04-13-2011 05:16 AM - edited 07-03-2021 08:04 PM
Hi,
I have two number of WLC model 5508 running IOS version 7.0.98.0. And One WLC in DMZ with the same model and IOS version. AP model is 1141.
The Two WLCs are integrated with ACS.
I have a SSID named EMployee. The DHCP for the users are configured in a seperate DHCP server and i have mapped this DHCP server IP to the interaface Employee.And this interface is mapped to the SSID as well.. But my client is not receiving the DHCP IP. Attached are the debug logs from the client.
Please elp me out with a solution for this..
04-13-2011 06:15 AM
Please disable DHCP proxy on the WLC and see its this helps..
Whats the PEM state of the client??
Regards
Surendra
04-13-2011 10:05 AM
IT seems like WLC is excluding the client.
--> Ignoring assoc requestdue to mobile in exclusion list or marked for deletion
WHat is the security method? did you tested it with no security and see if it works?
04-13-2011 07:11 PM
Hi,
I have tried with DHCP proxy. It didnot help. The client authentiction method is EAP-TLS. I have configured accordingly in WLC.
Let me try with open and il check. Could you please share the EAP-TLS configuration on windows and INtel and correspondingly what needs to be done in WLC?
04-13-2011 08:49 PM
I'd definitely remove client exclusion during your testing.
However, your clients initial association request is being rejected.
Its not failing to authenticate, its not failing dhcp, the WLC is just flat out rejecting your client's association.
It would help to have more of your log though instead of just this one snippet.
For example, I see you are moving from an A radio to a B/G Radio.
*apfMsConnTask_4: Apr 13 17:32:11.869: 00:1c:bf:10:a2:58 Updated location for station old AP b8:be:bf:b6:f3:20-1, new AP b8:be:bf:b6:f3:20-0
Did your client work on the A radio and it just fails to roam to B/G, or was it failing on A radio as well......?
Either way, WLC does not like your association request based on this debug.
04-16-2012 08:48 AM
Maybe you have a problem with your DHCP server, please try to repush of the lease.
04-19-2012 10:48 AM
Has this been answered. We have a similar setup at my office and i would love to know how you fixed it.
Sent from Cisco Technical Support iPad App
04-19-2012 10:51 AM
Shawn,
It might be easier to open your own thread so others don't get confused. Then we can ask how your setup is and what is working what isn't.
04-19-2012 11:15 AM
No problem. I don't have a setup yet just a design in head.
Sent from Cisco Technical Support iPad App
04-19-2012 12:19 PM
Shawn,
If you follow the design practices you wont have any problems. If you are in your intial deisgn. I would recommend a few things.
1) Dont use the WLC as a DHCP server. Put a dhcp server in the DMZ or allow DHCP inside
2) Make sure you make dummy interfaces on the foreign controllers for the guest network
3) QoS Throttle traffic so that guest dont get a free ride
4) QoS set to bronze
Hope this helps a little
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide