03-14-2023 05:59 PM
Seeing an issue with a couple of clients(Apple and Windows) connecting to SSIDs with WPA2+WPA3 and 802.1x authentication. Have recently migrated to a new WLC9800 with 9130AX APs. Clients appear to connect to the AP but then disconnects. Does not get to the RUN state for policy manager state, does not get an IP and no log messages appearing in the ISE Radius logs. Any input would be great.
03-14-2023 07:56 PM
What does the authentication server say?
What firmware is the controller on?
03-15-2023 03:43 AM
03-15-2023 04:19 AM
Bounce the AP.
03-15-2023 01:16 AM
- You can debug clients with https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , client debugs can be analyzed with https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , also review the controller configuration with https://cway.cisco.com/tools/WirelessAnalyzer/ , this tool needs the output of CLI show tech wireless ,
M.
03-15-2023 05:36 AM - edited 03-15-2023 06:16 AM
- Besides reply already given , also not that you can do online monitoring for a particular client with :
monitor logging profile wireless filter mac <CLIENT MAC>
(issue the command first and then let the particular client connect to the SSID)
Note that if you know the AP the client is connecting to then on the particular AP you can also use this command :
show ap client-trace events mac <CLIENT MAC>
Appendix :
You can debug clients with https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , client debugs can be analyzed with https://cway.cisco.com/tools/WirelessDebugAnalyzer/ , also review the controller configuration with https://cway.cisco.com/tools/WirelessAnalyzer/ , this tool needs the output of CLI show tech wireless ,
M.
03-15-2023 06:47 AM
Don't use this unless you know that you are trying to transition to WPA3. This can cause issue with devices that do not support WPA3. WAP+WPA2 is what you should use.
03-15-2023 07:40 AM
WAP or WPA @Scott Fella lol (obviously WPA folks)?
More seriously though - like Scott says some devices and some older drivers get confused by the WPA3 IE's so make sure all drivers are 100% up to date for a start. Some devices that can't be updated will never work with WPA3 enabled.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide