Solved: Guest Wireless client not getting IP addresses

keith.k.quaye · ‎09-22-2011

WLC 5508 as anchor running 7.0.116.0 locally configured DHCP scope. Scope has been enabled. There are 2 Foreign controllers in different locations Mobility ggroups have been configured and there is communication between them I am able to ping , mping and eping. I have gone through my configuration but can't find what is missing.

pcroak · ‎09-23-2011

Hi Keith,

It looks like we have a misconfiguration on your anchor controller configuration on the WLAN. To properly anchor a WLAN, the foreign WLC should point the anchor, and the anchor should only point to itself.

For example:

10.12.30.114 is your foreign

10.12.130.114 is your anchor

On the Foreign WLC, define an anchor pointing to 10.12.130.114

On the Anchor WLC, define the anchor pointing only to itself, 10.12.130.114 (local)

It seems we have 2 entries on your anchor, so I think the anchor is getting confused and might be trying to tunnel traffic again.

-Pat

View solution in original post

pcroak · ‎09-23-2011

One additional note -- the WLAN config needs to match between the WLCs, we have DHCP required (under advanced tab) disabled on the foreign, but enabled on the anchor.

If we correct these 2 things I think it should work!

-Pat

View solution in original post

pcroak · ‎09-23-2011

Hi Keith,

I would also suspect the firewall. Pings sourced from the WLC will be sent from the management address of the anchor WLC. Your wireless clients are in a different subnet, so you would want to make sure that the appropriate rules are configured on the firewall for that subnet.

You could test this if you have another device on the guest subnet inside the firewall, if so, try pinging that from a wireless client.

-Pat

View solution in original post

pcroak · ‎09-22-2011

Hello Keith,

First, we should double check all of your WLAN settings between the Foreign and Anchor WLC. From the CLI "show wlan x" where x is the WLAN ID.

Next, we will want to capture a client debug while this devices tries to connect. We will want to capture this on both the foreign WLC and the anchor WLC:

debug client xx:xx:xx:xx:xx:xx

Where xx:xx... is the mac address of your test clients wireless interface. Please capture this output for further analysis.

Thanks,

-Patrick Croak

Wireless TAC

keith.k.quaye · ‎09-23-2011

I am pasting the debug and show wlan info below the first is for the foreign controller

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.09.23 07:51:16 =~=~=~=~=~=~=~=~=~=~=~=

*apfReceiveTask: Sep 22 23:30:29.265: 00:21:5d:a9:2b:a4 Deleting mobile on AP 08:17:35:31:1c:90(0)

*apfReceiveTask: Sep 23 12:51:08.488: 00:21:5d:a9:2b:a4 0.0.0.0 DHCP_REQD (7) DHCP Policy timeout. Number of DHCP request 0 from client

*apfReceiveTask: Sep 23 12:51:08.488: 00:21:5d:a9:2b:a4 0.0.0.0 DHCP_REQD (7) Pem timed out, Try to delete client in 10 secs.

*apfReceiveTask: Sep 23 12:51:08.488: 00:21:5d:a9:2b:a4 Scheduling deletion of Mobile Station: (callerId: 12) in 10 seconds

*osapiBsnTimer: Sep 23 12:51:18.488: 00:21:5d:a9:2b:a4 apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

*apfReceiveTask: Sep 23 12:51:18.488: 00:21:5d:a9:2b:a4 apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:21:5d:a9:2b:a4 on AP 08:17:35:31:1c:90 from Associated to Disassociated

*apfReceiveTask: Sep 23 12:51:18.488: 00:21:5d:a9:2b:a4 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds

*osapiBsnTimer: Sep 23 12:51:28.488: 00:21:5d:a9:2b:a4 apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

*apfReceiveTask: Sep 23 12:51:28.488: 00:21:5d:a9:2b:a4 apfMsAssoStateDec

*apfReceiveTask: Sep 23 12:51:28.488: 00:21:5d:a9:2b:a4 apfMsExpireMobileStation (apf_ms.c:5132) Changing state for mobile 00:21:5d:a9:2b:a4 on AP 08:17:35:31:1c:90 from Disassociated to Idle

*apfReceiveTask: Sep 23 12:51:28.489: 00:21:5d:a9:2b:a4 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [08:17:35:31:1c:90]

*apfReceiveTask: Sep 23 12:51:28.489: 00:21:5d:a9:2b:a4 Deleting mobile on AP 08:17:35:31:1c:90(0)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Adding mobile on LWAPP AP 08:17:35:31:1c:90(0)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Association received from mobile on AP 08:17:35:31:1c:90

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Applying site-specific IPv6 override for station 00:21:5d:a9:2b:a4 - vapId 1, site 'default-group', interface 'management'

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Applying IPv6 Interface Policy for station 00:21:5d:a9:2b:a4 - vlan 30, interface id 0, interface 'management'

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 START (0) Initializing policy

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 08:17:35:31:1c:90 vapId 1 apVapId 1for this client

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Not Using WMM Compliance code qosCap 00

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 08:17:35:31:1c:90 vapId 1 apVapId 1

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 apfMsAssoStateInc

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:21:5d:a9:2b:a4 on AP 08:17:35:31:1c:90 from Idle to Associated

*apfMsConnTask_7: Sep 23 12:51:30.795: 00:21:5d:a9:2b:a4 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds

*apfMsConnTask_7: Sep 23 12:51:30.796: 00:21:5d:a9:2b:a4 Sending Assoc Response to station on BSSID 08:17:35:31:1c:90 (status 0) ApVapId 1 Slot 0

*apfMsConnTask_7: Sep 23 12:51:30.796: 00:21:5d:a9:2b:a4 apfProcessAssocReq (apf_80211.c:5241) Changing state for mobile 00:21:5d:a9:2b:a4 on AP 08:17:35:31:1c:90 from Associated to Associated

*DHCP Socket Task: Sep 23 12:51:30.920: 00:21:5d:a9:2b:a4 DHCP received op BOOTREQUEST (1) (len 308,vlan 30, port 13, encap 0xec03)

*DHCP Socket Task: Sep 23 12:51:30.921: 00:21:5d:a9:2b:a4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'

*DHCP Socket Task: Sep 23 12:51:34.871: 00:21:5d:a9:2b:a4 DHCP received op BOOTREQUEST (1) (len 308,vlan 30, port 13, encap 0xec03)

*DHCP Socket Task: Sep 23 12:51:34.871: 00:21:5d:a9:2b:a4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmAnchorExportRequested'

*DHCP Socket Task: Sep 23 12:51:43.998: 00:21:5d:a9:2b:a4 DHCP received op BOOTREQUEST (1) (len 308,vlan 30, port 13, encap 0xec03)

*DHCP Socket Task: Sep 23 12:51:43.998: 00:21:5d:a9:2b:a4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmAnchorExportRequested'

*DHCP Socket Task: Sep 23 12:51:58.456: 00:21:5d:a9:2b:a4 DHCP received op BOOTREQUEST (1) (len 308,vlan 30, port 13, encap 0xec03)

WLAN Identifier.................................. 1

Profile Name..................................... calguest

Network Name (SSID).............................. calguest

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Radius-NAC State............................... Disabled

SNMP-NAC State................................. Disabled

Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 2

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ management

Multicast Interface.............................. Not Configured

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Bronze (background)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ Global Servers

Accounting.................................... Global Servers

Dynamic Interface............................. Disabled

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

Static WEP Keys............................... Disabled

802.1X........................................ Disabled

Wi-Fi Protected Access (WPA/WPA2)............. Disabled

CKIP ......................................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Enabled

H-REAP Local Switching........................ Disabled

H-REAP Local Authentication................... Disabled

H-REAP Learn IP Address....................... Enabled

Client MFP.................................... Optional but inactive (WPA2 not configured)

Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------

1 10.12.130.114 Up

******************

Next is for the anchor