06-20-2015 12:07 PM - edited 07-05-2021 03:26 AM
I have just converted my home from (3) 3600 series autonomous APs to LWAPs with 802.11AC radios to take advantage of the 802.11AC radio spectrum.
I am using a WLC 2504 running version 8.1.102.0 software. All is working great except for my security cameras. They require a static IP address to communicate with the DVR. They are older and use WEP encryption (hex 128 bit). They cannot achieve the RUN state as the controller wants the IP address before allowing connection to the network. DHCP is not set to required for the WLAN or Interface. Here is the error I receive.
*apfMsConnTask_3: Jun 20 11:57:33.067: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:14:b7 0.0.0.0 DHCP_REQD (7) Rejecting association attempt by ad-hoc client
I have even attempted to break down the communication to its most basic form (wide open), and still the same result.
Thoughts and suggestions would be greatly appreciated.
Attached is a copy of my configuration
Solved! Go to Solution.
06-20-2015 04:25 PM
It can be because the device that has a static address isn't responding to ip information request. This means that you need to enable passive clients. Here is instructions that will walk you through what is needed to support these devices.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01100011.html
-Scott
06-24-2015 02:37 PM
inorder to roam seemlessly between two flex APs , both APs should be in same flex group ,
create flexconnect group , and add the flex APs to it , make sure no load balance or band select is enabled on the SSID
06-20-2015 12:19 PM
On the monitor page I can see the MAC address and the static IP but still no RUN state
06-20-2015 02:06 PM
Are those clients trying to connect to WLAN ID 1? If that is the case the problem is that "DHCP Addr. Assignment" is actually enabled. Please go to the advanced tab of the WLAN and untick the "Required" checkbox. If the problem still occurs, please share the output of an "debug client MACADR".
Please rate useful posts :-)
06-20-2015 03:41 PM
They are connecting to WLAN ID 5 which is set to not require DHCP. These cameras connected to the same access points just fine when the access points were in autonomous mode..
06-20-2015 04:25 PM
It can be because the device that has a static address isn't responding to ip information request. This means that you need to enable passive clients. Here is instructions that will walk you through what is needed to support these devices.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01100011.html
-Scott
06-20-2015 05:29 PM
Scott
I did try enabling the passive client option. No joy. Two of the cameras did respond briefly. I had to send consistent pings to each to keep the session alive.
06-20-2015 05:42 PM
The best workaround is to use DHCP reservations so the cameras always get the same IP address. There really isn't another workaround especially if you followed the doc step by step. Maybe configure a static arp entry on the L3 device for he cameras.
-Scott
06-22-2015 02:39 PM
After having added all of the input each of you have provided, I am making progress. Now the issue is the client ability to recover. For example: resetting an AP or making a change to the 802.11b/g/n configuration of the WLC requires that I power cycle each camera to reconnect. In the autonomous AP configuration the devices would reconnect automatically
06-24-2015 02:16 PM
I took it upon myself to change the AP mode from local to flexconnect. All of the cameras are now working. No more seeing two MAC addresses for each of the cameras.
This change seems to have caused an issue for Apple devices. Apple devices no longer roam. They remain connected to the AP originating the wireless communication, even if there is a better signal from another AP with the same SSID and WLAN. And when an Apple device now goes to sleep I must go to the setting menu to view the wireless settings before it will reestablish.
06-24-2015 02:37 PM
inorder to roam seemlessly between two flex APs , both APs should be in same flex group ,
create flexconnect group , and add the flex APs to it , make sure no load balance or band select is enabled on the SSID
06-24-2015 03:02 PM
Ali
I did have the flexconnect grouping and configuration as you suggested. I just enabled the 11k features in the WLAN advanced settings and things appear to be working better. Thanks for leading me in the right direction.
I appreciate everyone's help. Is there a way for me to mark multiples of the answers as correct?
06-24-2015 03:07 PM
you welcome , not sure if this is possible , but you can try
06-20-2015 06:30 PM
can you please share :
show wlan 5
show client details <client MAC>
debug client <cleint MAC> while the camera is trying to connect to the WLAN .
06-22-2015 02:15 PM
Here is the output of Show WLAN 5
(Cisco Controller) >show wlan 5
WLAN Identifier.................................. 5
Profile Name..................................... Cameras
Network Name (SSID).............................. HOUNDS
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 15
Exclusionlist.................................... Disabled
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... wlc.consulteron.local
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wlan 192
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Tunnel Profile................................... Unconfigured
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
--More-- or (q)uit
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority..............................
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Enabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11g only
DTIM period for 802.11a radio.................... 1
--More-- or (q)uit
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Enabled
Key Index:...................................... 1
Encryption:..................................... 104-bit WEP
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web Authentication Timeout.................... 300
--More-- or (q)uit
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
FlexConnect Central Association............... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Disabled
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Not Applicable
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel Configuration
Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Disabled
802.11v BSS Max Idle Service..................... Enabled
802.11v BSS Transition Service................... Disabled
802.11v BSS Transition Disassoc Imminent......... Disabled
802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled
--More-- or (q)uit
Mobility Anchor List
WLAN ID IP Address Status Priority
------- --------------- ------ --------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
----------------
Priority Policy Name
-------- ---------------
(Cisco Controller) >
06-22-2015 02:46 PM
ok this is local switching WLAN , (interesting) ,
+even if the cleint is not in Run state on the WLC , are you able to ping it from it's local gateway ?
+as per configuration guide "For the FlexConnect local switching, central authentication deployments, if there is a passive client with a static IP address, it is recommended to disable the Learn Client IP Address feature under the WLAN > Advanced tab."
so can you disable the flexconnect learn ip address ,
for your reference :
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/flexconnect.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide