09-04-2012 02:37 AM - edited 07-03-2021 10:36 PM
I've set up a 2504 wlc and 3x 3602i access points.
The problem is that I'm only able to connect to the first SSID created (SSID1), not the second (SSID2) or third (SSID3)
If I delete all SSIDs and create SSID2 first, then it will work, but not SSID1 or SSID3.
SSID1 -> interface: wlaninternal (vlan5)
SSID2 -> interface: guest (vlan10)
SSID3 -> interface: mobile (vlan20)
I am able to see all SSIDs, but after entering password the clients says it's unable to connect.
All necessary settings has been added to the switches and firewall.
I'm currently using wlc software v7.3.101.0(ED) and have tried downgrading to 7.2.110.0(ED) and 7.1.91.0(ED), but still the problem remains.
Could I have accidentally changed a setting? What am I missing here? Appreciate all suggestions!
09-04-2012 04:32 AM
7.3 should work fine. Are you using ap groups at all, if so, check to make sure the wlan's are configured correctly in te ap groups. If you are not using ap groups, then can you attach your show run-config so we can take a look.
Sent from Cisco Technical Support iPhone App
09-04-2012 12:06 PM
09-04-2012 04:44 PM
Have you tried OPEN authentication of all the SSID?
Did you put the WLC in a LAG and assign all the SSID to the LAG or did you assign each SSID to each port?
What error message do you get when you try to join the other SSID?
09-05-2012 12:24 AM
I think I've tried SSID1 -> wpa2 and SSID2->Open auth, that didn't work. I'll try with Open auth on all SSIDs later, as I'm not onsite at the moment.
Lag is not supported on 2504 wlc. I'm just using a single port to the switch.
09-05-2012 02:36 AM
I think I've tried SSID1 -> wpa2 and SSID2->Open auth, that didn't work.
If OPEN authentication doesn't work then the problem rests squarely with the client.
Have you tried other clients?
09-04-2012 06:06 PM
What do you see when you run 'debug client (MAC address)' from the cli while trying to connect?
I agree with trying open auth.
Regards.
Aaron
09-05-2012 06:46 AM
I've been testing with one laptop, one windows phone and an iPad.
It seems there's something wrong with the laptop because when I used different one, it worked
Mobile clients however, still doesn't work.
I've attached the debug-client log. I used an iPad to log on. There definitely something happening at logon.
09-05-2012 01:04 AM
Chris:
I think (just guessing...) this issue is related to how you map your interfaces to the physical ports. You have 3 SSIDs each is on different VLAN and hence mapped to different interfaces. What is the mapping for the interfaces to the physical ports?
Also, how many physical ports are connected from the WLC to the neighbor switch?
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".
09-05-2012 01:56 AM
Everything goes through port 1. It's a small network, so I'm keeping the design simple. Only port 1 on wlc is connected to the switch, just like the scenario.
described here: http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml#scenario1
The only difference is that I'm using three vlans.
wlc port1:
-INT: mgmt/ap mgmt (vlan 249)
-INT: employees (vlan 248)
-INT: guest (vlan 247)
-INT: employees-mobile (vlan 246
ssid:
ssid1-> INT: employees
ssid2-> INT: guest
ssid3-> INT: employees-mobile
All trunk settings on relevant switches and firewall is correct. I've specified allowed vlans on trunk ports.
09-05-2012 05:56 AM
Are you testing with 1 client or multiple clients? If testing with just 1 client and Fast SSID change is disabled I could see that blocking your connection to the other SSIDs.
Again like Aaron mentioned above we need to see the debugs of the client attempting to connect.
09-06-2012 04:47 AM
I've tried with serveral PCs and mobile clients, and the problem seems to be resolved. Seems part of the problem was bad test clients (pc and mobile).
I've also enabled Fast SSID change the WLC, which seems to have resolved the problem regarding some mobile clients not being able to connect.
Thank you to everyone for your help!
09-06-2012 05:52 AM
Good to know you found the issue. It's always good to have multiple devices for testing as you have experienced. I always bring multiple devices that I know works when I perform my testing on installs I have done.
Fast SSID change helps if you switch from one SSID to another, but in most cases you don't want to have a client be able to connect to more than one SSID. Having multiple WLAN profiles in a device might cause you headaches if the device connects to a different SSID that breaks an application they are running because the vlan they are put in has acl's that block certain traffic.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide