Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
35
Helpful
15
Replies

SSID Connected, not internet

lAhmed Saadl
Level 1
Level 1

‎01-19-2023 05:53 AM

Dears,

Appreciate your support, as I am facing a weird case. I had a configured SSID for guest users on all of APs that was working normally. Suddenly yesterday, when clients tried to join to it, they got an IP address. but still can't reach the internet.

I can trace the IP which user got. It passes through the firewall to the GW with no issue. no change had happened to VLAN or Interface assigened to this SSID.

 

 Security Policies: [WPA2][Auth(PSK)]

the starange thing here, is while I try to uncheck status or even uncheck Brodcast SSID, it still appears, and clients see it and join it ,too.

0 Helpful
15 Replies 15

marce1000
VIP
VIP

‎01-19-2023 06:03 AM

 

  - Are you using a controller ? And or what is the model and software version ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

lAhmed Saadl
Level 1
Level 1
In response to marce1000

‎01-19-2023 06:08 AM

Hello Marce, 

Yes. WLC 5520 series. Software of 8.10.171.0

0 Helpful

marce1000
VIP
VIP
In response to lAhmed Saadl

‎01-19-2023 06:38 AM

 

                           >...Yes. WLC 5520 series. Software of 8.10.171.0
   Have a checkup of the controller configuration, for that you need the output of the show run-config command (with no prompts in between) , and have it parsed by : https://cway.cisco.com/wireless-config-analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

lAhmed Saadl
Level 1
Level 1
In response to marce1000

‎01-19-2023 06:53 AM

Hello again Mace,

I did the checkup, found some errors that maybe irrelevant. Could you please advise about what should I need to pay attention to in the result?

0 Helpful

marce1000
VIP
VIP
In response to lAhmed Saadl

‎01-19-2023 07:56 AM

 

              >....Could you please advise about what should I need to pay attention to in the result?
                                       - Attach the result  to your next reply , 

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

lAhmed Saadl
Level 1
Level 1
In response to marce1000

‎01-22-2023 04:49 AM - edited ‎01-22-2023 09:48 AM

Hello Marc,

Please find the attached file. Also I have notice something strange when I uninstall NIC and install it again it gets ip 10.50.X.X and everything works well, but after some time it gets ip of 10.200.x.x which has no internet capability. Please note there is no ISE configured 

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni
In response to lAhmed Saadl

‎01-30-2023 03:53 PM

Looks like you have a rogue DHCP server in your network. I would first make sure that the rogue DHCP server is eliminated. If your switch supports check the possibility of using DHCP/ARP snooping.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

lAhmed Saadl
Level 1
Level 1
In response to marce1000

‎01-19-2023 06:31 AM

It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!

0 Helpful

marce1000
VIP
VIP
In response to lAhmed Saadl

‎01-19-2023 06:36 AM

 

  >It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!
           - You may need to press an apply button or likewise in the GUI before the setting becomes effective,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

lAhmed Saadl
Level 1
Level 1
In response to marce1000

‎01-19-2023 06:39 AM

Yes. I did that, but it didn't work. still broadcasting. Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.

0 Helpful

marce1000
VIP
VIP
In response to lAhmed Saadl

‎01-22-2023 08:24 AM

 

  >... Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.
       - These observations are not normal and or not experienced by other users when using a wireless controller : I would suggest to backup the configuration and configure it from scratch again according to your purposes , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ammahend
VIP
VIP

‎01-22-2023 06:49 PM

Can you resolve dns ? 

-hope this helps-
0 Helpful

lAhmed Saadl
Level 1
Level 1

‎01-22-2023 07:40 PM

Dears,

Appreciate your remarkable support, and suggestions. Issue solved by reconfiguring it again. Also I'd like to mention that DNS point is a good point, too.

Rich R
VIP
VIP

‎01-29-2023 06:50 AM

- Consider a rogue AP broadcasting the same SSID?
- Consider an AP that might have ME - Mobility Express (Wave 2 APs) - or EWC - Embedded Wireless Controller (Catalyst 91xx APs) which might be acting as WLC on local subnet

- Update your WLC to latest code (currently 8.10.183.0) to eliminate possible bugs which may have been resolved since 8.10.171.0

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card