I have a WLC 5508 on the 6.0 code. I am running PEAP. Users login with the certificate staged and are coming up with 169.254 addresses. From the controller however, I see them at valid address from the virtual interface I expect (10.1.27.x). On my MS Radius server, I see successful authentication. Attached is what I see at the controller. What am I missing? Why would the WLC see it as having an IP, but the client (have seen this on WinXP, Win7, Vista) show a bailout IP?
I am having a similar issue with our wireless users. I am currently running 6.0.182 on my controllers and WiSM and am having issues with both. I am using WPA2 with EAP-FAST and ACS 4.1 to authenticate users. I can see the users pass authentixcation on the ACS and everything looks ok.Clients are running a mixture of Windows 7 and Windows XP/2000. We are currently migrating users to Windows 7.
The controllers show a valid IP address but the users are experiencing issues with 169.254.x.x IP addresses. Everything worked fine before I upgraded to 6.0 and this was mainly because I got a 30 pack of 1142's that would not run on 4.2.x.
I have opened a TAC case with the Wireless and ACS teams and everything appears to be setup correctly.
If you have not already tried it, you should set your wireless LAN for no encryption and no authentication and see if clients get DHCP addresses.
Are all the clients having this issue? Is DHCP over ride selected?
This is a bump.
I am having the same issue. here is my configuration / setup
Here is my situation. I am running a new WLC 5508 with 6.0x code and the controller is housed at the data center, the remote building has a high speed point to point link. I have no issues with the LAPs connecting but clients are not getting IP addresses from the local DHCP server. I run the WLC as DHCP Proxy.
I am running DHCP server running on the local 3560 switch. Also I am not using option 43 on the DHCP server to provide the controllers address I am using DNS which resolves CISCO-CAPWAP-CONTROLER to the management address of the controller.
The LAP has a static address 10.100.6.20
The switchport that the LAP is plugged into is configured:
switchport mode access
switchport access vlan 106
switchport voice vlan 108
interface vlan 106
ip dhcp pool Users
network 10.100.6.0 255.255.255.0
From what I understand the client connects and the WLAN which then the controllers virtual IP in my case 18.104.22.168 tells the local DHCP server that a client is looking for DHCP and then provides the client with IP. I have this working in other building with the exact same configuration as above except that I am using local DNS server to lookup the name of the Controller Management IP but I cant understand why that would matter.
I have run debug messages on the switch and don't even see the DHCP Offer messages. I have verified that wired clients are getting DHCP from the switch.
Here is what I have found out since posting on this thread.
We are migrating our machines to Windows 7 and have just completed this, all 5000 machines. We were using Infoblox appliances to handle DNS and DHCP addressing. Windows 7 and Vista apparently has issues with getting IP addresses from anything other than a Microsoft DHCP server.We were experiencing issues on both wired and wireless.
Here is the article:
As a test I had our platforms guys create a Win 2008 server with DHCP and moved all our wireless DHCP addressing over to this. This has fixed the DHCP and connectivity issues for the wireless side. The wired network is still running on the Infoblox and we are waiting to hear from Infoblox about a patch.
We are however still seeing authentication issues with EAP-FAST. We can move a client to LEAP and they get on fine but when using EAP-FAST the ACS keeps sending PAC files. I can log the user off and log on to the same machine with no problem. The user can go to another machine and it works fine. We're seeing this all over the state.
Most clients are using a Dell Latitude D620, D630 or E6400 laptops with Broadcom Wireless NICs, there are some Intel cards out there as well. My personal laptop is an ATG D620 running Windows XP still and it doesn't have any trouble at all. Users with Windows 7 are only having issues. I think this is something to do with the OS and the wireless supplicant.
Having the same problem on Windows 7, with the same models.
2 x Cisco Secure ACS servers
Cisco 4400 series WLC at each site, SSID is configured with WEP encryption, EAP-FAST
Dell laptops (normally Latitude D620/D630s, but some newer) running Windows 7. All are using the Cisco EAP-FAST plugin, installed in automated fashion via MSI.
We have made no changes to our infrastructure, and Windows XP clients using the Broadcom Wireless Client for Dell are connecting fine. The clients using the Cisco EAP-FAST plugin connect OK, but often get repeatedly requested to get a new PAC file, sometimes 50-100 times an hour.
Is there any workaround for this at all?