12-05-2023 03:28 AM
Hello,
Today i got many client reporting that the wireless client can't connect to the wifi, and when i check in the WLC the client stuck on dhcp req state. If the client using static ip address, the client can connect to the network.
The AP run in flex connect and here i attach debug file from the WLC.
Need help from someone expert here.
Solved! Go to Solution.
12-05-2023 04:59 AM
>The controller use model 2504 with 8.5.151.0 software version.
As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html go for https://software.cisco.com/download/specialrelease/2702eede2b47a5c3bb40795bbe836af6
>..Found useful information in the log provided?
- I would advise to have a checkup of the controller configuration according to WirelessAnalyzer input (procedure) for AireOs controllers and feed the output into Wireless Config Analyzer
M.
12-05-2023 04:09 AM
as per high level the device too get IP - or is this configured manually ?
Dec 05 14:28:27.313: 7c:b5:66:6b:d1:63 Recieved MS IPv4 Addr= 10.101.192.46
If you are not getting IP from DHCP, then check from controller are you able to reach the DHCP Server, or from SVI are you able to reach the DHCP
from controller can you post below output :
>show interface summary
> show dhcp proxy
>show wlan
12-05-2023 04:22 AM
The strange is this is happened not for all client, in same AP, same SSID and same VLAN there also many clients which working normally.
Here result of show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
wifi-user-slk 2 213 10.101.13.2 Dynamic No No
Here result of show dhcp proxy
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behaviour: disabled
Bootp-Broadcast:disabled
Here result of show vlan
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... SE-SALAK
Network Name (SSID).............................. SE-SALAK
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Enabled
DHCP ....................................... Disabled
HTTP ....................................... Enabled (Auto)
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum Clients Allowed.......................... Unlimited
Security Group Tag............................... Unknown(0)
--More-- or (q)uit
Maximum number of Clients per AP Radio........... 200
ATF Policy....................................... 0
Number of Active Clients......................... 38
Exclusionlist.................................... Disabled
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
Web Auth Captive Bypass Mode..................... None
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... none
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi-user-slk
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
Central NAT Peer-Peer Blocking................... Unknown
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Static IP client tunneling....................... Disabled
Tunnel Profile................................... Unconfigured
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=0)
--More-- or (q)uit
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Enabled
Interim Update Interval.................... 0
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Mu-Mimo.......................................... Enabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
--More-- or (q)uit
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
CCMP256 Cipher.......................... Disabled
GCMP128 Cipher.......................... Disabled
GCMP256 Cipher.......................... Disabled
OSEN IE.................................... Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
OSEN-1X................................. Disabled
SUITEB-1X............................... Disabled
SUITEB192-1X............................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web Authentication Timeout.................... 300
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
qrscan-des-key................................
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
FlexConnect Central Association............... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
--More-- or (q)uit
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Enabled
AVC Profile Name................................. None
OpenDns Profile Name............................. None
OpenDns Wlan Mode................................ ignore
Flow Monitor Name................................ None
Split Tunnel Configuration
Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Disabled
802.11v BSS Max Idle Service..................... Enabled
--More-- or (q)uit
802.11v BSS Transition Service................... Disabled
802.11v BSS Transition Disassoc Imminent......... Disabled
802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled
Broadcast Tagging................................ Disabled
PRP.............................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status Priority
------- --------------- ------ --------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
----------------
Priority Policy Name
--More-- or (q)uit
-------- ---------------
QoS Fastlane Status.............................. Disable
Selective Reanchoring Status..................... Disable
Lobby Admin Access............................... Disabled
Fabric Status
--------------
Fabric status.................................... Disable
Vnid Name........................................
Vnid............................................. 0
Applied SGT Tag.................................. 0
Peer Ip Address.................................. 0.0.0.0
Flex Acl Name....................................
Flex Avc Policy Name.............................
U3-Interface................................... Disable
U3-Reporting Interval.......................... 30
12-05-2023 04:41 AM
- What is the controller model and software version being used ? Below you will find the output from your attached debugging file when processed with https://cway.cisco.com/wireless-debug-analyzer/ (Show All flag was checked)
TimeTaskTranslated
Connection attempt #1 | |||
Dec 05 14:28:22.292 | *apfReceiveTask | Client disassociation event has occured. Possible reasons may be due to AP Radio Reset usually due to channel change or wlan was manually disabled or Client unable to get valid DHCP IP for WLAN using DHCP required | |
Dec 05 14:28:22.293 | *apfReceiveTask | Client has been deauthenticated | |
Dec 05 14:28:22.293 | *apfReceiveTask | Client session has timed out | |
Connection attempt #2 | |||
Dec 05 14:28:27.231 | *apfMsConnTask_4 | Client made new Association to AP/BSSID BSSID 18:8b:9d:34:46:1a AP IDSLKWA16-IT | |
Dec 05 14:28:27.233 | *apfMsConnTask_4 | Client has entered DHCP Required state | |
Dec 05 14:28:27.233 | *apfMsConnTask_4 | Client has successfully cleared AP association phase | |
Dec 05 14:28:27.233 | *apfMsConnTask_4 | WLC/AP is sending an Association Response to the client with status code 0 = Successful association | |
Dec 05 14:28:27.312 | *DHCP Socket Task | Received DHCP ACK from DHCP server | |
Dec 05 14:28:27.313 | *DHCP Socket Task | Received DHCP ACK, assigning IP Address 10.101.192.46 | |
Dec 05 14:29:02.782 | *spamApTask7 | Client expiration timer code set for 10 seconds. The reason: Intra-AP roam (radio to radio on same AP) | |
Connection attempt #3 | |||
Dec 05 14:29:02.785 | *apfMsConnTask_4 | Client made new Association to AP/BSSID BSSID 18:8b:9d:34:46:12 AP IDSLKWA16-IT | |
Dec 05 14:29:02.785 | *apfMsConnTask_4 | Client expiration timer code set for 1 seconds. The reason: Client deleted due to wlan change (fast SSID is disabled) | |
Dec 05 14:29:03.766 | *apfReceiveTask | Client disassociation event has occured. Possible reasons may be due to AP Radio Reset usually due to channel change or wlan was manually disabled or Client unable to get valid DHCP IP for WLAN using DHCP required | |
Dec 05 14:29:03.766 | *apfReceiveTask | Client has been deauthenticated | |
Dec 05 14:29:03.766 | *apfReceiveTask | Client session has timed out | |
Connection attempt #4 | |||
Dec 05 14:29:07.895 | *apfMsConnTask_4 | Client roamed to AP/BSSID BSSID 18:8b:9d:34:46:1d AP IDSLKWA16-IT | |
Dec 05 14:29:07.897 | *apfMsConnTask_4 | The WLC/AP has found from client association request Information Element that claims PMKID Caching support | |
Dec 05 14:29:07.897 | *apfMsConnTask_4 | The Reassociation Request from the client comes with 0 PMKID | |
Dec 05 14:29:07.897 | *apfMsConnTask_4 | Client is entering the 802.1x or PSK Authentication state | |
Dec 05 14:29:07.897 | *apfMsConnTask_4 | Client has successfully cleared AP association phase | |
Dec 05 14:29:07.897 | *apfMsConnTask_4 | Client is entering PSK Dot1x or WEP authentication phase | |
Dec 05 14:29:07.898 | *apfMsConnTask_4 | WLC/AP is sending an Association Response to the client with status code 0 = Successful association | |
Dec 05 14:29:07.933 | *Dot1x_NW_MsgTask_3 | 4-Way PTK Handshake, Sending M1 | |
Dec 05 14:29:07.962 | *Dot1x_NW_MsgTask_3 | 4-Way PTK Handshake, Received M2 | |
Dec 05 14:29:07.962 | *Dot1x_NW_MsgTask_3 | 4-Way PTK Handshake, Sending M3 | |
Dec 05 14:29:07.987 | *Dot1x_NW_MsgTask_3 | 4-Way PTK Handshake, Received M4 | |
Dec 05 14:29:07.987 | *Dot1x_NW_MsgTask_3 | Client has completed PSK Dot1x or WEP authentication phase | |
Dec 05 14:29:07.988 | *Dot1x_NW_MsgTask_3 | Client has entered DHCP Required state |
12-05-2023 04:47 AM
The controller use model 2504 with 8.5.151.0 software version.
Found useful information in the log provided?
12-05-2023 04:59 AM
>The controller use model 2504 with 8.5.151.0 software version.
As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html go for https://software.cisco.com/download/specialrelease/2702eede2b47a5c3bb40795bbe836af6
>..Found useful information in the log provided?
- I would advise to have a checkup of the controller configuration according to WirelessAnalyzer input (procedure) for AireOs controllers and feed the output into Wireless Config Analyzer
M.
12-05-2023 05:16 AM
Here my config analyzer and i will try to follow the given recommendation.
12-05-2023 05:35 AM
>...and i will try to follow the given recommendation.
- Good work , you can run WirelessAnalyzer again after (attempted) correction , until all errors are resolved, well that includes the red ones , I mean (red ones should get resolved!)
M.
12-05-2023 05:59 AM
Two post same issue the dhcp pool exhausted.
The solution is config idle timeou.
Try it and check
MHM
12-05-2023 06:34 AM
yes i think this is dchp pool is full, will monitor for somedays.
12-05-2023 07:29 AM
Reduce the least time or increase the scope
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide