Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1074
Views
0
Helpful
5
Replies

WLC 5508 Dynamic VLAN Assignment Using FreeRadius

bonartg
Level 1
Level 1

‎03-18-2022 01:34 AM

Hi Everyone,

 

I have implemented Dynamic Vlan assignment using FreeRadius, and Windows DHCP Server

I am using WLC 5508 Software Version 7.4.110.0

 

When a device connect to the SSID the first time, everything works. WLC talk to Freeradius and reply with the assigned VLAN, and DHCP Server give the correct IP Address. But if the device disconnect and then reconnect to the same SSID, it stucks on 'Obtaining IP Address'. It is fixed if I login to WLC -> WLANs -> Modify the WLAN (SSID) -> click Apply button.

 

I ran Freeradius -X command to see what happened when 'obtaining ip address' is happening, turns out WLC not talk to FreeRadius.

 

I have collected the debug using debug client <MAC Address> (attached).

From the log, it seems WLC caching the device mac address and can't relay to DHCP Server. And when I hit apply button on WLC, it seems force the WLC to Disassociate and Deauthenticate the device, hence it can get the correct IP Address and VLAN.

 

I have enabled Allow AAA Override on WLANs-> Advanced. DHCP Server = Override (Windows DHCP Server IP Address), DHCP Addr. Assignment = Required.

 

Someone can help me?

 

Thank you.

 

Labels:
Preview file
73 KB
Preview file
19 KB
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2022 02:59 AM

i will review the logs and let you know what was observed here :

mean time look at this thread and PDF to get some idea :

 

https://community.cisco.com/t5/wireless/wlc-5508-dynamic-vlan-assignment-by-radius/td-p/4140481

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

bonartg
Level 1
Level 1
In response to balaji.bandi

‎03-20-2022 05:58 PM

Thanks for the response. Do you have any observation after reviewing the logs?

 

I have check the docs and pdf (https://community.cisco.com/legacyfs/online/legacy/3/3/0/55033-AAA-overide-ACS52.pdf) and will try on my WLC to see if there is any differences

0 Helpful

bonartg
Level 1
Level 1
In response to balaji.bandi

‎03-27-2022 07:49 PM

@balaji.bandi 

I have tried AAA Settings as suggested on the pdf document (image attached), but still have the same issue.

Do you have other suggestions?

 

Thanks.

Preview file
116 KB
0 Helpful

marce1000
VIP
VIP

‎03-18-2022 03:31 AM

 

 - Note , your WLC software is very old , for 5508 being the same , it is usually advised these days to run the version that this controller can still support , besides being restrictions related to AP models being used. Below you will find output from your debug files when analyzed with : https://cway.cisco.com/wireless-debug-analyzer/

              1) DHCP Success.txt

TimeTaskTranslated

Mar 18 14:08:01.832 *apfMsConnTask_6 Client made new Association to AP/BSSID BSSID d0:c7:89:e9:b1:b3
Mar 18 14:08:01.833 *apfMsConnTask_6 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 18 14:08:01.834 *apfMsConnTask_6 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Mar 18 14:08:01.836 *apfReceiveTask Client is entering the 802.1x or PSK Authentication state
Mar 18 14:08:01.836 *apfReceiveTask Client has successfully cleared AP association phase
Mar 18 14:08:01.836 *apfReceiveTask Client expiration timer code set for 1800 seconds. The reason: Client is scheduled for session timeout deletion (wlan with webauth)
Mar 18 14:08:01.837 *apfReceiveTask Client is trying to associate in 5 Ghz band
Mar 18 14:08:01.840 *dot1xMsgTask 4-Way PTK Handshake, Sending M1
Mar 18 14:08:01.852 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M2
Mar 18 14:08:01.852 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Sending M3
Mar 18 14:08:01.856 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M4
Mar 18 14:08:01.856 *Dot1x_NW_MsgTask_0 Client has completed PSK Dot1x or WEP authentication phase
Mar 18 14:08:01.856 *Dot1x_NW_MsgTask_0 Client has entered DHCP Required state
Mar 18 14:08:01.942 *DHCP Socket Task Received DHCP request from client
Mar 18 14:08:01.946 *DHCP Socket Task Received DHCP ACK from DHCP server
Mar 18 14:08:01.947 *DHCP Socket Task Client has entered RUN state
Mar 18 14:08:01.948 *DHCP Socket Task Received DHCP ACK, assigning IP Address 192.168.52.34

 

             2) DHCP Failed.txt  (note for that case Show All flag is checked)

TimeTaskTranslated
Connection attempt #1
Mar 18 14:06:32.372 *apfMsConnTask_6 Client made new Association to AP/BSSID BSSID d0:c7:89:e9:b1:b3
Connection attempt #2
Mar 18 14:06:32.372 *apfMsConnTask_6 Client made new Association to AP/BSSID BSSID d0:c7:89:e9:b1:b3
Mar 18 14:06:32.373 *apfMsConnTask_6 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 18 14:06:32.373 *apfMsConnTask_6 Client is entering the 802.1x or PSK Authentication state
Mar 18 14:06:32.374 *apfMsConnTask_6 Client expiration timer code set for 1800 seconds. The reason: Client is scheduled for session timeout deletion (wlan with webauth)
Mar 18 14:06:32.374 *apfMsConnTask_6 Client is trying to associate in 5 Ghz band
Mar 18 14:06:32.377 *dot1xMsgTask 4-Way PTK Handshake, Sending M1
Mar 18 14:06:32.425 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M2
Mar 18 14:06:32.425 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Sending M3
Mar 18 14:06:32.428 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M4
Mar 18 14:06:32.428 *Dot1x_NW_MsgTask_0 Client has completed PSK Dot1x or WEP authentication phase
Mar 18 14:06:32.428 *Dot1x_NW_MsgTask_0 Client has entered RUN state
Mar 18 14:06:32.523 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:32.523 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:33.495 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:33.496 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:35.691 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:35.691 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:37.525 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:37.525 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
Mar 18 14:06:38.593 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:38.594 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
Mar 18 14:06:40.753 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:40.753 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
Mar 18 14:06:44.974 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:44.975 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
Connection attempt #3
Mar 18 14:06:51.571 *apfMsConnTask_6 Client made new Association to AP/BSSID BSSID d0:c7:89:e9:b1:b3
Mar 18 14:06:51.574 *apfMsConnTask_6 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Mar 18 14:06:51.575 *apfMsConnTask_6 Client is entering the 802.1x or PSK Authentication state
Mar 18 14:06:51.576 *apfMsConnTask_6 Client expiration timer code set for 1800 seconds. The reason: Client is scheduled for session timeout deletion (wlan with webauth)
Mar 18 14:06:51.577 *apfMsConnTask_6 Client is trying to associate in 5 Ghz band
Mar 18 14:06:51.581 *dot1xMsgTask 4-Way PTK Handshake, Sending M1
Mar 18 14:06:51.590 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M2
Mar 18 14:06:51.590 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Sending M3
Mar 18 14:06:51.595 *Dot1x_NW_MsgTask_0 4-Way PTK Handshake, Received M4
Mar 18 14:06:51.595 *Dot1x_NW_MsgTask_0 Client has completed PSK Dot1x or WEP authentication phase
Mar 18 14:06:51.595 *Dot1x_NW_MsgTask_0 Client has entered RUN state
Mar 18 14:06:51.671 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:51.671 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:52.658 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:52.658 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:54.615 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:54.615 *DHCP Socket Task Sending DHCP Request to DHCP Server CP through gateway 192.168.199.10
requesting 192.168.52.34
on VLAN 199
Mar 18 14:06:56.677 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:56.677 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
Mar 18 14:06:57.628 *DHCP Socket Task Received DHCP request from client
Mar 18 14:06:57.628 *DHCP Socket Task Sending DHCP Discover to DHCP Server CP through gateway 192.168.199.10
on VLAN selected relay 2 - NONE
  •  

 



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

bonartg
Level 1
Level 1
In response to marce1000

‎03-20-2022 06:00 PM

Hi, thanks for the reply and send the output from debug analyzer. Can you please elaborate what can we observe from those 2 logs?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card