Guest Wired with Anchor WLC - No connectivity

stephane.rouiller · ‎05-06-2010

Hello,

We are using wired and Wireless guest access with an Anchor Controller installed in a DMZ. The Wireless guest access

works fine but it's not the case for the wired access. The client doesn't receive an IP address. A debug client x.x.x.x

shows :

*May 06 09:35:25.545: 00:18:8b:af:56:95 Adding mobile on Wired Guest 00:00:00:00:00:00(0)

*May 06 09:35:25.545: 00:18:8b:af:56:95 apfHandleWiredGuestMobileStation (apf_wired_guest.c:123) Changing state for mobile 00:18:8b:af:56:95 on AP 00:00:00:00:00:00 from Idle to Associated

*May 06 09:35:25.545: 00:18:8b:af:56:95 0.0.0.0 START (0) Initializing policy

*May 06 09:35:25.545: 00:18:8b:af:56:95 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)

*May 06 09:35:25.545: 00:18:8b:af:56:95 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

*May 06 09:35:25.545: 00:18:8b:af:56:95 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*May 06 09:35:25.545: 00:18:8b:af:56:95 apfPemAddUser2 (apf_policy.c:212) Changing state for mobile 00:18:8b:af:56:95 on AP 00:00:00:00:00:00 from Associated to Associated

*May 06 09:35:25.545: 00:18:8b:af:56:95 Stopping deletion of Mobile Station: (callerId: 48)

*May 06 09:35:25.546: 00:18:8b:af:56:95 Wired Guest packet from 10.56.53.254 on mobile

*May 06 09:35:25.546: 00:18:8b:af:56:95 Orphan Packet from 10.56.53.254

*May 06 09:35:27.044: 00:18:8b:af:56:95 Wired Guest packet from 10.56.53.254 on mobile

*May 06 09:35:27.044: 00:18:8b:af:56:95 Orphan Packet from 10.56.53.254

*May 06 09:35:27.434: 00:18:8b:af:56:95 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=ExpForeign, client state=APF_MS_STATE_ASSOCIATED

*May 06 09:35:27.434: 00:18:8b:af:56:95 Stopping deletion of Mobile Station: (callerId: 75)

*May 06 09:35:27.434: 00:18:8b:af:56:95 0.0.0.0 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)

*May 06 09:35:27.436: 00:18:8b:af:56:95 0.0.0.0 RUN (20) Reached PLUMBFASTPATH: from line 4218

*May 06 09:35:27.436: 00:18:8b:af:56:95 0.0.0.0 RUN (20) Adding Fast Path rule

type = Airespace AP Client

on AP 00:00:00:00:00:00, slot 0, interface = 13, QOS = 0

ACL Id = 255, Jumbo Frames = NO, 802.1

*May 06 09:35:27.436: 00:18:8b:af:56:95 0.0.0.0 RUN (20) Successfully plumbed mobile rule (ACL ID 255)

*May 06 09:35:27.436: 00:18:8b:af:56:95 Set bi-dir guest tunnel for 00:18:8b:af:56:95 as in Export Foreign role

*May 06 09:35:27.436: 00:18:8b:af:56:95 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4

*May 06 09:35:28.546: 00:18:8b:af:56:95 DHCP received op BOOTREQUEST (1) (len 323, port 13, encap 0xec06)

*May 06 09:35:28.546: 00:18:8b:af:56:95 DHCP dropping packet

*May 06 09:35:31.545: 00:18:8b:af:56:95 DHCP received op BOOTREQUEST (1) (len 323, port 13, encap 0xec06)

*May 06 09:35:31.545: 00:18:8b:af:56:95 DHCP dropping packet

The principal steps of the configuration were :

- Create a dynamic interface and mark it is as a "Guest LAN",

- Configure the mobility group of the Anchor Controller in the Remote Controller,

- Configure the mobility group of the Remote Controller in the Anchor Controller,

- Create the wired WLAN with the exact name in the Anchor WLC and the Remote WLC,

- The used interfaces are None (Ingress interface) and Management (Ergress interface) for the Anchor WLC,

- The used interfaces are Layer2 Guest Vlan (Ingress interface) and Management (Ergress interface) for the Remote WLC,

- Create the Mobility Anchor on the Anchor WLC and map it to itself,

- Create the Mobility Anchor on the Remote WLC and choose the IP address of the Anchor WLC,

- Data and Control Path are up in both devices.

Both WLC controllers use the same code.

Thank you.