connected to ground floor core using a VLAN say VLAN 205 and AP's on ground floor and other floors are in different VLANs (physical connectivity of AP's).
  4. controllers are configured for two different VLAN's say VLAN 212 for data and VLAN 213 for voice.
  5. VLAN interface of the controller is configured with right helper address for DHCP.
  My problem is i am a bit confused with the desigh of the network. As i mentioned all floors are connected layer 3 it means seperate VTP domain and seperate VLAN's, all APs on all floors are in differnt IP subnet respectively. but the wireless VLAN is common for all the users on all floors, this is the bit which confuses me alot. the wireless data VLAN has its own IP subnet which is advertised from gound floor only (make sense) but the users are not connecting to ground floor APs only they are connecting everywhere in the building. Users are getting IP address from the wireless VLAN range on every floor, can anybody explain me how they are getting communication because wireless subnet is only local to ground floor core not to first floor or second floor but some people are connecting to 1st floor and 2nd floor AP and are working fine.
  The next pain is that my laptops started loosing IP address and they get automatic private IP address hence loose connectivity, the communication issue i referred above is secondary i am actually looking to rectify the ip address issue because users are having problem with it. Signal strength on every floor is perfect and coverage is ok, i have tried to debug dhcp detail packet but i don't receive any because controllers are in differnt VLAN for physical connectivity. Can somebody help me with this thing?
  Regards,

  Your wireless clients will associate to the best AP interms of signal strenght and signal to noise etc.
  There is an LWAPP tunnel between the access point and the controller.
  At the controller there will be logical interfaces for the wireless LANS that are asssociated to specific VLANs on the wired network.
  It doesn't matter where you are in the building as a client as its the controller that puts the client data onto the wired network.
  All client data is tunneled between the access point and the controller.
  With regard to the losing IP address situation. I assume that the clients do initially get an IP address and then lose it after a period of time.
  Check the session timeout paramter on the controller (look on the WLAN-Advanced).
  There is a bug with some versions of software relating to session timeouts. Try setting the timeout to 65535 seconds. The default setting is probably 30 minutes.

• Clients not getting DHCP from external server

  Hi,
  I have a 4402 (version 7.0.235) working with 10 units of 1121 APs connected to it. The WLC is not configured to work in LAG mode. Physical portt #1 is connected to the Main Switch (trunk). I have 3 WLAN mapped to 3 Different VLAN and Everything (security and internal, external DHCP) is working swell...
  Now- I have connected Physical port #2 directly to an ADSL Router (giga port), Configured Port 2 as untaggedwith the proper IP details.
  I have configured this interface to receive DHCP from the ADSL Router and for some reason, Clients are not getting addresses.
  When I assign a Static address to my laptop I get internet access and all is nice. I tried configuring The WLC internal DHCP server (instead of the ADSL router) and that didn't help. It seems like a DHCP problem but I dont understand the source of the problem of think of the solution.
  When turning off the proxy settings I noticed that it helped. Is there anything to do with that? The problem was that after a while the other WLANs starting causing DHCP issues as well.
  What is supposed to be configured? Any Expert is the House?
  I attached a crappy drawing..

  Hi Scott,
  Thanks for your answer.
  So what you are basicly saying is that I have 2 choices: 1 - disable the Proxy option on the WLC and work with external DHCP servers (internal will not work when this is enabled). 2 - Enable the Proxy option and only work with the WLC internal DHCP.
  I have installed many WLCs this way, having Different DHCP Servers (external and internal)  for multiple WLANs.
  What do you think may be different this time? The router that I am using isn't the most expencive but it is providing DHCP to other clients (wired client) with no problems.
  Thanks!!!