Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3431
Views
35
Helpful
15
Replies

SSID Connected, not internet

lAhmed Saadl
Level 3
Level 3

‎01-19-2023 05:53 AM

Dears,

Appreciate your support, as I am facing a weird case. I had a configured SSID for guest users on all of APs that was working normally. Suddenly yesterday, when clients tried to join to it, they got an IP address. but still can't reach the internet.

I can trace the IP which user got. It passes through the firewall to the GW with no issue. no change had happened to VLAN or Interface assigened to this SSID.

 

 Security Policies: [WPA2][Auth(PSK)]

the starange thing here, is while I try to uncheck status or even uncheck Brodcast SSID, it still appears, and clients see it and join it ,too.

0 Helpful
15 Replies 15

Mark Elsen
Hall of Fame
Hall of Fame

‎01-19-2023 06:03 AM

 

  - Are you using a controller ? And or what is the model and software version ?

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl
Level 3
Level 3
In response to Mark Elsen

‎01-19-2023 06:08 AM

Hello Marce, 

Yes. WLC 5520 series. Software of 8.10.171.0

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to lAhmed Saadl

‎01-19-2023 06:38 AM

 

                           >...Yes. WLC 5520 series. Software of 8.10.171.0
   Have a checkup of the controller configuration, for that you need the output of the show run-config command (with no prompts in between) , and have it parsed by : https://cway.cisco.com/wireless-config-analyzer

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

lAhmed Saadl
Level 3
Level 3
In response to Mark Elsen

‎01-19-2023 06:53 AM

Hello again Mace,

I did the checkup, found some errors that maybe irrelevant. Could you please advise about what should I need to pay attention to in the result?

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to lAhmed Saadl

‎01-19-2023 07:56 AM

 

              >....Could you please advise about what should I need to pay attention to in the result?
                                       - Attach the result  to your next reply , 

M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

lAhmed Saadl
Level 3
Level 3
In response to Mark Elsen

‎01-22-2023 04:49 AM - edited ‎01-22-2023 09:48 AM

Hello Marc,

Please find the attached file. Also I have notice something strange when I uninstall NIC and install it again it gets ip 10.50.X.X and everything works well, but after some time it gets ip of 10.200.x.x which has no internet capability. Please note there is no ISE configured 

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni
In response to lAhmed Saadl

‎01-30-2023 03:53 PM

Looks like you have a rogue DHCP server in your network. I would first make sure that the rogue DHCP server is eliminated. If your switch supports check the possibility of using DHCP/ARP snooping.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

lAhmed Saadl
Level 3
Level 3
In response to Mark Elsen

‎01-19-2023 06:31 AM

It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to lAhmed Saadl

‎01-19-2023 06:36 AM

 

  >It's a bit little confusing as when I try to disable its status, and prevent broadcast, it still works and exists!!
           - You may need to press an apply button or likewise in the GUI before the setting becomes effective,

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

lAhmed Saadl
Level 3
Level 3
In response to Mark Elsen

‎01-19-2023 06:39 AM

Yes. I did that, but it didn't work. still broadcasting. Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to lAhmed Saadl

‎01-22-2023 08:24 AM

 

  >... Also tried via CLI config wlan disable <WLAN ID> 7. it shows it is disabled, but still broadcasting and users connect and assign IPs from it.
       - These observations are not normal and or not experienced by other users when using a wireless controller : I would suggest to backup the configuration and configure it from scratch again according to your purposes , 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Ambuj M
VIP
VIP

‎01-22-2023 06:49 PM

Can you resolve dns ? 

-hope this helps-
0 Helpful

lAhmed Saadl
Level 3
Level 3

‎01-22-2023 07:40 PM

Dears,

Appreciate your remarkable support, and suggestions. Issue solved by reconfiguring it again. Also I'd like to mention that DNS point is a good point, too.

Rich R
VIP
VIP

‎01-29-2023 06:50 AM

- Consider a rogue AP broadcasting the same SSID?
- Consider an AP that might have ME - Mobility Express (Wave 2 APs) - or EWC - Embedded Wireless Controller (Catalyst 91xx APs) which might be acting as WLC on local subnet

- Update your WLC to latest code (currently 8.10.183.0) to eliminate possible bugs which may have been resolved since 8.10.171.0

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card