Thanks for the link!
I went through the article, and the first problem I am having is on the guest network- I need the wireless client to obtain its IP from the WLC. Right now, it never gets the IP- it ends up with something in the 169.254.0.0/16 space. The link does not have the internal DHCP config, which is what I need to get started... any additional resources that might be helpful here? Also, I am using 8.5.140..... should I be using a newer software version on the WLC/WAP's?
Here is a dump of the dhcp debug on the WLC for this client:
(Cisco Controller) >debug client 78:88:6d:2d:96:ab
(Cisco Controller) >*IPv6_Msg_Task: Aug 28 11:19:29.204: 78:88:6d:2d:96:ab Link Local address fe80::c40:9cb3:3646:9f2 updated to mscb. Not Advancing pem state.C urrent state: mscb in apfMsMmInitial mobility state and client state APF_MS_STAT E_ASS
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP received op BOOTR EQUEST (1) (len 308,vlan 0, port 1, encap 0xec03, xid 0x210833cb)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP (encap type 0xec0 3) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selected relay 1 - 192.168.1.68 (local address 192.168.111.2, gateway 192.168.111.1, VLAN 11, por t 3)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 192.168.111.2, gateway 192.168.111. 1, VLAN 11, port 3)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selected relay 1 - 192.168.1.68 (local address 192.168.111.2, gateway 192.168.111.1, VLAN 11, por t 3)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP op: BOOTREQUEST , htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP xid: 0x210833cb (554185675), secs: 59, flags: 0
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP chaddr: 78:88:6 d:2d:96:ab
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP ciaddr: 0.0.0.0 , yiaddr: 0.0.0.0
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP siaddr: 0.0.0.0 , giaddr: 192.168.111.2
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP sending REQUEST t o 192.168.111.1 (len 374, port 3, vlan 11)
*DHCP Socket Task: Aug 28 11:19:29.831: 78:88:6d:2d:96:ab DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*apfOpenDtlSocket: Aug 28 11:19:32.849: 78:88:6d:2d:96:ab Received management fr ame DISASSOC on BSSID c4:b3:6a:a4:db:ac destination addr c4:b3:6a:a4: db:ac
*apfMsConnTask_2: Aug 28 11:19:32.849: 78:88:6d:2d:96:ab Got disassoc frame from 78:88:6D:2D:96:AB BSSID= C4:B3:6A:A4:DB:A0 reasoncode = 8 dataLen = 14
*apfMsConnTask_2: Aug 28 11:19:32.849: 78:88:6d:2d:96:ab Apple_IE: Subtype = 2 V ersion = 1 Reason = 8, Subreason = 0
*apfMsConnTask_2: Aug 28 11:19:32.849: 78:88:6d:2d:96:ab MS Associated AP c4:b3: 6a:a4:db:a0 slot 1 MFP Disabled , 11w Disabled
*apfMsConnTask_2: Aug 28 11:19:32.849: 78:88:6d:2d:96:ab Ignoring received Disso c frame on AP c4:b3:6a:a4:db:a0 slot 1
*apfOpenDtlSocket: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Received management fr ame ASSOCIATION REQUEST on BSSID c4:b3:6a:a4:a6:43 destination addr c4:b3:6a:a4 :a6:43
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Updating 11r vendor IE
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Processing assoc-req st ation:78:88:6d:2d:96:ab AP:c4:b3:6a:a4:a6:40-00 ssid : Visitors thread:1e0e97a0
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB trying to join WLAN with RSSI -28. Checking for XOR roam conditions on AP: C4:B3:6A:A4:A6:40 Slot: 0
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB is associating to AP C4:B3:6A:A4:A6:40 which is not XOR roam capable
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Client AVC Roaming cont ext transfer needed? NO
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Setting RTTS enabled to 0
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Association received fr om mobile on BSSID c4:b3:6a:a4:a6:4c AP USMDWAP01
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB trying to join WLAN with RSSI -28. Checking for XOR roam conditions on AP: C4:B3:6A:A4:A6:40 Slot: 0
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB is associating to AP C4:B3:6A:A4:A6:40 which is not XOR roam capable
*apfMsConnTask_7: Aug 28 11:19:39.412: 78:88:6d:2d:96:ab Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Max Client Trap Thresho ld: 0 cur: 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Applying Interface(gues t) policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 11
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Re-applying interface p olicy for client
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Changi ng IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy. c:3091)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Changi ng Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255),Default action is '0' -- - (caller apf_policy.c:3111)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Changi ng IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy. c:3132)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Values before applying NASID - interfacetype:3, ovrd:0, mscb nasid:, interface nasid:, APgrpset:0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab apfApplyWlanPolicy: App ly WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Check before Setting th e NAS Id to WLAN specific Id ''
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Check the client SGT 0 policy and push it to AP c4:b3:6a:a4:a6:40
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab In processSsidIE:6903 s etting Central switched to TRUE
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab In processSsidIE:6906 a pVapId = 4 and Split Acl Id = 65535
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Applying site-specific Local Bridging override for station 78:88:6d:2d:96:ab - vapId 4, site 'default-g roup', interface 'guest'
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Applying Local Bridging Interface Policy for station 78:88:6d:2d:96:ab - vlan 11, interface id 10, inte rface 'guest', nasId:''
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab processSsidIE statusCo de is 0 and status is 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab processSsidIE ssid_don e_flag is 0 finish_flag is 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab STA - rates (8): 130 13 2 139 150 36 48 72 108 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab suppRates statusCode i s 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab STA - rates (12): 130 1 32 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab extSuppRates statusCod e is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab pemApfDeleteMobileStati on2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab the value of url acl pr eserve flag is 1 for mobile 78:88:6d:2d:96:ab (caller pem_api.c:4922)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Delete d mobile LWAPP rule on AP [c4:b3:6a:a4:db:a0]
*pemReceiveTask: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 Removed NPU entr y.
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Succesfully freed AID 1 , slot 1 on AP c4:b3:6a:a4:db:a0, #client on this slot 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab New ctxOwnerMwarIp: 19 2.168.3.68 New ctxOwnerApMac: C4:B3:6A:A4:A6:40 New ctxOwnerApEthMac: C4:B3:6A :A4:20:88 New ctxOwnerApSlotId: 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Updated location for st ation old AP c4:b3:6a:a4:db:a0 oldSlot 1, new AP c4:b3:6a:a4:a6:40 newSlot 0, AI D 0 MsType 0 MobilityRole 1
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Assigning flex webauth ACL ID :65535 for vlan : 4
*spamApTask7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Setting DEL_MOBILE (seqno 0 , action 6) ack state for STA on AP c4:b3:6a:a4:db:a0
*spamApTask7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Delete Mobile request on sl ot 1 sent to the AP c4:b3:6a:a4:db:a0 IP: 192.168.3.88:5248
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Allocate AID 1 slot 0 o n AP USMDWAP01 #clients on this slot 1
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Applie d RADIUS override policy
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP c4:b3:6a:a4:a6:40, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID = 255, L
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Fast P ath rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206, IntfId = 10 Local Br idging Vlan = 11, Local Bridging intf id = 10
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Fast P ath rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Fast P ath rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Fast P ath rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Succes sfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255,URL ACL ID 255,URL ACL Action 0)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Not Using WMM Complianc e code qosCap 00
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab flex webauth acl id to be sent when fabric is disabled:65535
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab flex webauth acl id to be sent :65535 name : client acl id : 65535
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Vlan while overriding t he policy = -1
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab sending to spamAddMobil e vlanId -1 aclName = , flexAclId 65535
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Plumbe d mobile LWAPP rule on AP c4:b3:6a:a4:a6:40 vapId 4 apVapId 4 flex-acl-name:
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab 0.0.0.0 RUN (20) Change state to RUN (20) last state RUN (20)
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab spamSendFabricClientReg istration: Not sending Registration for Fabric client 78:88:6d:2d:96:ab, primary and secondary MS IP is zero
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab apfPemAddUser2 (apf_pol icy.c:423) Changing state for mobile 78:88:6d:2d:96:ab on AP c4:b3:6a:a4:a6:40 f rom Associated to Associated
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab apfPemAddUser2:session timeout forstation 78:88:6d:2d:96:ab - Session Tout 1800, apfMsTimeOut '1800' an d sessionTimerRunning flag is 0
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Func: apfPemAddUser2, M s Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_7: Aug 28 11:19:39.413: 78:88:6d:2d:96:ab Sending assoc-resp with status 0 station:78:88:6d:2d:96:ab AP:c4:b3:6a:a4:a6:40-00 on apVapId 4
*apfMsConnTask_7: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab Sending Assoc Response (status: '0') to station on AP USMDWAP01 on BSSID c4:b3:6a:a4:a6:43 ApVapId 4 Sl ot 0, mobility role 1
*apfMsConnTask_7: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab apfProcessAssocReq (apf _80211.c:11962) Changing state for mobile 78:88:6d:2d:96:ab on AP c4:b3:6a:a4:a6 :40 from Associated to Associated
*pemReceiveTask: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x0
*spamApTask1: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab Add SGT:0 to AP c4:b3:6a:a4 :a6:40
*spamApTask1: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab Add CTS mobile SGT - Encode d the capwap payload for the mobile with SGT 0
*pemReceiveTask: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab Pushing IPv6: fe80:0000: 0000:0000:0c40:9cb3:3646:09f2 , intfId:10 and MAC: 78:88:6D:2D:96:AB , Binding t o Data Plane. SUCCESS !!
*spamApTask1: Aug 28 11:19:39.414: 78:88:6d:2d:96:ab Successful transmission of LWAPP Add-Mobile to AP c4:b3:6a:a4:a6:40
*spamApTask7: Aug 28 11:19:39.416: 78:88:6d:2d:96:ab apfUpdateDeleteAckInMscb (a pf_api.c:54210) Expiring Mobile!
*apfOpenDtlSocket: Aug 28 11:19:39.419: 78:88:6d:2d:96:ab Received management fr ame ACTION on BSSID c4:b3:6a:a4:a6:43 destination addr c4:b3:6a:a4: a6:43
*apfMsConnTask_7: Aug 28 11:19:39.419: 78:88:6d:2d:96:ab Received management act ion frame (category code:5) from the client.
*apfMsConnTask_7: Aug 28 11:19:39.419: 78:88:6d:2d:96:ab Found RM action categor y code
*apfMsConnTask_7: Aug 28 11:19:39.419: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB sent 802.11K neighbor request to AP C4:B3:6A:A4:A6:40
*apfMsConnTask_7: Aug 28 11:19:39.419: 78:88:6d:2d:96:ab Station: 78:88:6D:2D:9 6:AB requested neighbors on non XOR roam capable AP C4:B3:6A:A4:A6:40 Slot 0
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP received op BOOTR EQUEST (1) (len 308,vlan 0, port 1, encap 0xec03, xid 0x210833cc)
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP (encap type 0xec0 3) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP selected relay 1 - 192.168.1.68 (local address 192.168.111.2, gateway 192.168.111.1, VLAN 11, por t 3)
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.111.2 VLAN: 11
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 192.168.111.2, gateway 192.168.111. 1, VLAN 11, port 3)
*DHCP Socket Task: Aug 28 11:19:39.491: 78:88:6d:2d:96:ab DHCP selecting relay 1 - control block settings: