cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5012
Views
30
Helpful
37
Replies

Guest Wireless Not working

Hi

I have two controllers running code 6.0.182 and one guest controller with same version.

I can see the tunnel UP(Both control and data path) in both controller.

Guest users are authenticated by web authentication.Suddenly guest users become too slow to access internet.Web authentication is successfull.But its too slow to access internet.Did anyone face the same issue.Pls reply me at the earliest.

Regards

Danish Ahammed

37 Replies 37

Hi Nicolas,

It was typo error , Vlan 40 and Vlan 1 are not on the same subnet.

I just want to know , if i need to create another default Gateway for Vlan 40 on SWITCH.

I know that there is only one default gateway per  AP, which i did. and i have the two Vlans configured already on AP.

My Question is what you mean by Bridging them ; "simply bridging them. One switch somewhere having a vlan interface for both vlan 1 and 40 and a dhcp pool for each subnet."

is it on Switch or AP. And How?

Dak

Hi,

Here you can follow a detailed config example for IOS AP with 2 VLANs, including the configuration on the L3 switch for the VLAN interfaces and dhcp pools:

http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.

Hope this helps.

Tiago

PS. Next time please open a discussion for your setup as it has nothing to do with the original post..The original post was for LWAPP deployment.

Yours is for Autonomous AP.

Hi,

I can not open link you sent " http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml. I will need Password to open it. Could you send me other link without Password ?

Dak

Hello ,

 I tried to configures int vlan 40 and enable it with "no shutdwon",

when i check on the interface , it is down dwon

 VLAN40                      10.0.0.18       YES NVRAM  administratively down down    .

Any Help

DAk

As any L3 VLAN, the VLAN needs to be configured on the switch and will only come up if you have it on an interface.

You need to create the vlan, create the vlan interface and add it to the allowed vlan list on the trunk where the AP is connected.

Have you gone through the document i suggested to you?

Did it helped?

Thanks,

Tiago

Hello Tiago,

I appriciate all your effort, i want you to know what i did already and if i am wrong in my configuration let me know  .

On SWITCH I created access Vlan for GUEST and Phone

Int fa0/12

Switchport mode  access

switchport  access vlan 40 >>>>> GUEST VLAN

switchport voice vlan 10 >>>>>>>Phone VLAN

spanning-tree portfast

still Int vlan 40 is still the same ( down down)

Incase  you want more information let me now. the switch is  Cisco 3548 XL

Hi,

Is that the config of the port where the AP is connected???

Why would you configure a switchport voice vlan there??

Where have you seen to configure an access port where you have the AP connected  on the document i sent you?

Can you just follow the document?

The config on the port where the AP is connected should be something like:

Switch#configure terminal
Switch#interface fastethernet 0/10
!−−− Enter the interface mode for Fast Ethernet 0/10
Switch#switchport mode trunk
!−−− Configure the switch port mode to trunk mode.
Switch#switchport trunk encapsulation dot1q
!−−− Configure the encapsulation on the switch port to dot1q.
Switch#switchport trunk native vlan x
!−−− Configure the native VLAN as VLAN x.
Switch#switchport trunk allowed vlan add 2,20,30
!−−− Configure the list of VLANs that are allowed on the trunk port.
Switch#switchport nonegotiate

Thanks,

Tiago

Tiago,

No that is not the port AP is going to be pluged in, the configuration was already there before think of AP .I just want to inform you that Guest network or Vlan is already defines in some port. I know that AP port need to be Trunk .which i did already and at the port i allowed all vlans.

Regards

dak

Ok, so are those interfaces up?

Can you share with us the output of "sh int status" and "sh vlan"?

Thanks,

Tiago

Hi,

I will get back to you latter , i am at different site.

Dak

Hello Tiago,

Here is all the info you requested for .But i have not plug AP into any port

are these

1    default                          active    Fa0/1, Fa0/3, Fa0/4, Fa0/6,

                                                Fa0/8, Fa0/10, Fa0/12, Fa0/13,

                                                Fa0/14, Fa0/17, Fa0/21, Fa0/22,

                                                Fa0/23

2    DATA_rfarafarrfa                 active

20   VOICE_voippppp                   active    Fa0/5, Fa0/15, Fa0/16, Fa0/18,

                                                Fa0/19, Fa0/24

21   VOICE_Prorama12                  active

50   Weada                            active    Fa0/7

51   VB_PErafaraf_1                   active    Fa0/9

40   GUEST                            active    Fa0/20

1002 fddi-default                     active

1003 token-ring-default               active

1004 fddinet-default                  active

1005 trnet-default                    active

===================================

Fa0/8                      notconnect   1          Auto    Auto 100BaseTX/FX

Fa0/9   XXXXXXXXXXXX1      connected    51         Full     100 100BaseTX/FX

Fa0/10                     notconnect   1          Auto    Auto 100BaseTX/FX

Fa0/11  PC + PHONE         connected    trunk    A-Full   A-100 100BaseTX/FX

Fa0/12                     notconnect   1          Auto    Auto 100BaseTX/FX

Fa0/13  CCCCCCCCCCCC       notconnect   1          Auto    Auto 100BaseTX/FX

Fa0/14  PPPPPPPPPPPPP      notconnect   1          Auto    Auto 100BaseTX/FX

Fa0/15  VOIP               connected    20         Full     100 100BaseTX/FX

Fa0/16  VOIP               connected    20         Full     100 100BaseTX/FX

Fa0/17  cravafabsbs nic 2  connected    1          Full   A-100 100BaseTX/FX

Fa0/18  VOIP               connected    20         Full     100 100BaseTX/FX

Fa0/19  top PC             notconnect   20         Auto    Auto 100BaseTX/FX

Fa0/20  VLAN 40 GUEST Inte notconnect   40        Auto    Auto 100BaseTX/FX

Port    Name               Status       Vlan     Duplex Speed   Type

=================================================
VLAN1                      10.10.1.1     YES NVRAM  up                    up
VLAN40                     10.20.40.1      YES manual administratively down down
FastEthernet0/1            unassigned      YES unset  up                    up
FastEthernet0/2            unassigned      YES unset  up                    up
FastEthernet0/3            unassigned      YES unset  down                  down
FastEthernet0/4            unassigned      YES unset  up                    up
.
I hope these infos are what you want?
Regards,

Hi,

So looking at your post it is clear why the VLAN is down...

The VLAN will only come up if the VLAN is active in any port of the switch.

And looking at the output, you only have VLAN 40 assigned to one interface, and that interface is not connected "Fa0/20  VLAN 40 GUEST Inte notconnect   40 " so untill you connect a device to this interface, it will always remain DOWN.

HTH,

Tiago

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

Thanks

i will get back to you . I am  on other site.

Regards,

Dak

Hi Tiago,

I just want to inform you that the AP can not connect to GUEST .  Here are the information for trouble shooting.

1.

Oct 18 14:17:03.120: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:17:30.080: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:17:30.141: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:04.439: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:04.606: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:05.650: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:10.229: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:42.313: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:46.923: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:04.485: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:18.970: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:19:34.492: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:20:20.041: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:20:50.049: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:01.792: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:21:31.799: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:45.636: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:22:15.647: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:22:34.543: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]

2. show ip int brief :

ocol
VLAN1                      10.21.48.44     YES NVRAM  up                    up >>>>>>>>>>> NATIVE VLAN

VLAN9                     unassigned      YES unset  administratively down down

VLAN40                     10.21.41.2      YES manual administratively down down>>>> GUEST VLAN

FastEthernet0/1            unassigned      YES unset  down                  down

FastEthernet0/2            unassigned      YES unset  down                  down

FastEthernet0/3            unassigned      YES unset  down                  down

FastEthernet0/4            unassigned      YES unset  down                  down

3. on AP show ip int brief

ocol
BVI1                       10.10.48.X      YES NVRAM  up                    up

Dot11Radio0                unassigned      YES NVRAM  up                    up

Dot11Radio0.1              unassigned      YES unset  up                    up

Dot11Radio0.30             unassigned      YES unset  up                    up

Dot11Radio0.40             unassigned      YES unset  up                    up

GigabitEthernet0           unassigned      YES NVRAM  up                    up

GigabitEthernet0.1         unassigned      YES unset  up                    up

GigabitEthernet0.40        unassigned      YES unset  up                    up

4. Trunk Port configure and AP install in Switch port as well

Building configuration..

Current configuration:
!
interface FastEthernet0/25
description TRUNK-to- GUEST Wireless
speed 100
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,1002-1005
switchport mode trunk
spanning-tree portfast
spanning-tree rootguard

5. Admin User can connect and browse internet ,but the Guest user can not connect.

This is where i need solution>

I read the pdf you sent, and my Configuration is nearly the same. except hat i used TACAC & Radius server.

Regards,

Dak

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: