Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
5
Helpful
4
Replies

Solved: 9120AIX and EWC 17.7: VLAN1 and no WLAN connection

Tenere
Level 1
Level 1

‎08-18-2022 12:56 PM - edited ‎09-06-2022 11:56 PM

Hello there,

in my homelab I play with a Catalyst 9120AIX and EWC 17.7.

I configured a WLAN on VLAN1 and configured a Policy Profile. Under "Advanced" I entered a DHCP server IP adress from which the client should receive an IP address.

The client cannot connect to the WLAN and get the message "invalid passwort" even if the password is definitely correct ("12345678").

On one occasion (I have to admit I have no idea what was different) I had a connect but there was no IP from DHCP server. A wired client got an IP. I configured the DHCP server address in the Policy Profile but without success.

WLANs wit internal DHCP server and different VLANs are working properly.

I'm grateful for any hints.

 

Regards,

Joerg

 

0 Helpful
4 Replies 4

Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-19-2022 04:56 AM

17.7 is not a stable code, consider downgrading to either 17.6.3 or 17.3.5.

Then what authentication have you enabled under the WLAN profile? Do you have FT enabled? Do you have PMF enabled? If yes disable both options and try. Can you sanitize and paste the wlan, policy, flex profiles. It is not recommended configuring DHCP server IP under the policy profile. You can refer the below document from Cisco for better configuration guidelines

https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/17-6/config-guide/ewc_cg_17_6.html

Connecting switchport must be trunk with native vlan set as the management VLAN. All EWC AP's behave similar to Flexconnect AP's (only local switching)

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Rich R
VIP
VIP

‎08-19-2022 08:47 AM - edited ‎08-19-2022 08:48 AM

"I configured the DHCP server address in the Policy Profile"
Why? If the DHCP server is on the local VLAN there's no need to do DHCP relay.  Or is your DHCP server remote?  And if it is then does the AP have a route to get to it?

Agreed with Leo - fall back to 17.6.3 (soon 17.6.4) or try 17.9.1 which is the next extended support release (which I have my home 9120 EWC running on now).

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Tenere
Level 1
Level 1
In response to Rich R

‎09-06-2022 12:41 AM

Hi there and sorry for the delayed reply. Real life (aka 19month old kid) messes with my spare time

"Why? If the DHCP server is on the local VLAN there's no need to do DHCP relay. Or is your DHCP server remote? And if it is then does the AP have a route to get to it?"

Because it didn't worked in first place with no DHCP server entry...

I now switched to C9800 17.9.1 and have similar problems. This seems to hint that I have a general config problem.

What did I do:

  • Setup C9800-CL on ESXi
  • connected all interfaces (for testing) to a vSwitch with VLAN 4095 (aka all VLANs allowed) configured
  • assigned IP to GE1, no IP for GE2 and GE3 (VLAN1 for management and data)
  • setup VLANs and setup SVI for VLANs (20, 30 and 100); VLAN1 SVI is not assigned and operational down (because of no assigned IP address? Can't assign IP in same subnet like GE1 (subnet overlap))
  • setup a WLAN for VLAN1 via Configuration -> Wireless -> Advanced, result is that wireless clients stuck in "IP learn"; DHCP server is in same subnet like GE1; hands out IPs for old vWLC 8.3.150 perfectly
  • setup WLAN with internal DHCP on VLAN100; result: working like a charm
  • setup WLAN (exactly like WLAN on VLAN100) on VLAN 20; result: not working ("IP learn")
  • VLANs 20, 30, 100 and GE1 can ping from CL9800 through all switches to router and 8.8.8.8

Especially since the setup for the WLANs and VLAN 20 and 100 are identical, I have no idea what is missing.

 

I appreciate ANY hints and help.

Thanks in advance,

Joerg

 

0 Helpful

Tenere
Level 1
Level 1

‎09-06-2022 11:56 PM

Hi all,

thanks for your hints,

I just deleted the whole VM and setup a clean installation. Now it works nearly without glitch.

 

Thanks again

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card