cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
697
Views
5
Helpful
2
Replies

Certain nodes unable to connect to Cisco WiFi network after tier 1 outage

mcbenton71
Level 1
Level 1

Last Thursday (7/30/2020), our tier 1 Internet provider went offline due to severed fiber. After access was restored, we began receiving reports of users not being able to connect to the Internet via our corporate WiFi network; however, they could connect through our guest network. This is completely random and is affecting Windows, Mac OS, and iOS clients. Multiple WiFi adapter makes and models are affected, as well, so we are unable to narrow the problem down to a single product line or set of drivers. Not all clients are affected. In fact, most of them connect just fine.

 

We have seven Cisco WAP371 access points running firmware version 1.3.0.7, all of which connect through a Juniper switch stack to a Palo Alto PA-500 network appliance. We run both 2.4 GHz and 5 GHz networks, and each is configured with two SSIDs, one for guests and the other for corporate. Guest network runs through VLAN 1, corporate runs through VLAN 6. The latter is the problem. When certain clients try to connect, they get a "No internet access" error and are unable to ping the default gateway; however, they are receiving an IP address from the DHCP server and the default gateway appears in ipconfig. DNS settings are correct. Network shows up in Windows network settings as "Unidentified."

 

We made no changes to any of our network layers before or after the outage, implemented no new firewall rules, etc. Everything was exactly the same after service was restored. All clients who connect to the guest network are able to access the Internet, and there doesn't appear to be any difference between the network settings, apart from the guest network being on a different VLAN and having fewer permissions for internal assets. We've tried disabling security software temporarily on the affected clients, to no avail. The Palo Alto firewall does not show any network activity for those clients who cannot connect over the corporate (VLAN 6) network. It does show their DHCP leases.

 

I can provide logs from the access points and other sources, if needed. We have never encountered this problem before, so we are unsure how to approach it.

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame
I don’t know much about that model ap, but you should try to connect a wired client to that same vlan and see if everything if working. If not, then you know its something on the infrastructure not the wireless.
-Scott
*** Please rate helpful posts ***

View solution in original post

2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame
I don’t know much about that model ap, but you should try to connect a wired client to that same vlan and see if everything if working. If not, then you know its something on the infrastructure not the wireless.
-Scott
*** Please rate helpful posts ***

Not sure why that didn't occur to us. Professional myopia. Anyway, we tested a known good client and a known bad client on wired Ethernet for that VLAN, and the bad client never linked up, so it looks like a layer 2 problem. We're investigating the switches. Thanks for the boost.

Review Cisco Networking for a $25 gift card