I am currently busy with a project to implement a wlc 2504 anchor controller for guest wifi. The foreign controller is a wlc 5508 and the anchor controller is currently in the dmz behind a firewall. The tunnel is up up between the two controllers and we are using PSK authentication for testing.
The issue that we are currently experiencing, is when a user joins the guest wifi and enter the PSK, the users connection gets dropped after a few seconds. On the foreign controller, i can see the user joining the guest wiif ssid but on the anchor controller, theres no information on the connection.
Below is the logs for the users connectivity:
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.507: 30:07:4d:59:00:00 Anchor Export Request Recvd for mobile 30:07:4d:59:00:00 from 184.108.40.206 type : 16 subtype : 0 seq no : 65090 xid : 291588
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.507: 30:07:4d:59:00:00mmAnchorExportRcv: Extracting mmPayloadExportForeignLradMac
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.507: 30:07:4d:59:00:00IPv6 ACl Name is none
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.508: 30:07:4d:59:00:0Created Acct-Session-ID (386d6f7b/30:07:4d:59:00:00/79) for the mobile
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.508: 30:07:4d:59:00:00Adding mobile on Remote AP 00:00:00:00:00:00(0)
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.508: 30:07:4d:59:00:00 mmAnchorExportRcv:, Mobility role is Unassoc
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.508: 30:07:4d:59:00:00mmAnchorExportRcv Ssid=Guest_Wifi Security Policy=0x40006040
*Dot1x_NW_MsgTask_0: Jan 01 03:07:39.508: 30:07:4d:59:00:00Scheduling deletion of Mobile Station: (callerId: 69) in 1 seconds
*osapiBsnTimer: Jan 01 03:07:40.345: 30:07:4d:59:00:00 apfMsExpireCallback (apf_ms.c:639) Expiring Mobile!
*apfReceiveTask: Jan 01 03:07:40.345: 30:07:4d:59:00:00 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Jan 01 03:07:40.345: 30:07:4d:59:00:000.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:00:00:00:00:00]
*apfReceiveTask: Jan 01 03:07:40.345: 30:07:4d:59:00:00 Deleting mobile on AP 00:00:00:00:00:00(0)
Your assistance will be greatly appreciated.
That's the first thing I checked and even reconfigured the WLANs on both controllers. The debug logs were the same when we switched between layer 2 and layer 3 authentication methods.
I have the same problem...
First: We had aaa 802.1x auth in the anchor
For testing and avoid issues in aaa, now we change it to normal WPA2/PSK to test if the problem was the auth but same result
I think that we need to resolv the problem in WPA2/PSK first but then
L2 authentication dot1x is passed throught the EoIP tunnel to the anchor?
in other words:
L2 authentications occurs in the anchor or in the foreign? I read contradictory opinions about