02-13-2014 06:30 AM - edited 07-05-2021 12:11 AM
Recently I setup an 1130 AP, it's group broadcasts two SSID's. One for users and one for guests. It's been working solid now for several months. Now users are reports that on the public SSID they are getting dropped and can't reconnect, they time out. Usually they can connect to the SSID without security, and login with a username and password provided by the secretary. I've tried troubleshooting this to the best of my ability but am stuck. Any ideas?
02-13-2014 06:52 AM
Post your show WLAN
Sent from Cisco Technical Support iPhone App
02-13-2014 08:10 AM
WLAN ID 2, that's for the public and WLAN ID 3 for the secure. I can't seem to telnet of ssh to the ap itself.
02-13-2014 08:19 AM
So you have an autonomous AP? Well you need to be able to telnet/ssh or console and provide the show run-config.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-13-2014 08:35 AM
No scott, it's a lightweight, I'm going to enable ssh and see what I can find.
02-13-2014 08:38 AM
If it's lightweight, you need to access the cli on the WLC and issue the show wlan
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-13-2014 08:54 AM
WLAN Identifier.................................. 2
Profile Name..................................... Public Access
Network Name (SSID).............................. public
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 3
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 7200 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ vlan 8
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
--More-- or (q)uit
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
--More-- or (q)uit
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
Thanks scott
02-13-2014 09:07 AM
Interface........................................ vlan 8
I would connect a wired laptop to a port on the same switch as the WLC on vlan 8 and see if you can get an ip address. What is handing out dhcp? You might want to disable dhcp proxy on the WLC.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-13-2014 02:23 PM
I can't seem to telnet of ssh to the ap itself.
By default, Telnet and SSH to the AP is disabled.
On the WLC, post the output to the command "sh interface detail vlan 8".
02-13-2014 08:39 AM
Hi,
With the show run config please send the switchport cong as well. In this case we have two WLANs so we need to make sure that the switchport is configured as trunk mode and the vlans mapped to both the WLAN ID 2 and 3 are allowed on it.
We also need to make sure that the wired portion is working fine as Wireless is an extension to the Wired configuration.
Thanks and regards,
Manas Pratap Singh.
02-13-2014 09:03 AM
Where would the switchport config be running at? Here's the thing we're running the ap connected to a netgear smart switch as opposed to a cisco at this location. I'm not familiar with netgear smart switches in the least. I checked the run config on the router at the location, shouldn't there be a trunk mode set on one of the ports back to hq?
02-13-2014 09:13 AM
The WLC is trunked to the switch correct?
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-13-2014 01:17 PM
Scott, this is at a satellite campus, and it looks to be trunked. The ap show fine with out errors and all the configurations look right. Contacts on site say that the problem seems to be intermittent. Mostly apple users seem to be effected by this. Where they can connect and after a period of time get dropped then when they try to connect back to the public ssid it times out trying to obtain an IP address. After cycling power on the access point, some user's that were connected seem to be connecting back to the ap automatically, as I can see the clients connected. Weird thing is yesterday when I left my android phone nor laptop were able to connect, contacted site this morning and they said that they were doing fine!?!
02-14-2014 04:03 AM
Check the size and utilization of DHCP pool and lease time. Lease time should be small, 300 sec.
02-14-2014 06:24 AM
Looking on the controller that the AP is associated with on the dhcp scope I see that the public wireless is only from 192.168.1.50 - 192.168.1.100. So that needs to be changed, and the lease time is set to 86400. I can change the size of both, you mind me asking what the lease time effects exactly? I'm trying to get a better understanding, also I'm assuming this only effects ap's that broadcast this ssid from this controller? Would I need to do this as well on my other controllers that broadcast this public ssid, or can it be set from the wcs to effect all controllers? Thanks for everyones time, with your help I've been able to understand how this all comes together!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide