(Cisco Controller) >show

Mohammed Al-Mohanny · ‎03-16-2014

I have this error in Cisco 2500 series Wireless Controller

The AP type Cisco AIR-CAP35021-A-K9

I cann't connect the client to AP when i try to connect i get this error on Cisco 2500 series Wireless Controller But the AP get ip .

Please can any on help me .

Client Excluded: MACAddress:Base Radio MAC : Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode:

Leo Laohoo · ‎03-16-2014

Post the output to the command "sh wlan ID".

Mohammed Al-Mohanny · ‎03-16-2014

(Cisco Controller) >show wlan 1

WLAN Identifier.................................. 1
Profile Name..................................... EAU_WIRELESS
Network Name (SSID).............................. EAU_WIRELESS
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control

Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ users
Multicast Interface.............................. Not Configured

--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers

--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security

802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled

--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 no
t configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------

Leo Laohoo · ‎03-17-2014

Can you please post the complete output to the command "sh interface detail users"?

Mohammed Al-Mohanny · ‎03-18-2014

(Cisco Controller) >show interface detailed users

Interface Name................................... users
MAC Address...................................... 50:17:ff:26:da:84
IP Address....................................... 172.16.40.2
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.16.40.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 40
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.16.40.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. test
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled

Leo Laohoo · ‎03-18-2014

So let me get this straight: Wireless client successfully authenticate to the SSID but cannot get a valid IP address.

If this is correct, then what is your DHCP config found in 172.16.40.1?

Mohammed Al-Mohanny · ‎03-18-2014

This is the dhcp in core switch

!
ip dhcp pool WL_USERS
network 172.16.40.0 255.255.255.0
domain-name EAU.edu
dns-server 8.8.8.8
default-router 172.16.40.1
!

and this is the dhcp on the WLC in this image attatch

(Cisco Controller) >show dhcp stats

DHCP Proxy Behaviour: enabled

DHCP Server IP Address:.......................... 172.16.40.1
DHCP DISCOVER Count:........................... 0
DHCP REQUEST Count:............................ 0
DHCP INFORM Count:............................. 0
DHCP DECLINE Count:............................ 0
DHCP RELEASE Count:............................ 0
DHCP REPLY Count:.............................. 0
DHCP OFFER Count:.............................. 0
DHCP ACK Count:................................ 0
DHCP NAK Count:................................ 0
Tx Fails:...................................... 0
Last Rx Time:.................................. 0
Last Tx Time:.................................. 0

(Cisco Controller) >show dhcp s?
stats summary
(Cisco Controller) >show dhcp ?

detailed Display dhcp information for a particular scope.
leases Display the allocated dhcp leases.
opt-82 Display the status of DHCP Option 82 config.
proxy Display the status of DHCP proxy.
stats Display the dhcp proxy statistics.
summary Display the dhcp summary.
timeout Display the dhcp timeout.

(Cisco Controller) >show dhcp summary

Scope Name Enabled Address Range
Client Yes 172.16.40.2 -> 172.16.40.250

Mohammed Al-Mohanny · ‎03-18-2014

(Cisco Controller) >show dhcp opt-82

DHCP Opt-82 RID Format: <AP radio MAC address>

Leo Laohoo · ‎03-22-2014

Apologize for the late response. Was a bit busy. What is the appliance with the DHCP configuration? Is this a 6500? If this is so, can you post the interface VLAN configuration of the 172.16.40.1? Did you also create a VLAN entry in the VLAN database? Is the VLAN interface "enabled"? Can you also post the output to the command "sh interface vlan ".

omer shtivi · ‎03-27-2014

did you try to get an IP address from the VLAN and not from the wireless? try to connect to the LAN and check if you get an IP, this will split the issue into two segements, wireless or LAN/DHCP.

If you get an IP do you have ping between the Controller and the DHCP sever?

What is configured in the ACL "test"?

Sandeep Choudhary · ‎03-16-2014

Paste the output of these:

sh sysinfo from WLC

sh version from AP

sh wlan <wlan id> from wlc

Regards

Mohammed Al-Mohanny · ‎03-16-2014

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.220.0
Bootloader Version............................... 1.0.18
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0

Build Type....................................... DATA + WPS

System Name...................................... Wireless Controller
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 172.16.50.100
Last Reset....................................... Power on reset
System Up Time................................... 0 days 12 hrs 27 mins 53 secs
System Timezone Location.........................
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base

--More-- or (q)uit
Next Boot License Type........................... Permanent

Configured Country............................... AR - Argentina
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +30 C
External Temperature............................. +33 C
Fan Status....................................... 4500 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 50:17:FF:26:DA:80
Maximum number of APs supported.................. 5

(Cisco Controller) >show wlan summary

Number of WLANs.................................. 1

WLAN ID WLAN Profile Name / SSID Status Interface Name
------- ------------------------------------- -------- ---------------
1 EAU_WIRELESS / EAU_WIRELESS Enabled users

Hemant Kumar · ‎03-27-2014

I can see you have selected AR - Argentina country in your WLC whereas your AP model is for America.

Please select the America as well in wlc option. It must be in controller tab.