Re: SSID Connected, not internet

lAhmed Saadl · ‎01-19-2023

Dears,

Appreciate your support, as I am facing a weird case. I had a configured SSID for guest users on all of APs that was working normally. Suddenly yesterday, when clients tried to join to it, they got an IP address. but still can't reach the internet.

I can trace the IP which user got. It passes through the firewall to the GW with no issue. no change had happened to VLAN or Interface assigened to this SSID.

Security Policies: [WPA2][Auth(PSK)]

the starange thing here, is while I try to uncheck status or even uncheck Brodcast SSID, it still appears, and clients see it and join it ,too.

Mark Elsen · ‎01-19-2023

- Are you using a controller ? And or what is the model and software version ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl · ‎01-19-2023

Hello Marce,

Yes. WLC 5520 series. Software of 8.10.171.0

Mark Elsen · ‎01-19-2023

>...Yes. WLC 5520 series. Software of 8.10.171.0
Have a checkup of the controller configuration, for that you need the output of the show run-config command (with no prompts in between) , and have it parsed by : https://cway.cisco.com/wireless-config-analyzer

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl · ‎01-19-2023

Hello again Mace,

I did the checkup, found some errors that maybe irrelevant. Could you please advise about what should I need to pay attention to in the result?

Mark Elsen · ‎01-19-2023

>....Could you please advise about what should I need to pay attention to in the result?
- Attach the result to your next reply ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl · ‎01-22-2023

Hello Marc,

Please find the attached file. Also I have notice something strange when I uninstall NIC and install it again it gets ip 10.50.X.X and everything works well, but after some time it gets ip of 10.200.x.x which has no internet capability. Please note there is no ISE configured

Arshad Safrulla · ‎01-30-2023

Looks like you have a rogue DHCP server in your network. I would first make sure that the rogue DHCP server is eliminated. If your switch supports check the possibility of using DHCP/ARP snooping.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

lAhmed Saadl · ‎01-19-2023

It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!

Mark Elsen · ‎01-19-2023

>It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!
- You may need to press an apply button or likewise in the GUI before the setting becomes effective,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl · ‎01-19-2023

Yes. I did that, but it didn't work. still broadcasting. Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.

Mark Elsen · ‎01-22-2023

>... Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.
- These observations are not normal and or not experienced by other users when using a wireless controller : I would suggest to backup the configuration and configure it from scratch again according to your purposes ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

ammahend · ‎01-22-2023

Can you resolve dns ?

-hope this helps-

lAhmed Saadl · ‎01-22-2023

Dears,

Appreciate your remarkable support, and suggestions. Issue solved by reconfiguring it again. Also I'd like to mention that DNS point is a good point, too.

Rich R · ‎01-29-2023

- Consider a rogue AP broadcasting the same SSID?
- Consider an AP that might have ME - Mobility Express (Wave 2 APs) - or EWC - Embedded Wireless Controller (Catalyst 91xx APs) which might be acting as WLC on local subnet

- Update your WLC to latest code (currently 8.10.183.0) to eliminate possible bugs which may have been resolved since 8.10.171.0

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390