09-12-2024 04:49 AM
I am having a strange problem with my AirOS 8540 WLC sometimes using the wrong DHCP proxy IP for one of my vlan interfaces.
I have a ISE enabled SSID where i have set a dummy interface in the WLAN tab.
Normaly this works flawless for all the networks.
But sometimes out of (to my knowledge) nowhere i am having trouble with one of the vlans.
clients can connect fine to the ssid, and in ISE i see the authentication go through as it should, but they cant get an IP adress somehow.
I then do a client connection test from the WLC and am seing that the wlc is using the wrong DHCP proxy ip.
Instead of using the one configured on the vlan interface i want to connect, it uses the one from the dummy interface.
I try to ping the vlan interface of the WLC and am getting no response. After a while, with getting nowhere, suddenly the interface is reachable again, and clients can get their IP adresses.
The even stranger thing is that this problem does not seem to affect windows laptops... why?? i dont know. all clients on that vlan are doing PEAP.
Other vlans on the same ssid work fine.
We have this problem every other month or so randomly happening, its never the same time or day of week, but it always lasts for around one hour.
Are there any logs in the WLC i can look at?
I tried looking through the "show logging" output, but cant see anything usefull at the time it suddenly starts to work again..
09-12-2024 04:50 AM
in WLC try use
IP-MAC binding
MHM
09-12-2024 05:02 AM
Im not sure i understand what you mean..
I should add to it that the vlan is pretty big with ~ 5000 simultaneous BYOD clients
09-12-2024 05:50 AM
sorry this option for WLC 9800 not for 8540
with 8540 in monitoring client are the client associate and success auth
MHM
09-12-2024 06:00 AM
Yes, the client associate and get authenticate correctly, and i can see in WLC that it is gettin the correct vlan information from ISE.
but instead of the configured vlan DHCP Proxy IP i get the one from the Dummy interface configured on the wlan interface.
09-12-2024 06:14 AM
- You can start with a checkup of the 8540's controller configuration using : WirelessAnalyzer input (procedure) for AireOs controllers
And feed the output from that into Wireless Config Analyzer
+ When clients don't get an ip address use client debugging according to https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/213258-collect-debugs-from-wireless-lan-control.html
Client debugs can be high level analyzed with Wireless Debug Analyzer
+ As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html the 8540 should use 8.10.196.0 , this is important these days because the aireos controller are being
phased out in favor of the 9800 series , they should use the last release available because there is
no further bug fixing planned ,
M.
09-12-2024 06:15 AM
- As the issue seems intermittent you should also configure a syslog server on the 8540 and keep up on logs
arriving on it
M.
10-02-2024 12:47 AM
My (fix) for this problem was to just disable the DHCP proxy mode for that interface.
Im not entirely sure why it was enabled in the first place.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide