Hi Sandeep.

thanks for answer. I check the setup and its ok with the doc and you tip

Following a debugg with a mobile device (ipad) that I didn´t add the mac-address to the local database at wlc.

Could you please take a look and tell me with something wrong???

(Cisco Controller) >*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a Association received from mobile on AP 58:97:1e:e8:ae:80
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1633)
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a Applying site-specific IPv6 override for station 54:e4:3a:c3:37:8a - vapId 17, site 'PEIXOTO', interface 'nova_visitantes'
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a Applying IPv6 Interface Policy for station 54:e4:3a:c3:37:8a - vlan 202, interface id 14, interface 'nova_visitantes'
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a Applying site-specific override for station 54:e4:3a:c3:37:8a - vapId 17, site 'PEIXOTO', interface 'nova_visitantes'
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1633)
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Applied RADIUS override policy
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Replacing Fast Path rule
  type = Airespace AP Client
  on AP 58:97:1e:e8:ae:80, slot 1, interface = 29, QOS = 0
  ACL Id = 255, Jumbo Frames = N
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 5006  IPv6 Vlan = 202, IPv6 intf id = 14
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) DHCP required on AP 58:97:1e:e8:ae:80 vapId 17 apVapId 9for this client
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Plumbed mobile LWAPP rule on AP 58:97:1e:e8:ae:80 vapId 17 apVapId 9
*apfMsConnTask_0: Mar 26 11:49:41.214: 54:e4:3a:c3:37:8a 10.203.78.77 RUN (20) Change state to RUN (20) last state RUN (20)

*apfMsConnTask_0: Mar 26 11:49:41.216: 54:e4:3a:c3:37:8a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 54:e4:3a:c3:37:8a on AP 58:97:1e:e8:ae:80 from Associated to Associated

*apfMsConnTask_0: Mar 26 11:49:41.216: 54:e4:3a:c3:37:8a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Mar 26 11:49:41.216: 54:e4:3a:c3:37:8a Sending Assoc Response to station on BSSID 58:97:1e:e8:ae:80 (status 0) ApVapId 9 Slot 1
*apfMsConnTask_0: Mar 26 11:49:41.216: 54:e4:3a:c3:37:8a apfProcessAssocReq (apf_80211.c:5276) Changing state for mobile 54:e4:3a:c3:37:8a on AP 58:97:1e:e8:ae:80 from Associated to Associated

*pemReceiveTask: Mar 26 11:49:41.226: 54:e4:3a:c3:37:8a 10.203.78.77 Added NPU entry of type 1, dtlFlags 0x0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.234: 54:e4:3a:c3:37:8a DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 29, encap 0xec03)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP selecting relay 1 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP selected relay 1 - 10.203.0.1 (local address 10.203.0.10, gateway 10.203.0.1, VLAN 202, port 29)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP transmitting DHCP REQUEST (3)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   xid: 0x2cf044d6 (753943766), secs: 0, flags: 0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   chaddr: 54:e4:3a:c3:37:8a
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   siaddr: 0.0.0.0,  giaddr: 10.203.0.10
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.235: 54:e4:3a:c3:37:8a DHCP   requested ip: 10.203.78.77
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.236: 54:e4:3a:c3:37:8a DHCP sending REQUEST to 10.203.0.1 (len 350, port 29, vlan 202)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.236: 54:e4:3a:c3:37:8a DHCP selecting relay 2 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.203.0.10  VLAN: 202
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.236: 54:e4:3a:c3:37:8a DHCP selected relay 2 - NONE
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.237: 54:e4:3a:c3:37:8a DHCP received op BOOTREPLY (2) (len 308,vlan 202, port 29, encap 0xec00)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.237: 54:e4:3a:c3:37:8a DHCP setting server from ACK (server 10.203.0.1, yiaddr 10.203.78.77)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.237: 54:e4:3a:c3:37:8a DHCP sending REPLY to STA (len 414, port 29, vlan 0)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP transmitting DHCP ACK (5)
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP   xid: 0x2cf044d6 (753943766), secs: 0, flags: 0
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP   chaddr: 54:e4:3a:c3:37:8a
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.203.78.77
*DHCP Proxy DTL Recv Task: Mar 26 11:49:41.238: 54:e4:3a:c3:37:8a DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0

Regards

Can you paste the output of:

sh wlan <wlan id>.

also check  your private message.

Regards

here the output

(Cisco Controller) >show wlan ?

<WLAN id>      Displays the configuration of a WLAN.
apgroups       Display all AP Groups information defined in the system.
foreignAp      Displays the configuration for support of Foreign Access Points.
summary        Displays a summary of all WLANs.

(Cisco Controller) >show wlan 17

WLAN Identifier.................................. 17
Profile Name..................................... WIFI_MACFILTER
Network Name (SSID).............................. HSLMACFILTER
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control

  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 1
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ nova_visitantes
Multicast Interface.............................. Not Configured

--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled

--More-- or (q)uit
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security

   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Disabled
   CKIP ......................................... Disabled
   IP Security................................... Disabled
   IP Security Passthru.......................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Local Authentication................... Disabled
   H-REAP Learn IP Address....................... Enabled
   Client MFP.................................... Optional but inactive (WPA2 not configured)
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled

--More-- or (q)uit
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------

(Cisco Controller) >?

clear          Clear selected configuration elements.
config         Configure switch options and settings.
debug          Manages system debug options.
eping          Send Ethernet-over-IP echo packets to a specified mobility peer IP address.
help           Help
linktest       Perform a link test to a specified MAC address.
logout         Exit this session. Any unsaved changes are lost.
mping          Send Mobility echo packets to a specified mobility peer IP address.
ping           Send ICMP echo packets to a specified IP address.
reset          Reset options.
save           Save switch configurations.
show           Display switch options and settings.
test           Test trigger commands
transfer       Transfer a file to or from the switch.

(Cisco Controller) >

Regards