09-30-2021 07:11 AM
Hi There,
I have two SSID (Guest and Phone) created in Cisco WLC9800, Cisco AP's are associated with WLC as expected. When users connected to Guest SSID it works fine but connected to Phone it shows connected but we cannot access Internet. Could you please guide me the troubleshooting steps or What are the basic checks we need to perform in this case.
Checked on AP broadcasting both the SSID's Guest (VLAN 98) and Phone (VLAN 99)
AP01#show dot11 VLAN-name
Configured VLAN name ID
002 99
003 98
Switch interface configuration:
========================
SW01#show run inter Gig 1/0/13
Building configuration...
Current configuration : 240 bytes
!
interface GigabitEthernet1/0/13
description CONNECTED TO LWAP AP01
switchport trunk native VLAN 2
switchport trunk allowed VLAN 98,99
switchport mode trunk
spanning-tree PORTFAST trunk
spanning-tree BPDUGUARD enable
end
Cisco ASA firewall:
===============
Static default route pointing towards ISP IP.
S* 0.0.0.0 0.0.0.0 [1/0] via 1.1.1.1, outside
Please let me know if more details required.
Regards,
Antony Xavier
09-30-2021 11:09 AM
Hello,
this is difficult to troubleshoot, as anything from the WLC9800 settings to the AP configuration to the ASA could be the problem. What is the difference between Vlan 98 and Vlan 99 when it comes to the settings ? Does the ASA function as the layer 3 device for routing and NATing these Vlans ?
To start out with, post the running config of the ASA...
09-30-2021 11:42 PM
Yes, Firewall function as Layer 3 devices. Could you please share me the CLI or GUI how to check list of SSID does AP broadcast. I am using CAWAP AIR-CAP3502I-A-K9.
10-01-2021 04:04 AM
Hello,
I think the 3502i has a GUI, check what SSIDs are being broadcast in there. Also, post the running configuration of the ASA.
10-01-2021 04:59 AM - edited 10-01-2021 05:01 AM
Hello
Can the PHONE ssid clients ping the internet?, if so check dns server allocation = ipconfig /all
IF they cannot reach the internet check your FW policys , NAT, Access-list perttaing to the PHONE ssid vlan
From a windows pc there is usefull netsh script for the wifi client you can run.
start/run cmd
netsh wlan show wirelesscapabilities
netsh wlan show wlanreport
10-04-2021 02:58 AM
Issue got resolved after updating NAT rule in Firewall.
Thanks for everyone for your valuable inputs.
Regards,
Antony Xavier
10-04-2021 03:36 AM
Hello,
a NAT rule on the ASA ? Glad you got it resolved...!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide