Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
4
Helpful
10
Replies

Mobile phones dont get internet access through WLC-5508

pramodlbs92
Level 1
Level 1

‎04-26-2023 05:22 AM

Hey all-

I have a WLC 5508 on my network.  Recently mobile phones can connect to the wireless network and obtain a valid IP address.  This IP is pingable from a workstation anywhere else on the network and we are able to ping internal interface of router from mobile phone but we are not able to ping outside interface of router. However, these phones will not display web pages.  They come up page cannot be displayed.  I even tried putting Google's IP address in the phone's browser and it still did not display.  I can connect through the same WLAN via a laptop or iPad.  These devices have no problem displaying web pages. Laptops connect and display web pages and smart phones connect, gain IP but do not display web pages.  Comes up page cannot be displayed.  This matters not whether its an iPhone or Android platform.

 

Any ideas on where to go from here?  I appreciate your help and feedback in advance.

Thanks,

Pramod

Labels:
0 Helpful
10 Replies 10

Flavio Miranda
VIP
VIP

‎04-26-2023 05:31 AM

Hello,

 Which authentication method do you use on this WLAN ?

Do you have proxy on your network? 

If you change the authentication method to PSK (Considering it is not yet), which result you get? 

When you use the laptop or iPad do you ping the router's outside interface just fine? 

 When connecting on this WLAN, both laptop and Phone gets IP address on the same range? 

pramodlbs92
Level 1
Level 1
In response to Flavio Miranda

‎04-26-2023 09:52 PM

Hi Favio,

I am using PSK authentication method only. When I am connecting Laptop I am able to ping outside interface of router and everything is working fine but when  I am trying to ping outside interface of router with phone it is failed. Phones are pingable from laptop connected to WLAN and WLC. Laptops and phones are getting ip address on the same range with correct dns.

Problem is with android phones only.

I have not implemented any mac filtering policy. there is only one VLAN and only one WLAN configured on WLC, NAT and dhcp server is configured on router.

0 Helpful

Flavio Miranda
VIP
VIP
In response to pramodlbs92

‎04-28-2023 12:51 AM

And no proxy on the network? Proxy could explain if the Android have not configured. 

 Another possibility could be something related to the Android device and not the network. 

 

marce1000
Hall of Fame
Hall of Fame
In response to Flavio Miranda

‎04-28-2023 01:56 AM - edited ‎04-28-2023 01:57 AM

 

      @Flavio Miranda    >...something related to the Android device and not the network. 
      - Indeed  that's the reason why poster my want to engage in client debugging : https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/100260-wlc-debug-client.html   , client debugs can be processed and analyzed with https://cway.cisco.com/wireless-debug-analyzer and don't forget to consider using https://software.cisco.com/download/specialrelease/8f166c6d88b9f77aabb63f78affa9749

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000
Hall of Fame
Hall of Fame

‎04-26-2023 05:31 AM

 

 - Since now the 5508 is getting rather old it is  becoming always advisable to use the last release that it can still run  : https://software.cisco.com/download/specialrelease/8f166c6d88b9f77aabb63f78affa9749 , for the rest use client debugging as explained in https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/100260-wlc-debug-client.html , you can have client debugs processed and analyzed with : https://cway.cisco.com/wireless-debug-analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

przemyslaw.wieczorek
Level 1
Level 1

‎04-26-2023 05:35 AM

Do you authenticate only via PSK only or you also with ISE or maybe you are doing MAC filtering somewhere? You need to keep in mind that phones use Private MAC so different MAC per WLAN.
When you connects to WLAN with phone do you get all details from DHCP (with DNS)? Try to enter DNS manually on your phone to 8.8.8.8 or 1.1.1.1 and check again.

0 Helpful

pramodlbs92
Level 1
Level 1
In response to przemyslaw.wieczorek

‎04-27-2023 11:31 PM

We are using PSK authentication method only. No MAC filtering policy is enabled. all the android clients are getting correct ip address and dns.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-26-2023 06:04 AM

What is the model of the APs and what is the firmware of the WLC?

0 Helpful

pramodlbs92
Level 1
Level 1
In response to Leo Laohoo

‎04-27-2023 11:26 PM

Hi Leo,

We are using two models of AP: 1- AIR-LAP1262-A-K9, AIR-CAP1602I-N-K9 and WLC-5508-K9 with software version-8.0.121.0

0 Helpful

Rich R
VIP
VIP
In response to pramodlbs92

‎04-28-2023 07:27 AM

The 1260 APs have been end of support since 2018:
https://www.cisco.com/c/en/us/obsolete/wireless/cisco-aironet-1260-series.html
AireOS 8.0 has also been end of support since 2018:
https://www.cisco.com/c/en/us/products/collateral/wireless/8540-wireless-controller/eos-eol-notice-c51-739984.html

So you are running VERY old software - it's not even the latest release of 8.0!

Given this diabolical state of affairs (not really surprising you're having problems) your options are limited.  You should upgrade to at least 8.3.150.0 but be aware that you will encounter problems due to the field notices below so you will need to implement workarounds for that - both config and time settings - follow the field notice instructions carefully, step by step.

Failing that you can try rebooting your controller and all APs - it might help.

Also get simultaneous packet captures of the traffic from the AP switch port, and also the controller in from the AP and out to the router (or at the router).  Then you'll see where the packets are getting dropped or blocked and that might help you understand what the problem is.

You should also seriously consider upgrading to supported, modern equipment.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card