Solved: Managing Multiple WLANs / Subnets via EWC on Catalyst Access Points

derrick.moeller · ‎04-26-2023

We have an existing C9120-AXE installation, this installation supports a single WLAN on a single subnet that is the same subnet as the EWC. All APs and clients are statically addressed. This WLAN is operating as expected.

At the same site, I am attempting to add a second WLAN on a different subnet from the EWC. We have purchased C9130-AXI APs for this installation. I have added the APs to the EWC and assigned relevant Tags without issue. Again all APs and clients are statically addressed.

Both WLANs use [WPA2][PSK][AES] security, the issue I am having is that clients cannot connect to the second WLAN. Clients report various error messages depending on OS. e.g. "Incorrect Password", "Authentication Failed"

If I make a copy of the AP Join Profile and select it in the Site Tag, a client will connect and stay connected until it's session expires. It will not be able to reconnect unless I revert to the original AP Join Profile. This can be replicated repeatedly, by switching between the copy and the original.

This behavior is seen in 17.3.4, 17.6.5, and 17.9.3. Is this some sort of bug, or is there some nuance to this configuration that I have overlooked?

derrick.moeller · ‎04-27-2023

I'm not sure what was causing the behavior, but it doesn't appear to have been related to the configuration. I restarted the POE switch that was powering the APs (and the EWC), when the EWC came back up both WLANs were working.

View solution in original post

derrick.moeller · ‎04-26-2023

An additional observation. I'm not sure what it means, but if I disable security on the second WLAN or change it to [WPA3][SAE][AES] the clients believe they are connected but do not appear on the dashboard, cannot be pinged, and cannot access network services. Would have to test if it's a permanent condition, or just until the session times out.

marce1000 · ‎04-26-2023

- Have a checkup-review of your EWC controller configuration with the CLI command : show tech wireless , have the output analyzed with : https://cway.cisco.com/wireless-config-analyzer
Checkout all advisories!

>...Both WLANs use [WPA2][PSK][AES] security, the issue I am having is that clients cannot connect to the second WLAN. Clients report various error messages depending on OS. e.g. "Incorrect Password", "Authentication Failed"
Use the mentioned commands in https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , for troubleshooting , you can have client debugs processed with : https://cway.cisco.com/wireless-debug-analyzer/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

derrick.moeller · ‎04-27-2023

I'm not sure what was causing the behavior, but it doesn't appear to have been related to the configuration. I restarted the POE switch that was powering the APs (and the EWC), when the EWC came back up both WLANs were working.

Scott Fella · ‎04-27-2023

Keep that fix handy in case that switch causes issues in the future.

-Scott
*** Please rate helpful posts ***