I have two number of WLC model 5508 running IOS version 184.108.40.206. And One WLC in DMZ with the same model and IOS version. AP model is 1141.
The Two WLCs are integrated with ACS.
I have a SSID named EMployee. The DHCP for the users are configured in a seperate DHCP server and i have mapped this DHCP server IP to the interaface Employee.And this interface is mapped to the SSID as well.. But my client is not receiving the DHCP IP. Attached are the debug logs from the client.
Please elp me out with a solution for this..
Please disable DHCP proxy on the WLC and see its this helps..
Whats the PEM state of the client??
IT seems like WLC is excluding the client.
--> Ignoring assoc requestdue to mobile in exclusion list or marked for deletion
WHat is the security method? did you tested it with no security and see if it works?
I have tried with DHCP proxy. It didnot help. The client authentiction method is EAP-TLS. I have configured accordingly in WLC.
Let me try with open and il check. Could you please share the EAP-TLS configuration on windows and INtel and correspondingly what needs to be done in WLC?
I'd definitely remove client exclusion during your testing.
However, your clients initial association request is being rejected.
Its not failing to authenticate, its not failing dhcp, the WLC is just flat out rejecting your client's association.
It would help to have more of your log though instead of just this one snippet.
For example, I see you are moving from an A radio to a B/G Radio.
*apfMsConnTask_4: Apr 13 17:32:11.869: 00:1c:bf:10:a2:58 Updated location for station old AP b8:be:bf:b6:f3:20-1, new AP b8:be:bf:b6:f3:20-0
Did your client work on the A radio and it just fails to roam to B/G, or was it failing on A radio as well......?
Either way, WLC does not like your association request based on this debug.
Has this been answered. We have a similar setup at my office and i would love to know how you fixed it.
Sent from Cisco Technical Support iPad App
It might be easier to open your own thread so others don't get confused. Then we can ask how your setup is and what is working what isn't.
If you follow the design practices you wont have any problems. If you are in your intial deisgn. I would recommend a few things.
1) Dont use the WLC as a DHCP server. Put a dhcp server in the DMZ or allow DHCP inside
2) Make sure you make dummy interfaces on the foreign controllers for the guest network
3) QoS Throttle traffic so that guest dont get a free ride
4) QoS set to bronze
Hope this helps a little