WLC 5508 and Client IP addresses
we have installed our first 5508 in a small remote office. I setup a DHCP range on the 5508 to give the AP's a IP address. After that I changed the AP's to have static IP address. I wish for the wireless clients to use our DHCP servers here at the home office, so I shut down the DHCP service on the 5508. Now the Clients will not get an IP address. So now I re-enable the scope and the clients get an IP address. How do I configure the 5508 so that the wireless clients will get an IP address from our DHCP servers and not the 5508?
Go to WLAN > click the SSID of your choice > Advanced tab > click on "DHCP Server" and enter the DHCP Server.
Similar Messages
-
WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?
Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5? So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
thanks
EricI think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
E.G.
Vlan 10
interface vlan 10
ip address 10.0.10.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 secondary
Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right. -
WLC 5508 and client disconnections
Hello, all!
have an issue - one client is disconnecting sometime.
that is the log from debug client
(Cisco Controller) >*apfReceiveTask: Oct 26 16:31:42.120: 68:09:27:81:da:8f Deleting mobile on AP 00:3a:99:81:dc:10(0)
*dot1xMsgTask: Oct 31 14:20:26.178: 44:2a:60:f6:d9:ec Key exchange done, data packets from mobile 44:2a:60:f6:d9:ec should be forwarded shortly
*dot1xMsgTask: Oct 31 14:20:26.178: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.03
*dot1xMsgTask: Oct 31 14:20:26.178: 44:2a:60:f6:d9:ec Updated broadcast key sent to mobile 44:2A:60:F6:D9:EC
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.186: 44:2a:60:f6:d9:ec Received EAPOL-Key from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.186: 44:2a:60:f6:d9:ec Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.186: 44:2a:60:f6:d9:ec Stopping retransmission timer for mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Received EAPOL-Key from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Received EAPOL-key to initiate new key exchange from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Initializing EAPOL-Key Request replay counter to 00 00 00 00 00 00 00 00 for client 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Starting key exchange to mobile 44:2a:60:f6:d9:ec, data packets will be dropped
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.04
*Dot1x_NW_MsgTask_4: Oct 31 14:20:26.721: 44:2a:60:f6:d9:ec Received EAPOL-key MIC err message from mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:20:27.778: 44:2a:60:f6:d9:ec Failure sending WPA EAPOL-Key due to invalid state 2 to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:20:27.778: 44:2a:60:f6:d9:ec Unable to send WPA key to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:20:27.778: 44:2a:60:f6:d9:ec Unable to update broadcast key to mobile 44:2A:60:F6:D9:EC
*osapiBsnTimer: Oct 31 14:20:31.778: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:20:31.778: 44:2a:60:f6:d9:ec Retransmit 1 of EAPOL-Key M1 (length 99) for mobile 44:2a:60:f6:d9:ec
*osapiBsnTimer: Oct 31 14:20:36.777: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:20:36.778: 44:2a:60:f6:d9:ec Retransmit 2 of EAPOL-Key M1 (length 99) for mobile 44:2a:60:f6:d9:ec
*osapiBsnTimer: Oct 31 14:20:41.777: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:20:41.778: 44:2a:60:f6:d9:ec Retransmit 3 of EAPOL-Key M1 (length 99) for mobile 44:2a:60:f6:d9:ec
*osapiBsnTimer: Oct 31 14:20:46.777: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:20:46.778: 44:2a:60:f6:d9:ec Retransmit 4 of EAPOL-Key M1 (length 99) for mobile 44:2a:60:f6:d9:ec
*osapiBsnTimer: Oct 31 14:20:51.777: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:20:51.778: 44:2a:60:f6:d9:ec Retransmit failure for EAPOL-Key M1 to mobile 44:2a:60:f6:d9:ec, retransmit count 5, mscb deauth count 0
*dot1xMsgTask: Oct 31 14:20:51.778: 44:2a:60:f6:d9:ec Resetting MSCB PMK Cache Entry 0 for station 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:20:51.778: 44:2a:60:f6:d9:ec Setting active key cache index 0 ---> 8
*dot1xMsgTask: Oct 31 14:20:51.779: 44:2a:60:f6:d9:ec Sent Deauthenticate to mobile on BSSID 00:3a:98:ef:5c:f0 slot 0(caller 1x_ptsm.c:546)
*dot1xMsgTask: Oct 31 14:20:51.779: 44:2a:60:f6:d9:ec Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*osapiBsnTimer: Oct 31 14:21:01.777: 44:2a:60:f6:d9:ec apfMsExpireCallback (apf_ms.c:591) Expiring Mobile!
*apfReceiveTask: Oct 31 14:21:01.778: 44:2a:60:f6:d9:ec apfMsExpireMobileStation (apf_ms.c:5604) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Associated to Disassociated
*apfReceiveTask: Oct 31 14:21:01.778: 44:2a:60:f6:d9:ec Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: Oct 31 14:21:11.777: 44:2a:60:f6:d9:ec apfMsExpireCallback (apf_ms.c:591) Expiring Mobile!
*apfReceiveTask: Oct 31 14:21:11.779: 44:2a:60:f6:d9:ec Sent Deauthenticate to mobile on BSSID 00:3a:98:ef:5c:f0 slot 0(caller apf_ms.c:5698)
*apfReceiveTask: Oct 31 14:21:11.779: 44:2a:60:f6:d9:ec apfMsAssoStateDec
*apfReceiveTask: Oct 31 14:21:11.779: 44:2a:60:f6:d9:ec apfMsExpireMobileStation (apf_ms.c:5736) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Disassociated to Idle
*apfReceiveTask: Oct 31 14:21:11.779: 44:2a:60:f6:d9:ec Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds
*osapiBsnTimer: Oct 31 14:21:21.777: 44:2a:60:f6:d9:ec apfMsExpireCallback (apf_ms.c:591) Expiring Mobile!
*apfReceiveTask: Oct 31 14:21:21.778: 44:2a:60:f6:d9:ec pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Oct 31 14:21:21.778: 44:2a:60:f6:d9:ec 192.168.46.133 RUN (20) Deleted mobile LWAPP rule on AP [00:3a:98:ef:5c:f0]
*apfReceiveTask: Oct 31 14:21:21.778: 44:2a:60:f6:d9:ec apfMsRunStateDec
*apfReceiveTask: Oct 31 14:21:21.778: 44:2a:60:f6:d9:ec apfMs1xStateDec
*apfReceiveTask: Oct 31 14:21:21.778: 44:2a:60:f6:d9:ec Deleting mobile on AP 00:3a:98:ef:5c:f0(0)
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec Adding mobile on LWAPP AP 00:3a:98:ef:5c:f0(0)
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec Association received from mobile on AP 00:3a:98:ef:5c:f0
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec Applying site-specific Local Bridging override for station 44:2a:60:f6:d9:ec - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_1: Oct 31 14:21:56.744: 44:2a:60:f6:d9:ec Applying Local Bridging Interface Policy for station 44:2a:60:f6:d9:ec - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec STA - rates (8): 2 4 11 150 36 48 72 108 0 0 0 0 0 0 0 0
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec STA - rates (12): 2 4 11 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec Processing WPA IE type 221, length 24 for mobile 44:2a:60:f6:d9:ec
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1for this client
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec Not Using WMM Compliance code qosCap 00
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec apfMsAssoStateInc
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Idle to Associated
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec Sending Assoc Response to station on BSSID 00:3a:98:ef:5c:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_1: Oct 31 14:21:56.745: 44:2a:60:f6:d9:ec apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Associated to Associated
*apfMsConnTask_1: Oct 31 14:21:56.747: 44:2a:60:f6:d9:ec Updating AID for REAP AP Client 00:3a:98:ef:5c:f0 - AID ===> 5
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Creating a PKC PMKID Cache entry for station 44:2a:60:f6:d9:ec (RSN 0)
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Setting active key cache index 8 ---> 8
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Setting active key cache index 8 ---> 0
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Initiating WPA PSK to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec dot1x - moving mobile 44:2a:60:f6:d9:ec into Force Auth state
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Skipping EAP-Success to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Starting key exchange to mobile 44:2a:60:f6:d9:ec, data packets will be dropped
*dot1xMsgTask: Oct 31 14:21:56.750: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*osapiBsnTimer: Oct 31 14:22:01.777: 44:2a:60:f6:d9:ec 802.1x 'timeoutEvt' Timer expired for station 44:2a:60:f6:d9:ec and for message = M2
*dot1xMsgTask: Oct 31 14:22:01.778: 44:2a:60:f6:d9:ec Retransmit 1 of EAPOL-Key M1 (length 99) for mobile 44:2a:60:f6:d9:ec
*apfMsConnTask_1: Oct 31 14:22:05.624: 44:2a:60:f6:d9:ec Association received from mobile on AP 00:3a:98:ef:5c:f0
*apfMsConnTask_1: Oct 31 14:22:05.624: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Applying site-specific Local Bridging override for station 44:2a:60:f6:d9:ec - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Applying Local Bridging Interface Policy for station 44:2a:60:f6:d9:ec - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec STA - rates (8): 2 4 11 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec STA - rates (12): 2 4 11 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Processing WPA IE type 221, length 24 for mobile 44:2a:60:f6:d9:ec
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1for this client
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Not Using WMM Compliance code qosCap 00
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec apfPemAddUser2 (apf_policy.c:270) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Associated to Associated
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_1: Oct 31 14:22:05.625: 44:2a:60:f6:d9:ec Sending Assoc Response to station on BSSID 00:3a:98:ef:5c:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_1: Oct 31 14:22:05.626: 44:2a:60:f6:d9:ec apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile 44:2a:60:f6:d9:ec on AP 00:3a:98:ef:5c:f0 from Associated to Associated
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Creating a PKC PMKID Cache entry for station 44:2a:60:f6:d9:ec (RSN 0)
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Setting active key cache index 0 ---> 8
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Setting active key cache index 8 ---> 0
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Initiating WPA PSK to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec dot1x - moving mobile 44:2a:60:f6:d9:ec into Force Auth state
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Skipping EAP-Success to mobile 44:2a:60:f6:d9:ec
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Starting key exchange to mobile 44:2a:60:f6:d9:ec, data packets will be dropped
*dot1xMsgTask: Oct 31 14:22:05.628: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.634: 44:2a:60:f6:d9:ec Received EAPOL-Key from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.634: 44:2a:60:f6:d9:ec Received EAPOL-key in PTK_START state (message 2) from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.634: 44:2a:60:f6:d9:ec Stopping retransmission timer for mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.634: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec Received EAPOL-Key from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec apfMs1xStateInc
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1for this client
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:3a:98:ef:5c:f0 vapId 1 apVapId 1 flex-acl-name:
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) pemAdvanceState2 5287, Adding TMP rule
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:98:ef:5c:f0, slot 0, interface = 1, QOS = 3
IPv4 ACL ID = 255
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5303, Adding TMP rule
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:3a:98:ef:5c:f0, slot 0, interface = 1, QOS = 3
IPv4 ACL ID = 255,
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.640: 44:2a:60:f6:d9:ec Stopping retransmission timer for mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.641: 44:2a:60:f6:d9:ec Key exchange done, data packets from mobile 44:2a:60:f6:d9:ec should be forwarded shortly
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.641: 44:2a:60:f6:d9:ec Sending EAPOL-Key Message to mobile 44:2a:60:f6:d9:ec
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*pemReceiveTask: Oct 31 14:22:05.642: 44:2a:60:f6:d9:ec 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Oct 31 14:22:05.642: 44:2a:60:f6:d9:ec 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask0: Oct 31 14:22:05.643: 44:2a:60:f6:d9:ec Sent EAPOL-Key M5 for mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.648: 44:2a:60:f6:d9:ec Received EAPOL-Key from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.648: 44:2a:60:f6:d9:ec Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 44:2a:60:f6:d9:ec
*Dot1x_NW_MsgTask_4: Oct 31 14:22:05.648: 44:2a:60:f6:d9:ec Stopping retransmission timer for mobile 44:2a:60:f6:d9:ec
*apfOrphanSocketTask: Oct 31 14:22:05.694: 44:2a:60:f6:d9:ec Orphan Packet from STA - IP 192.168.46.133
*apfOrphanSocketTask: Oct 31 14:22:05.694: 44:2a:60:f6:d9:ec Static IP client associated to interface management which can support client subnet.
*apfOrphanSocketTask: Oct 31 14:22:05.694: 44:2a:60:f6:d9:ec apfMsRunStateInc
*apfOrphanSocketTask: Oct 31 14:22:05.694: 44:2a:60:f6:d9:ec 192.168.46.133 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*pemReceiveTask: Oct 31 14:22:05.695: 44:2a:60:f6:d9:ec 192.168.46.133 Removed NPU entry.
*apfOrphanSocketTask: Oct 31 14:22:05.695: 44:2a:60:f6:d9:ec Assigning Address 192.168.46.133 to mobile
*DHCP Socket Task: Oct 31 14:22:05.710: 44:2a:60:f6:d9:ec DHCP received op BOOTREQUEST (1) (len 324,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Oct 31 14:22:05.710: 44:2a:60:f6:d9:ec DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 433,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP xid: 0x18474c86 (407325830), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP ciaddr: 0.0.0.0, yiaddr: 192.168.46.133
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP server id: 192.168.45.111 rcvd server id: 192.168.45.111
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 433,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP xid: 0x18474c86 (407325830), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP ciaddr: 0.0.0.0, yiaddr: 192.168.46.133
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:22:05.711: 44:2a:60:f6:d9:ec DHCP server id: 192.168.45.111 rcvd server id: 192.168.45.111
*DHCP Socket Task: Oct 31 14:22:56.251: 44:2a:60:f6:d9:ec DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Oct 31 14:22:56.251: 44:2a:60:f6:d9:ec DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 31 14:22:56.251: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 410,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP xid: 0x360eedf0 (906948080), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP ciaddr: 192.168.46.133, yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:22:56.252: 44:2a:60:f6:d9:ec DHCP server id: 192.168.45.111 rcvd server id: 192.168.45.111
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 410,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP xid: 0x360eedf0 (906948080), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP ciaddr: 192.168.46.133, yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*DHCP Socket Task: Oct 31 14:22:56.253: 44:2a:60:f6:d9:ec DHCP server id: 192.168.45.103 rcvd server id: 192.168.45.103
*DHCP Socket Task: Oct 31 14:29:41.712: 44:2a:60:f6:d9:ec DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec00)
*DHCP Socket Task: Oct 31 14:29:41.712: 44:2a:60:f6:d9:ec DHCP dropping looped REQUEST from DS (encap type 0xec00)
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 410,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP xid: 0x6bd418e0 (1809062112), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP ciaddr: 192.168.46.133, yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP server id: 192.168.45.111 rcvd server id: 192.168.45.111
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP received op BOOTREPLY (2) (len 410,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP processing DHCP ACK (5)
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP xid: 0x6bd418e0 (1809062112), secs: 0, flags: 0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP chaddr: 44:2a:60:f6:d9:ec
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP ciaddr: 192.168.46.133, yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 31 14:29:41.713: 44:2a:60:f6:d9:ec DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
the selected potrion of log is just about lost connection. can you help me in understanding?Well then I would look at the client device since its one device right now. If you have other devices working, it's hard to say the wireless is broke. Upgrade the wireless adapter firmware since your client has Windows 7 running on a Mac air.
Sent from Cisco Technical Support iPhone App -
Hi,
I have a problem with a poor signal. I have two WLC 5508 and 10 ap's 3502. So, that I have two wlc on the network I decided to divide this 10 ap's.
WLC 5508 has 7.0.98 software version.
The 5 first ap was associated to one wlc and the other 5 to second controller.
Two problems was observed, first that some clients which try connect to AP associated to second controller have problem to obtain IP address from DHCP pool on first wlc.
The second problem is that on this two WLC was configured two DHCP pool. One controller assigns address for a dedicated WLAN and the second wlc assigns address for a second WLAN.
This two WLAN's is broadcast on two wlc.
KamilHi Nicolas,
The APs are 3502I model and now are located on the lower ceiling.
From Thursday all APs are associated to only one WLC the second one is just only as a backup and from this time there are not any problems with a signal. This information is directly from clients.
The DHCP pool is located on the first WLC now.
Also, I considered to use switch or other machine as a DHCP pool but it's problematic to deploy now.
Kamil -
Integration between WLC 5508 and Microsoft NPS 2008
Hi guys,
Any of you, have working guidance for WLC 5508 and Microsoft NPS 2008 integration?
I managed to configure Wireless 802.1x feature (PEAP) but it failed. I'm running software ver. 7.0.116.0.
Is there any bug related 802.1x on this software version?
thanks in advance.
BR
shendyHi Shendy,
I am not aware about any bug related to this. I think you better check all configuration and make sure it is fine.
Logs from NPS and WLC (and possibly from the supplicant) may guide you where the problem resides.
What does the NPS logs tell about the reason of the authentication failure?
What does the WLC logs say about the failure (check show msglog and show traplog).
- Make sure the Radius server added correctly with correct IP and correct shared secret on WLC.
- Make sure that the radius is configured correctly to allow PEAP-MSCHAPv2.
- Make sure WLC is added successfully to WLC with correct IP address and correct shared secret.
- Make sure the clients are correctly configured and the server's (NPS) certificate is trusted on the clients.
HTH
Amjad -
Wlc 5508 and 40 access point 1141n disturbance in the temp response
Hello,
i have a wlc 5508 and 40 access point 1141n
there are 1500 users connected with this controller 5508.
but when i ping at my gateway ,there is a disturbance in the temp response .
Here below a snapshot:
Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
anyone help me?
thxLooks to be wither a duplicate address issue or a configuration issue. Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
WLC 5508 And Third Party SSL for Web Authenticaiton
Hello,
We are using WLC 5508 and currently the authentication process is via Customized WebAuth. As you know that with the WebAuth the authentication process won't work unless you launch Web Browser and you will be redirected to the Authentication Page where you type your username and password. This is a bit fuzzy for most of the users and what I'm thinking is to use different authentication mechanism where the user will automatically be prompted upon connecting to any SSID. I have read that Public/Thrid Party certificate will do this and any client can accept the public certificate.
Anyone can elaborate on this approach?
Regards,With machines that are not part of the domain, typicall if you still want to secure them usin 802.1x, you would leverage a radius server and users would be told of the SSID to connect to and enter their AD credentials. Of course, if you use AD credentials, users will now join all their other devices to that SSID. This is where ISE comes in and you can profile devices. Even though the WLC with v7.6 can profile, it's not a full fledge profiler. Depending on how well you know radius, you can leverage a portal page also and depending on the AD group a user is a member of, you can out them is a specific Vlan or if you leverage interface groups. You can do many things, but you need to really know radius and client types to figure out what can and work well in your environment. Radius alone to someone who hasn't played with it, can take days to setup without help.
Every client I setup radius for is different and it comes down to how their users are setup in AD, what devices they have and the requirements.
Scott -
WLC 5508 AND AP 1141N disturbance in the temp response
i have a wlc 5508 and 40 access point 1141n
there are 1500 users connected with this controller 5508.
but when i ping at my gateway ,there is a disturbance in the temp response .
Here below a snapshot:
Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=5 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=2 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=56 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=105 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=433 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=1 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=100 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=300 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=466 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=711 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=900 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=55 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=52 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=54 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=200 ms TTL=55
Réponse de 172.16.1.1 : octets=32 temps=57 ms TTL=55
Réponse de 172.16.1.1: octets=32 temps=800 ms TTL=55
anyone help me
THXLooks to be wither a duplicate address issue or a configuration issue. Try to test with only using the 2.4ghz and then again with only the 5ghz and see if you see a difference.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
An issue with WLC 5508 and 7921 phone
Hello all!
I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
One of 7921 phones was in trouble. It loses registration, disconnect conversations...
I installed the trial WLC and run voice diagnostics.
I saw some of "Potentially degraded QoS in downlink direction because of incorrect packet classification" messages and one "Fair upstream packet loss ratio: 1,2%, which is less than threshold 2.5%"
As I understand all of 7921 phones in these area are affected.
what does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos configuration string for AP and WLC ports on switches...
any ideas?
thanx in advanceSergey:
There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
Here is the link to download the application:
https://supportforums.cisco.com/docs/DOC-1373
download the latest versoin.
BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
Hope you'll find the config analyzer useful.
If useful please don't forget to rate.
Amjad -
What is the spec of WLC 5508 and 4402, CPU and MEM? Thanks.
I cant found any information about WLC 5508 and 4402s' spec of what type of CPU and size of MEM. Thanks.
4402 is having 512MB memory where as 5508 is having 1GB (based on "show memory statistics" output)
Also during bootup it will show (here is 4402 as example)
System will now restart!
Bootloader 7.0.116.0 (Apr 13 2011 - 14:30:45)
Motorola PowerPC ProcessorID=00000000 Rev. PVR=80200020
CPU: 833 MHz
CCB: 333 MHz
DDR: 166 MHz
LBC: 41 MHz
L1 D-cache 32KB, L1 I-cache 32KB enabled.
I2C: ready
DTT: 1 is 33 C
DRAM: DDR module detected, total size:512MB.
512 MB
8540 in PCI Host Mode.
8540 is the PCI Arbiter.
Memory Test PASS
FLASH:
Flash Bank 0: portsize = 2, size = 8 MB in 142 Sectors
8 MB
L2 cache enabled: 256KB
Card Id: 1540
Card Revision Id: 1
Card CPU Id: 1287
Number of MAC Addresses: 32
Number of Slots Supported: 4
Serial Number: FOC1229F08U
Unknown command Id: 0xa5
Unknown command Id: 0xa4
Unknown command Id: 0xa3
Manufacturers ID: 30464
Board Maintenance Level: 00
Number of supported APs: 12
In: serial
Out: serial
Err: serial
HTH
Rasika
**** Pls rate all useful responses **** -
WLC 5508 and remote site (DMVPN) Access Points
Hi All,
We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points. Here are the details:
The 5508 will live at our home office. We have multiple remote sites that are connected via Cisco's DMVPN. Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811. Can the 5508 manage the remote Access Points?
Thanks for your help guys!Are you are talking about OfficeExtend?
Cisco OfficeExtend
https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
OfficeExtend Access Point
http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890 -
WLC 5508 and LAP1310 - Not syncing up!
As the title states I have a WLC 5508 and a LAP1310 that will not sync up.
The error stated in the traps log is "AP with MAC (xxxx.xxxx.xxxx.xxxx) is unknown."
WLC software release is : 7.2.103.0
IOS on the AP is : 12.4(18a)JA2
Upon some investigation I found that the "AP with MAC is unknown" error usually points to one of two things:
A. WLC firmware needs to be updated
B. AP needs to be updated.
C. The AP is not compatible with the WLC.
I am leaning toward solution C and I am looking for a conformation or a correction, if anyone could help out that would be greatly appreciated!
I've tried reading the compatibility matrix released by Cisco, but I found it mildly confusing as to what is and isn't supported by each software release.
Sources - http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#lap1250
Problem 11: 1250 LAP Not Able to Join WLC
The setup consists of a 2106 WLC that runs version 4.1.185.0. A Cisco 1250 AP is not able to join the controller.
The log on the WLC shows this:
Mon Jun 2 21:19:37 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:37 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:26 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:20 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Mon Jun 2 21:19:20 2008 AP Associated. Base Radio MAC: f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:09 2008 AP Disassociated. Base Radio MAC:f0:2x:cf:2x:1d:3x
Mon Jun 2 21:19:03 2008 AP with MAC f0:2x:cf:2x:1d:3x (APf02x.cf2x.1d3x) is unknown.
Solution: This is because the Cisco 1250 series LAP is not supported on version 4.1. The Cisco Aironet 1250 Series AP is supported from controller versions 4.2.61 and later. In order to fix this issue, upgrade the controller software to 4.2.61.0 or later.
Problem 16: 1000 series LAPs not able to join the Wireless LAN controller, WLC runs version 5.0
This is because WLC software release 5.0.148.0 or later is not compatible with Cisco Aironet 1000 series APs. If you have a Cisco 1000 series LAP in a network, which runs WLC versions 5.0.48.0, the 1000 series LAP does not join the controller and you see this trap message on the WLC.
"AP with MAC xx:xx:xx:xx:xx:xx is unkown"videoaudiojack
What version of Premiere Elements are you using and on what computer operating system is it running?
What are the properties of this .mp4 video import (video and audio compressions, frame size, frame rate, interlaced or progressive, pixel aspect ratio)?
If you have any information about the video bitrate and audio bitrate of the file, that would be good to know.
What is the audio - stereo 2 channel or 5.1 channel?
What are you (manually) or the project automatically setting as the project preset to match the properties of your source video?
Let us start here and then decide what next.
Thank you.
ATR -
Port channel WLC 5508 and 3750
Hi All,
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
Thanks
JagdevThanks Chris,
LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
(Cisco Controller) >show lag summary
LAG Enabled
interface Port-channel14
description Port Channel to WLC001
switchport trunk encapsulation dot1q
switchport mode trunk
end
sh etherchannel 14 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 14
Number of aggregators: 14
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
14 Po14(SD) LACP Gi1/0/22(I) Gi2/0/22(I)
sh run int g1/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet1/0/22
description Trunk to WLC001 DistPort1
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end
sh run int g2/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet2/0/22
description Trunk to WLC001 DistPort2
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end -
IPhones not taking ipv4 addresses on Unified Wireless (WLC 5508 and AP 3602)
This is a really odd one...
Earlier this week we started having issues with our BYOD wireless network (802.1x, WPA2+AES) but only with Apple devices (iphone and ipad). Employees with Android or Windows phones are not having any problems at all.
A brief summary of what's observable for the issue:
Radius authentication succeeds (PASS observable in ACS logs)
IPhone status viewed on both controllers (foreign anchor in DMZ as well as corporate WLC) shows phone associated.
Debug client output shows an IPv4 address is actually being assigned to the phone however it appears to ignore it and restart the DHCP request process so debug output shows what looks to be a loop of DHCP request and offer stages.
Infrastructure notes
Cisco WLC 5508s are all running 7.4.121.0 (tried rolling back to 7.2.110.0 .....didn't help)
APs are all 3602I-N-K9
DHCP for the BYOD network is running on the anchor in the DMZ however this was temporarily moved to a switch (had no effect).
Any ideas?
DHCP Loop:
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 93, Local Bridging intf id = 12
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Set bi-dir guest tunnel for a4:c3:61:7a:1a:4f as in Export Anchor role
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Pushing IPv6: fe80:0000:0000:0000: 0c00:0c94:459e:a9db , and MAC: A4:C3:61:7A:1A:4F , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 1, flags: 0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:53.754: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 3, flags: 0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 8, flags: 0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,Thanks Scott, here you go...
On Foreign:
WLAN Identifier.................................. 2
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 42
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHTWLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
2 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
On Anchor:
WLAN Identifier.................................. 1
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHADWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ bai-beta
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.24.13.20 1812
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Enabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
1 172.24.13.251 Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled -
WLC 5508 and WPA/WPA2 causes client DNS lookups to fail
Hi all, we just recently received a brand new 5508 with 6.0.199.4 firmware. We currently have three LAP-1250s that associate just fine to the WLC.
For testing purposes only, we enabled WPA2 with both types of encryption TKIP and AES with an ASCII PSK. The clients are able to connect, authenticate and get an IP address from our local (same subnet) DHCP server. They also get the DNS info from our DHCP server. However, the problem is that they are not able to do any DNS lookups. I haven't run wireshark yet to confirm, but it sounds very familiar to this problem: https://supportforums.cisco.com/message/3202369
I've even had clients use nslookup with both of my DNS servers and they are not able to resolve. I'm not sure if the request or the reply is being blocked/dropped, but I can find out tomorrow.
Now the strange part - if I turn off WLAN security altogether, it works! That's right, I just disable L2 security for the WLAN and re-connect the clients and they are able to do full DNS lookups.
AND - if I leave L2 security configured (WPA2 with PSK), and enable L3 Passthrough security - the clients get to the auth web page, click the "accept" button and are then able to do full DNS lookups too.
What could be the problem here? There's nothing I see configured for the L2 or L3 security settings that could be the culprit. We're using default (from Cisco) configuration, so there's no ACLs configured or anything like that to block DNS.
Another strange thing here which may or not be related - during initial configuration the setup asked for a virtual IP - so I gave it one - 1.1.2.2. Now when I do an ipconfig /all on the client, I see this 1.1.2.2 address listed as the DHCP server. Why is this? It's definitely getting an IP address and DNS info from the correct DHCP server, so not sure why this is showing up.
Thanks, Matt/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi Matt,
Just wanted to jump in, and also mention it may be worth attempting to disable the fastpath feature on the 5508, and test your failing client again. You may be hitting CSCti34667.
debug fastpath cfgtool --fc.disable
This command can be run via Telnet/SSH. Please keep in mind that fastpath will automatically re-enable periodically, so we recommend disabling every 10 minutes as a workaround for any known fastpath issues. You can do so by running the following Macro in TeraTerm:
:mainloop
sendln "debug fastpath cfgtool --fc.disable"
pause 600
goto mainloop
If you find that disabling fastpath resolves your concern, you can reach out to TAC for an Escalation Image with the fix for this one.
Best,
Drew
Maybe you are looking for
-
Bom dia pessoal, Tudo bem? Estou com um problema, o seguinte, tenho um processo normal de vendas, crio a ordem, remessa, e documento de faturamento, por ultimo gero a nota fiscal e impressão, mas não esta gerando o numero da nota fiscal, o campo nume
-
Hi, I want to fetch the list of users who all are having full access to the sharepoint list using client object model with .Net Please let me know if any property for the user object or any other way to get it. Thanks in advance.
-
Hi all, I need to create a small database manually. What are the mandatory fields for DB creation. What are the steps to be followed? If anyone have the script please send me. Thanks in advance. regards, prem
-
Can anyone help? iMac wont boot
Hi, I have a G4 iMac (dome) and I use my Air most of the time, so I have decided to give it to a friend who REALLY needs a computer... I haven't ever had any problems with it and I needed to wipe it clean to give it away. So I powered it up (it had b
-
How to Disable Print Button in document.htm?
Hi, I'am using HAP_DOCUMENT BSP applications for Appraisal.I had creatde iViews for that BSP's in Portal and am able to acess all the BSP's. I'am using document_created.htm BSP for displaying Created Appraisals and it is working fine.When i cli