client not receive ip address - dhcp_reqd

Augustgood · ‎02-12-2014

Hi,

In my environment there's a 5508 (firmware 7.4.110.0) and ap 1600 with a ias radius server. All wlan are in flex-connect local switching, one client try to connect on a wlan but not receive ip address. After enabled debug aaa all i took the log corresponding :

Cisco Controller) >*emWeb: Feb 11 16:52:36.047: Created WARP Capabilities IE (length 12) for WLAN LAB

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Adding mobile on LWAPP AP 00:3a:9a:77:55:a0(0)

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Association received from mobile on BSSID 00:3a:9a:77:55:06

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP radio

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Max Client Trap Threshold: 50 cur: 3

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Rf profile 200 Clients are allowed to AP wlan

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 Re-applying interface policy for client

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)

*apfMsConnTask_2: Feb 11 16:54:22.495: 18:3d:a2:25:01:a4 In processSsidIE:4264 setting Central switched to FALSE

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific Local Bridging override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Local Bridging Interface Policy for station 18:3d:a2:25:01:a4 - vlan 0, interface id 0, interface 'management'

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying site-specific override for station 18:3d:a2:25:01:a4 - vapId 103, site 'Test', interface 'management'

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Re-applying interface policy for client

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE statusCode is 0 and status is 0

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 processSsidIE ssid_done_flag is 0 finish_flag is 0

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 suppRates statusCode is 0 and gotSuppRatesElement is 1

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Processing WPA IE type 221, length 24 for mobile 18:3d:a2:25:01:a4

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 unsetting PmkIdValidatedByAp

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Initializing policy

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_2: Feb 11 16:54:22.496: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfMsAssoStateInc

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Idle to Associated

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfPemAddUser2:session timeout forstation 18:3d:a2:25:01:a4 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Stopping deletion of Mobile Station: (callerId: 48)

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 Sending Assoc Response to station on BSSID 00:3a:9a:77:55:a0 (status 0) ApVapId 1 Slot 0

*apfMsConnTask_2: Feb 11 16:54:22.497: 18:3d:a2:25:01:a4 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 18:3d:a2:25:01:a4 on AP 00:3a:9a:77:55:a0 from Associated to Associated

*apfMsConnTask_2: Feb 11 16:54:22.506: 18:3d:a2:25:01:a4 Updating AID for REAP AP Client 00:3a:9a:77:55:a0 - AID ===> 4

*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800

*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state

*dot1xMsgTask: Feb 11 16:54:22.512: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 1)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Received EAPOL START from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Connecting state

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.513: 18:3d:a2:25:01:a4 Sending EAP-Request/Identity to mobile 18:3d:a2:25:01:a4 (EAP Id 2)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.541: 18:3d:a2:25:01:a4 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Received Identity Response (count=2) from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 EAP State update from Connecting to Authenticating for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticating state

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.554: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=3) for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.572: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 3)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 3, EAP Type 25)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.585: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=4) for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.598: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 4)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 4, EAP Type 25)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.613: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Processing Access-Challenge for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Entering Backend Auth Req state (id=7) for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 WARNING: updated EAP-Identifier 4 ===> 7 for STA 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.627: 18:3d:a2:25:01:a4 Sending EAP Request from AAA to mobile 18:3d:a2:25:01:a4 (EAP Id 7)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAPOL EAPPKT from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Received EAP Response from mobile 18:3d:a2:25:01:a4 (EAP Id 7, EAP Type 25)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.643: 18:3d:a2:25:01:a4 Entering Backend Auth Response state for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Processing Access-Accept for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 acl from 255 to 255

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Resetting web IPv4 Flex acl from 65535 to 65535

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting re-auth timeout to 1800 seconds, got from WLAN config.

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Station 18:3d:a2:25:01:a4 setting dot1x reauth timeout = 1800

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created for mobile, length = 253

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Username entry (pippo) created in mscb for mobile, length = 253

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Creating a PKC PMKID Cache entry for station 18:3d:a2:25:01:a4 (RSN 0)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 8

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Setting active key cache index 8 ---> 0

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.656: 18:3d:a2:25:01:a4 Sending EAP-Success to mobile 18:3d:a2:25:01:a4 (EAP Id 7)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Starting key exchange to mobile 18:3d:a2:25:01:a4, data packets will be dropped

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4

state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Entering Backend Auth Success state (id=7) for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 Received Auth Success while in Authenticating state for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.657: 18:3d:a2:25:01:a4 dot1x - moving mobile 18:3d:a2:25:01:a4 into Authenticated state

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Received EAPOL-key in PTK_START state (message 2) from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.671: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4

state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 apfMs1xStateInc

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1for this client

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.689: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:3a:9a:77:55:a0 vapId 103 apVapId 1 flex-acl-name:

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule

type = Airespace AP - Learn IP address

on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0

IPv4 ACL ID = 255, IP

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Key exchange done, data packets from mobile 18:3d:a2:25:01:a4 should be forwarded shortly

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 Sending EAPOL-Key Message to mobile 18:3d:a2:25:01:a4

state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02

*pemReceiveTask: Feb 11 16:54:22.690: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

*spamApTask3: Feb 11 16:54:22.707: 18:3d:a2:25:01:a4 Sent EAPOL-Key M5 for mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-Key from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.768: 18:3d:a2:25:01:a4 Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 18:3d:a2:25:01:a4

*Dot1x_NW_MsgTask_4: Feb 11 16:54:22.769: 18:3d:a2:25:01:a4 Stopping retransmission timer for mobile 18:3d:a2:25:01:a4

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule

type = Airespace AP - Learn IP address

on AP 00:3a:9a:77:55:a0, slot 0, interface = 13, QOS = 0

IPv4 ACL ID = 255,

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)

*pemReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

(Cisco Controller) >*emWeb: Feb 11 16:54:46.127: 18:3d:a2:25:01:a4 Central Switch = FALSE

*emWeb: Feb 11 16:54:46.128: 18:3d:a2:25:01:a4 Central Switch = FALSE

(Cisco Controller) >

(Cisco Controller) >*emWeb: Feb 11 16:55:36.461: 18:3d:a2:25:01:a4 Central Switch = FALSE

*emWeb: Feb 11 16:55:36.463: 18:3d:a2:25:01:a4 Central Switch = FALSE

From log i know that 802.1x passed, while dhcp don't send ip address. It seems that the local vlan id is 0 while in reality is 3... WHY ? i don't understand.

Someone can help me to find the problem? i think the problem is on the network, the dhcp ( the corporate router) is directly connected to the ap.

Sandeep Choudhary · ‎02-12-2014

you are using internal or external dhcp server ???

did you enabled dhcp proxy ??

if not :

via GUI:

Controller->Advanced->DHCP

via the CLI:

Config dhcp proxy enable

Regards

Augustgood · ‎02-12-2014

we use an external dhcp (the router of AP) ,dhcp proxy is disabled, work in bridge mode.

Sandeep Choudhary · ‎02-12-2014

did you used this command on layer 3 device.

Switch#conf t
Switch(config)#interface vlan 
Switch(config-if)#ip helper-address

Regards

Augustgood · ‎02-12-2014

the other wlan client receive ip address from dhcp. WLAN 103 is mapped with vlan 3 but on log appear vlan 0:

IPv4 ACL ID = 255,

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 0, Local Bridging intf id = 0

*apfReceiveTask: Feb 11 16:54:25.619: 18:3d:a2:25:01:a4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)

*pemReceiveTask: Feb 11 16:54:25.619: 1

Scott Fella · ‎02-12-2014

Are you setting your FlexConnect native vlan and the wlan to vlan mapping? You also need to make sure you have the ip helpers setup and that dhcp is working. I would configure a switch port to a vlan that the wireless users is suppose to be on locally at that site and connect a laptop to that port and make sure that the laptop gets an address.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎02-12-2014

Yea to add to Scoots response. Flex connect local, all your DHCP happens at the switch not the controller.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Augustgood · ‎02-12-2014

HI

the strange thing is that the VLAN is mapped correctly on the configuration of the AP:

WLAN 103 > VLAN 3

but on log appear vlan 0 !!!

my dhcp is the router directly connected, so do not use ip helper address, other WLAN work....

i must test a wired client...

Scott Fella · ‎02-12-2014

If the AP and the users are on the same vlan, vlan 3, then you can have that switchport as an access vlan 3, IF they are different, then you need to set the switchport as a trunk. Test with a wired PC to verify that it works... test on the same switch as the AP also.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Augustgood · ‎02-13-2014

The ap is not a 1600 but a 1242 bgn (flex connect local switching). I tested one client on a wired side and receive all the time ip address from dhcp. After reboot the switch, router and ap the problem occurs on another WLAN. The problem is not systematic on the same wlan. For testing purpose i turned off the secondary switch/router and the problem persist. I removed the flag to deny static addressing, and the problem persist.

someone can help me ?

Augustgood · ‎02-13-2014

i checked the trunk on ap side, switch side and router side, is configured correctly, one vlan is native (for management) and the other tagged.

Augustgood · ‎02-26-2014

SOLVED

This is a bug with flexconnect and native vlan 2 for management (only), with other vlan i can't find that problem.

DON'T USE VLAN 2 WITH FLEXCONNECT ON AP 1242 WITH RELEASE MINOR TO 7.6, ON 7.4 WAS SOLVED ON BETA RELEASE.

this is a bug:

https://tools.cisco.com/bugsearch/bug/CSCui73764