I have configured flexconnect (central auth, local switching and is working perfectly fine). I have a WLAN with interface putting my users in the right VLAN switched locally.
But so far i had in WLAN advanced tab NAC state = none. I wanted to enable it to support CoA, quarantine etc. It took me some time to narrow down this problem, but it's 100% replicable, after enabling NAC state = ISE NAC:
- users can authenticate (802.1x) correctly
- users get the right address via DHCP (locally switched VLAN/dhcp server)
- arp is working fine
- but i have no IP connectivity (can not even ping default gateway)
When checking in Monitor/Clients everything looks to be the same including right VLAN.
Is that expected ? Why that is happening ? Maybe after enabling ISE NAC i need to configure some ACL for flexconnect ? (but i am not doing any BYOD/NAC yet, just want basic network connectivity still at this stage).
Could you please help ?
Solved! Go to Solution.
I have upgraded to 184.108.40.206.
And now for 1-2 hours both APs are constantly rebooting, downloading and rebooting (changing operational status from REG to downloading). Many many times (10+). Once REG i can see most of AP specific config is lost (like static ip or flexconnect vlan support). Also primary software version for those APs is always 220.127.116.11 - so it looks like those can not be upgrade to anything newer and stays on loop :(
It does not look good :(
Would you recommend 8.6 or 8.5 ?
(i am hitting bug: CSCvf52723 on 8.4 and it's fixed in 18.104.22.168, but that 8.6 version seems to not support my 2700 even if compatibility matrix says something different)
I have definitively stuck in limbo now. WLC: Primay image 8.6, secondary 8.5. For both of them my APs are in circle trying to upgrade and failing, getting back to 8.4 (for 3 hours now). Can i keep AP on 8.4 while WLC on 8.5 ?
Is it possible that AIR-CAP2702I-E-K9 do not support newer software ?
I can not download my old relatively stable 8.4 because it's deferred. What would you recommend now ?
Francesco, Thank for the help here.
I have finally managed to solve it:
- downgraded to 8.0 - that software was installed on both APs without issues, but had no flexconnect mode
- after that i have upgraded WLC to 8.5 and then both APs also got upgraded to 8.5 without issues, now i have flexconnect working
- and i have achieved my initial goal - bug with ISE NAC is fixed !
Thanks again a lot !