WLC 5508/2504 - Wireless users having their Citrix sessions disappear randomly! Cisco APs, Intel Wireless Cards..
Last year we built a new citrix 6.5 farm on 2k8 r2 servers. Previously, we had a 4.5 farm running solid.
With the new farm, wiresless users connecting through ANY cisco wireless controller/ap will get disconnected at what seams "peak" times.
For example, a user will launch a published application at 8:05 in the AM, and a few minutes later; the application will just disappear. Within the mgmt console, it will show the session as disconnected. The users device will remain connected to the WLAN, and if they double click the application, it will relaunch immediately.
This never happened on our old farm! We are using the same laptops + some newer updated models.
It is also important to note that fat client/thin clients do not experience this at all. I can open an application on my desktop and leave it open all day, where as if I do such on a laptop it is bound to disappear atleast once during the day. Aside from hitting the WLC; both packets take the same path.
I'm working with Citrix right now gathering logs; but nothing is jumping out right away at us.
Has anyone here experience something similar?
This discussion is the same thing thats happening to me I believe;
https://supportforums.cisco.com/discussion/11482681/intel-wireless-chipset-clients-random-citrix-disconnects
If you need anymore information, please ask!
Thanks,
Jeremy
Similar Messages
-
User cancelling their own session
Hi
Is there functionality available, or something I can activate or develop, that will allow a user to cancel their session entirely from the portal.
The problem we're facing is that if a user does something on a report, like try to view every article for every site (300,000 articles and 170 sites), that puts quite a load on the server. If the user realises their mistake, they can exit IE, but that doesn't seem to cancel the long running request.
I have monitored transaction SM50 in BW, and it doesn't seem like the session is hanging there, so I can't just give them access to that transaction and allow them to kill their session from that screen.
I am thinking that perhaps the session is active on the Java engine, and wondering if there is some way for a user to cancel their session on the Java side of things.
Any ideas?
Cheers,
AndrewAndrew,
Are ou using BW Web or Portal ..? If you are using Portal - you can enable Distributed Session Management (DSM) to achieve the same. -
Wlc 5508 and wireless guest vlan
Hi guys,
I have a 5508 running(version 6).
I have an adsl releasing public IP for guest users mapped into vlan 10.
Now i want use this adsl only for wireless guest users
how can i create an ssid and associate to vlan 10 without using ip address(dynamic interfaces requires an ip address,mask,defaul gateway,etcc..).
Thx in advance.Hi,
the fact that you can't ping in the guest SSID is normal. That SSID blocks all traffic until you authenticated on the web page.
If your users are using a proxy to browse the web, all you need to do is to add an exception in the client browser for "1.1.1.1" if that is your virtual ip. So that the proxy doesn't get contacted when client is redirected for authentication.
The second step is to make WLC listen on the proxy port (often it's 8080 for example). Command is "config network web-auth-port" :
http://www.cisco.com/en/US/partner/docs/wireless/controller/6.0/command/reference/cli60.html#wp1728200
Hope this helps,
Nicolas -
Cisco WLC 5508 - WLAN Per-User Bandwidth Contracts
Hi,
I setup per-user bandwidth contracts on my guest anchor controller. The controller model is 5508 and firmware is 7.4.121.0. No Qos settings were configured on the foreign controllers.
The bandwidth limits for the WLAN worked correctly for a couple of weeks, then speed reduced to almost nothing. I removed the WLAN bandwidth limits and speed was back to normal again.
Has anyone else run into this issue? Any ideas why it might have happened?
Thanks,If Scott does not mind an add-on. The 3850 also supports per client QOS.
Page 16 -
http://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-3850-series-switches/guide_c07-727066.pdf -
WLC 5508 LOAD BALANCING APs to HA-SSO
Do somebody knows what´s going to happen about configuration when you migrate 2-WLC 5508 giving wireless services correctly, using load balancing with the APs to HA-SSO mode???
At this time we have some AP groups in WLC1 and in WLC2 we don´t have the AP groups, what´s going to happen with the configuration of both WLCs, both configuration are going to be merged??
REGARDSWhen you covert the pair into SSO, all the APs will go to the ACTIVE unit. No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
This is the first step you need to get sorted. Send an email to [email protected] and give them the exact details of what you want to do (i. e. AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC. -
WLC 5508 APs showing Line Protocol Down
I have a WLC 5508 (software version 7.5.102.0) and it has 175 APS (mixture of 1131, 1142, 1602, 2602). Recently I've noticed that
about 40 of those APs don't work on the 2.4G Dot11Radio0. sh int dot11 0 shows me:
Dot11Radio0 is up, line protocol is down
Hardware is 802.11N 2.4GHz Radio, address is 1833.9d0c.2180 (bia 1833.9d0c.2180)
MTU 1500 bytes, BW 54000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/9355/42086/0 (size/max/drops/flushes); Total output drops: 3769399
Queueing strategy: fifo
Output queue: 0/30 (size/max)
5 minute input rate 11000 bits/sec, 13 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
150800958 packets input, 597188558 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
217132697 packets output, 1132963042 bytes, 0 underruns
55238 output errors, 0 collisions, 8 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
I've tried restarting the interface,to no avail, but rebooting the whole AP does bring it back up, but I expect that's a solution to the symptom, not the problem.Hi Sean,
There are certain related bugs of this version. You may need to check whether you are hitting one these. I would suggest staying in 7.4.121.0 code would be a good idea unless you require new features available in 7.5 or 7.6.
CSCui66891:Marvell-based radio goes down due to stuck multicast packets in driverSymptom:AP's radio interface goes down and does not recover on its own without an AP reboot.Conditions:With releases 7.2.103.0 - 7.2.115.2, 7.3.101.0 - 7.3.112.0, and 7.4.100.0 - 7.4.110.0, this bug applies to all Marvell-based 802.11n Cisco Aironet access points *except* the 1140, 1040, and certain mesh APs.With releases 7.5.90.0 - 7.5.102.0, this bug applies to *all* Marvell-based 802.11n Cisco Aironet access points.Workaround:None. Reboot the AP.
Known Affected Releases(6)7.6(1.52)7.6(1.50)7.5(102.0)7.6(1.226)7.6(1.95)15.2(4)JA
Known Fixed Releases(10)10.1(0.74)7.6(1.55)7.5(102.8)10.1(100.0)15.2(4)JN7.6(1.103)10.1(11.5)7.4(111.7)15.2(4)JB7.4(121.0)
CSCum14069: AP1600/2600 radio down with 7.5.102.0 release Symptom:[AIR-CAP1602I-Q-K9 (AC power supply) ]---------[Catalyst switch]------------[AIR-CT5508-K9 (7.5.102.0)][AIR-CAP1602I-Q-K9 (PoE) ]----[AIR-PWRINJ5=]-----[ Catalyst switch]------------[AIR-CT5508-K9 (7.5.102.0)][AIR-CAP1602I-Q-K9 (AC power supply) ]---------[non-Cisco non-PoE switch]------------[AIR-CT5508-K9 (7.5.102.0)]AP1600/2600 radios never go UP on above topology if the Catalyst switch was running older IOS such as c3750-ipservices-mz.122-25.SEB4
Conditions:WLC release 7.5.102.0 specific issue.AP1600/2600 specific issue.Older Catalyst IOS software (e.g. 12.2(25)SEB4)non-Cisco 3rd party switch
Workaround:Enable "Pre-standard 802.3af switches" option on AP from WLC GUI;WIRELESS => Access Points => All APs => target AP name => Advanced tab => Power Over Ethernet SettingsThis option is required to workaround this problem even if you don't have Pre-standard 802.3af switch nor you're using AC adapter/Power Injector.
Known Affected Releases:(1)7.5(102.0)Known Fixed Releases:(1)7.5(102.18)
HTH
Rasika
**** Pls rate all useful responses ***** -
Can anybody tell me how to connect aironet 1400 to wlc 5508 ??
I try to deploy cisco wlc 5508 to wireless network that based on cisco aironet bridge 1400 seirese , but it dose not work !
when i read the data sheet of the wlc 5508 i found that it is not support that type of bridges , is there anyway to connect aironet 1400 to wlc 5505 ?
thanxDuplicate posts. :P
Go here: https://supportforums.cisco.com/discussion/12136581/can-anybody-tell-me-how-connect-aironet-1400-wlc-5508 -
Using iChat to communicate with Pidgin users on a Citrix Presentation Serve
We have been using iChat on OS X and Pidgin on Windows XP in our environment for several months now. We use Bonjour as the protocol so it makes for a very lightweight easy, inexpensive IM solution on our network (no server component needed).
I hadn't noticed it before today, but I was communicating with a Pidgin user who was using a Citrix Presentation Server login (running Pidgin within that session), and the name that iChat displayed as the person I was talking to was not the actual person that was talking to me. iChat was displaying a different user who was also using Pidgin in another current session on the Citrix box. If I fired up Pidgin on my XP virtual machine and ran Pidgin from there, the user name is identified properly.
So it appears that iChat is tying the user name of the IM session to the IP address and then looking it up from the list, which results in a random mis-identification of the IM user on the Citrix session. BTW, there was a Bonjour update a few days ago, it may actually be Bonjour rather than iChat itself. Anyone have any suggestions, ideas, bug fixes?I have no new info on this.
It does seem a bit odd.
Note:
By default Bonjour broadcasts and receives data on port 5353 on UDP Protocol to let other Macs know it is there (Linked to mDNSResponder in Activity Monitor).
See here http://support.apple.com/kb/TS1629
It may pay to try and check Pidgen and the Mac are using the same ports.
7:17 PM Friday; January 22, 2010
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat" -
Fleet phones: Why must each user have their own App Store account?
I've purchased roughly 25 iPhones for my employees and am trying to lumber through the tedious process of managing these as fleet assets. There are a handful of mission-critical apps I'd like to deploy. I've signed up with an MDM platform (Bushel). I've enrolled in both of Apple's fleet programs (VPP and DEP). And, still, I'm running into precisely the obstacle I'm needing to get around: the requirement that every user has their own individual App Store account, with a Credit Card number on file, etc.
Why must this be? These are company-owned phones. Most of my employees are unionized and, quite frankly, the union is none too happy about the nature of the apps I'm deploying (which have to do with GPS tracking and time/attendance). I simply cannot require my union employees to sign up for an account in their names and require a credit card number.
Even lowly Blackberry figured this out a long time ago. If Apple is going after more fleet business, they need to become more fleet friendly.I did some searches before my post, but actually found some things AFTER I made my post that sounded encouraging. If I understand correctly, we should be able to continue sharing the AppleID we use to buy apps and music on all of our devices. We can configure our personal devices and computers to use separate personal iCloud accounts, but somehow share the music and apps with each other. I guess I'm still not clear on how it'll work. :-)
-
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
MikeHi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun -
IPhones not taking ipv4 addresses on Unified Wireless (WLC 5508 and AP 3602)
This is a really odd one...
Earlier this week we started having issues with our BYOD wireless network (802.1x, WPA2+AES) but only with Apple devices (iphone and ipad). Employees with Android or Windows phones are not having any problems at all.
A brief summary of what's observable for the issue:
Radius authentication succeeds (PASS observable in ACS logs)
IPhone status viewed on both controllers (foreign anchor in DMZ as well as corporate WLC) shows phone associated.
Debug client output shows an IPv4 address is actually being assigned to the phone however it appears to ignore it and restart the DHCP request process so debug output shows what looks to be a loop of DHCP request and offer stages.
Infrastructure notes
Cisco WLC 5508s are all running 7.4.121.0 (tried rolling back to 7.2.110.0 .....didn't help)
APs are all 3602I-N-K9
DHCP for the BYOD network is running on the anchor in the DMZ however this was temporarily moved to a switch (had no effect).
Any ideas?
DHCP Loop:
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 93, Local Bridging intf id = 12
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Set bi-dir guest tunnel for a4:c3:61:7a:1a:4f as in Export Anchor role
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Pushing IPv6: fe80:0000:0000:0000: 0c00:0c94:459e:a9db , and MAC: A4:C3:61:7A:1A:4F , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 1, flags: 0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:53.754: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 3, flags: 0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 8, flags: 0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,Thanks Scott, here you go...
On Foreign:
WLAN Identifier.................................. 2
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 42
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHTWLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
On Anchor:
WLAN Identifier.................................. 1
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHADWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ bai-beta
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
1 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled -
Wireless voice quality issues with wlc 5508 7.0.98
Hi,
I am having random occurances of voice drops (one-way audio) during phone calls. WLC 5508 (7.0.98) , LAP1242AG (only G antenna present), and 7925G phones. coverage is excellent throughout the floor and its a confined office space. Its not happening always. I am seeing these logs , not sure if it is related. :
*apfReceiveTask: Feb 10 11:31:53.831: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
*apfReceiveTask: Feb 10 11:31:33.356: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
I have set DCA list to1,6 and 11. I tried disabling RRM and statically fixing the channels and power also. Still the issue is seen,
7925G firmware is 1.4.1
i tried to do linktest from the WLC to the phone, but link test is failed. linktest to a laptop works though. I have only mac filtering for the voice ssid.
any suggestions pls ?
regards
JoeHi Serge,
Thanks for the suggestions. I have taken care of all the settings. Problem is , the user is seated in his office cabin and using the 7925 and there is around 50db signal strength in his room from an AP which is just outside the cabin. And this doesnt occur often, when we go to check and make calls, everything is fine whereas the user says it happens sometimes in the morning, evening etc... randomly... where the fone goes blank while in a call.... since the problem never happens when we go to troubleshoot the issue, we really dont know what is going on. This is happening when calling PSTN.
AP's are not restarting and there is no logs indicating that. Wireless infrastructure looks very much OK cos there are other users who are not experiencing this problem and there is ample coverage all over the floor. I am baffled why only one user has this problem even when he is seated in his office cabin.
Tried changing phones also, but still remains.
Question : i tried to do a linktest from WLC to his phone, but it failed, while linktest to laptops are working fine. Does wlc linktest not working for wireless phones ?
regards
Joe -
WLC 5508 : WPA2 enabled SSID - especially Intel & Dell wireless cards are not getting connected
Hi ,
I have one pecular issue in my wireless lan set-up. I have some laptop users who are using below inbuilt wireless adapter/cards :
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
1 ) Dell wireless 1397 WLAN Minicard
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
2 ) Intel Centrino Advanced N6200 AGN
above card are having issue with WPA2 enabled ssid connecitivity. strange is , the same users are getting connected to other wep enabled SSID but its not working for WPA2 SSID.
I have external ACS server which is used for radius authentication. Last time I had put same query in support forum did some workaround.
eq. disabling DHCP proxy option in WLC and moving all DHCP scope in external server.
After doing this workaround this mentioned users are still facing issue. I gone through some cisco document and some forums and came across that there is something to be done in " Session Timed Out " optionin WLC
which is default 1800 sec based on that I tried to capture debug outputs for mentioned above problematic clients and user who is working fine .
I gone through the same debug output and observed :
User who is working fine :
Processing Access-Accept for mobile 00:22:5f:8d:55:84
00:xx:xx:xx:xx:xx Setting re-auth timeout to 1800 seconds, got from WLAN config.
00:xx:xx:xx:xx:xx Station 00:22:5f:8d:55:84 setting dot1x reauth timeout = 1800
00:xx:xx:xx:xx:xx Creating a PKC PMKID Cache entry for station 00:22:5f:8d:55:84 (RSN 2)
00:xx:xx:xx:xx:xx Adding BSSID 00:1f:ca:2c:f3:01 to PMKID cache for station 00:22:5f:8d:55:84
New PMKID: (16)
The User / card which is having issue :
Processing Access-Accept for mobile 00:22:5f:90:a2:ac
00:xx:xx:xx:xx:xx Setting re-auth timeout to 0 seconds, got from WLAN config.
00:xx:xx:xx:xx:xx Station 00:22:5f:90:a2:ac setting dot1x reauth timeout = 0
00:xx:xx:xx:xx:xx Stopping reauth timeout for 00:22:5f:90:a2:ac
00:xx:xx:xx:xx:xx Creating a PKC PMKID Cache entry for station 00:22:5f:90:a2:ac (RSN 2)
00:xx:xx:xx:xx:xx Adding BSSID 00:26:cb:1d:fe:31 to PMKID cache for station 00:22:5f:90:a2:ac
New PMKID: (16)
Please suggest me to do workaround.Hi,
According to output of working as well as not working wireless cards ,
below is my observations :
Not working wireless cards observation :
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
The client passed the L2 authentication and that, after successful association, it is now going into the DHCP_REQD state
Not-working wirelss card :
*Apr 06 11:58:15.866: 0c:60:76:3e:8c:49 10.10.232.137 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Apr 06 11:58:15.866: 0c:60:76:3e:8c:49 Stopping retransmission timer for mobile 0c:60:76:3e:8c:49
*Apr 06 11:58:15.869: 0c:60:76:3e:8c:49 10.10.232.137 Added NPU entry of type 1, dtlFlags 0x0
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
The client entry is added to the Network Processing Unit (NPU) of the controller with an IP address of 10.10.232.137 but after that , I am getting below output
*Apr 06 11:58:22.742: 0c:60:76:3e:8c:49 Copy AP LOCP - mode:0 slotId:0, apMac 0x0:1f:ca:2c:ea:e0
*Apr 06 11:58:22.742: 0c:60:76:3e:8c:49 Copy WLAN LOCP EssIndex:2 aid:50 ssid:USTRI_SECURE
*Apr 06 11:58:22.742: 0c:60:76:3e:8c:49 Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x0, eaptype:0x2 w:0x1 aalg:0x0, PMState: RUN
*Apr 06 11:58:22.742: 0c:60:76:3e:8c:49 Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x3 statuscode 0, reasoncode 99, status 3
*Apr 06 11:58:22.742: 0c:60:76:3e:8c:49 Copy Username LOCP : U25744
*Apr 06 11:58:22.743: 0c:60:76:3e:8c:49 Copy IP LOCP: 0xa0ae889
*Apr 06 11:58:22.743: 0c:60:76:3e:8c:49 Copy CCX LOCP 4
*Apr 06 11:58:22.743: 0c:60:76:3e:8c:49 Copy MobilityData LOCP status:1, anchorip:0x0
*Apr 06 11:59:14.002: 0c:60:76:3e:8c:49 10.10.232.137 RUN (20) State Update from Mobility-Complete to Mobility-Incomplete
*Apr 06 11:59:14.002: 0c:60:76:3e:8c:49 Clearing Address 10.10.232.137 on mobile
*Apr 06 11:59:14.002: 0c:60:76:3e:8c:49 10.10.232.137 RUN (20) Change state to DHCP_REQD (7) last state RUN (20)
*Apr 06 11:59:14.002: 0c:60:76:3e:8c:49 apfMmProcessDeleteMobile (apf_mm.c:522) Expiring Mobile!
*Apr 06 11:59:14.002: 0c:60:76:3e:8c:49 apfMsExpireMobileStation (apf_ms.c:4427) Changing state for mobile 0c:60:76:3e:8c:49 on AP 00:1f:ca:2c:ea:e0 from Associated to Disassociated.
working cards ouput :
*Apr 06 12:16:28.038: 00:22:5f:8d:55:84 10.10.232.190 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Apr 06 12:16:28.038: 00:22:5f:8d:55:84 Stopping retransmission timer for mobile 00:22:5f:8d:55:84
*Apr 06 12:16:28.042: 00:22:5f:8d:55:84 10.10.232.190 Added NPU entry of type 1, dtlFlags 0x0
The client entry is added to the Network Processing Unit (NPU) of the controller with an IP address of 10.10.232.190 and as expected , I am getting below output
*Apr 06 12:16:28.749: 00:22:5f:8d:55:84 DHCP received op BOOTREQUEST (1) (len 321, port 29, encap 0xec03)
*Apr 06 12:16:28.751: 00:22:5f:8d:55:84 DHCP processing DHCP REQUEST (3)
*Apr 06 12:16:28.751: 00:22:5f:8d:55:84 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 06 12:16:28.752: 00:22:5f:8d:55:84 DHCP xid: 0x6eefbbb8 (1861204920), secs: 0, flags: 0
*Apr 06 12:16:28.752: 00:22:5f:8d:55:84 DHCP chaddr: 00:22:5f:8d:55:84
*Apr 06 12:16:28.752: 00:22:5f:8d:55:84 DHCP ciaddr: 10.10.232.190, yiaddr: 0.0.0.0
*Apr 06 12:16:28.752: 00:22:5f:8d:55:84 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 06 12:16:28.753: 00:22:5f:8d:55:84 DHCP successfully bridged packet to DS
*Apr 06 12:16:30.751: 00:22:5f:8d:55:84 Copy AP LOCP - mode:0 slotId:0, apMac 0x0:1f:ca:2c:f3:0
*Apr 06 12:16:30.751: 00:22:5f:8d:55:84 Copy WLAN LOCP EssIndex:2 aid:10 ssid:USTRI_SECURE
*Apr 06 12:16:30.751: 00:22:5f:8d:55:84 Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x0, eaptype:0x2 w:0x1 aalg:0x0, PMState: RUN
*Apr 06 12:16:30.752: 00:22:5f:8d:55:84 Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x3 statuscode 0, reasoncode 99, status 3
*Apr 06 12:16:30.752: 00:22:5f:8d:55:84 Copy Username LOCP : USTR\U17967
*Apr 06 12:16:30.752: 00:22:5f:8d:55:84 Copy IP LOCP: 0xa0ae8be
*Apr 06 12:16:30.752: 00:22:5f:8d:55:84 Copy CCX LOCP 4
*Apr 06 12:16:30.752: 00:22:5f:8d:55:84 Copy MobilityData LOCP status:1, anchorip:0x0
Finally client is getting stuck with DHCP-REQD state ..................
Please look into this and put light on this ............ -
ISE Profiling for Wireless Devices (WLC 5508) like Laptops and Mobile Devices
Hi,
We have integrated WLC 5508 to cisco ise 3315 with ios 1.1.1 and using Guest Sponsor portal for wireless guest users.
Where we have created open ssid in wlc and redirect web login portal in wlc for guest users. We have enable all respective node in policy service for profiling and also configure snmp in wlc as well as in ise.
When guest user is connected to open ssid its get redirected to web login page of ise portal and when it gets login we are only able to see the username which guest user login but not the end device in monitoring log.
Wireless End devices are not able to get profiled can any one tell me what configuration I need to do on ise or wlc side to profiled end guest wireless device like android,iphone and laptops
Thanks
PranavHi Tarikh,
I only want to identify the end devices for wilress guest user. I have configured MAB Authentication and configure autorization policy where in mention identity group any condition as wlc web authentication and athorization profile only guest mentioning plain access for the same.
Can you help me how I can achived profiling for wirless guest devices. I have configured all profiling probes . Enable snmp on wlc as well as in network devices.
What else I need to configured to achived just identiting device nothing but profiling and which should reflect in authnetication logs.
Thanks
Pranav -
ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working
Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at. Customer is using EAP-TLS with and everything appears to setup properly. Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:
12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain
OpenSSL messages are:
SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509
certificate ex pi red"'
4 727850450.3616:error.140890B2: SS L
rOYbne s: SSL 3_ G ET _CL IE NT _CE RT IF ICAT E:no ce rtific ate
relurned: s3_ srvr.c: 272 0
I'm not sure if this is cosmetic or if this is something that I should be tracking down. System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain. Any ideas what to check?Hello Dino,
thanks very much for your reply.
The client uses a machine-certificate, the PKI is not a microsoft one, but a third party PKI. The certificate is fresh and valid, the root-cert is installed and checked to be validated against it for the login.
Clock is correct too. The same setup works flawlessly in Windows 7 and XP.
EKU is set on the certificate (1.3.6.1.5.5.7.3.2)
I suspect the cert-setup itself, but don't get a clue where this might stuck...
Björn
Maybe you are looking for
-
Proxy settings moved from User to Machine not removing user settings.
Hi All, I have recently moved our company's proxy settings from User based to Machine based as we were having issues after moving from an internal proxy to a hosted external proxy. What we found was after turning off the internal some users were no
-
Changing default view to match Inventor default view
Hi All, Upon creating my Parasolid Binary File from Inventor 2012 for use to build the 3D PDF, I do so from a specific view angle. After Acrobat and 3D PDF Converter do their conversion, it would appear that my specific view angle is completely igno
-
Problem in AT LINE SELECTION event
Hi All, I have a problem in AT LINE SELECTION event. I have an interactive report. In the report after selection on Selection Screen i have to show some totals. Now when I click on the no wgich is shown against the total the report should further dri
-
I've expereinced two "crahses"
I've had mine since last Friday and since that time I've experienced two "crashes" that I will document here (support is welcome). So my most recent crash happened tonight. Here are the steps the best I can recall. 1. Started playing a song. 2. Opene
-
Why is my iPad beeping and the battery is draining
My iPad keeps beeping and the battery is draining has any one experienced this?