Cisco :: Clients That Are Not Authenticated Taking IP Addresses - WLC 5508
Feb 21, 2012
I work on a college campus that has thousands of students a day accessing our wireless network. We have broadcast SSID that the students use to connect to the internet. The students usually have more than one WiFi enable device on them and their laptops and phones both take an IP address, but they are only using the laptop to authenticate while the phone is associted, but not authenticated. In the meantime, I have several thousand IPs being used by their phones/iPods etc. Is there a way to revoke the DHCP lease if the client does not authenticate within a specified time frame (i.e. 10 minutes)?
View 3 Replies
ADVERTISEMENT
Aug 1, 2012
Running 7.0.220. There are several 'unknown' users every day reported in WCS. Investigating the connections on the WLC I find the clients are in a run state and passing traffic but there is no username listed on the client detail. (hence the unknown on WCS)
(mcm-189jsoc-wlc1) >show client detail 60:c5:47:07:b6:5a
Client MAC Address............................... 60:c5:47:07:b6:5a
Client Username ................................. N/A
AP MAC Address................................... 00:1e:13:42:16:a0
AP Name.......................................... mcm-208dorm-wap1
[code].....
Clients in this state are usually Apple products. From initial investigation it looks like the do authenticate with the ACS. r debugs to run, or fixes on the WLC? Perhaps there's a bug on this behavior?
View 11 Replies
View Related
Apr 4, 2013
I am using web authentication with my Wlc 5508 and I would like to check all users currently connected (ip, login used, MAC address, ...) with SNMP.
I am using an external web server and my client are authenticated with ldap.
I know I can receive these information with traps, but I would like to create a short program which will check all users when I click on a button.
View 2 Replies
View Related
Apr 10, 2012
I recently upgraded a clients WLC and they keep saying they are unable to get an IP address from the DHCP server. It's a simple, flat network and here is what the logs are showing.
*apfReceiveTask: Apr 11 13:37:25.477: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:17.278: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:37:05.880: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
*apfReceiveTask: Apr 11 13:13:47.397: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'management'. Marking interface dirty.
[code]....
View 19 Replies
View Related
Sep 9, 2012
Environment:
1. Core switch - Catalyst 6509e
vlans configured:
a. vlan 50 (wired clients)
[Code]....
here's the problem, wireless clients connected to WLAN guest keep getting DHCP leases from WLAN local 10.0.50.10 (scope 10.0.70.101 to 200)
View 11 Replies
View Related
Jun 24, 2007
Here at HQ we have a 4402 WLC. At our remote sites we have 1231G APs running in autonomous mode. I upgraded one of the APs -- IOS 12.4(3g)JA -- to run LWAPP. Per release notes I've read upgraded 1231's do not support REAP/HREAP mode, consequently, it's running in LOCAL mode.
The AP is managed by the WLC. I created a WLAN for the remote site and assigned it to the MGMT interface; the remote site subnet doesn't exist in HQ. The DHCP server for the remote site is presently at that site; AP and DHCP server reside at the same place.
Clients authenticate successfully to the remote site AP, however, they are not getting DHCP addresses assigned. Does the DHCP server for the remote site have to reside in HQ since the AP is running in local mode? If so, where is that specified, on the MGMT interface config?
View 4 Replies
View Related
May 6, 2011
I have a PIX 515E that I want to use to as a border between my internet connection and my Cisco AIR1131AG. I have configured the PIX to have the outside interface as a dhcp client which gets its dynamic IP address from the cable modem. the AP is connected to the E1 inside interface. Now I could see the E1 interface from the arp table from the AP but I cannot ping it. From the firewall I don't see the ARP table from the firewall. and i cannot ping the AP. what is wrong with the configuration? side note, i am able to connect to the AIR1131AG from my laptop I was not able to retrieve an IP address.
FW1 - CONFIGURATION
interface Ethernet0 description uplink towards the techsavvy modem speed 100 nameif outside security-level 0 ip address dhcp setroute !interface Ethernet1 description >>> WIFI LAN ACCESS <<< nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0
[Code].....
View 3 Replies
View Related
May 8, 2013
[URL] I have one Controller 5508 is my Central Office and I have some Ap's working in local mode in my Central Office, additional I have more Ap's in a remote Office they're are working as H-REAP and I can handles across my WLC. Now my enterprise decided bouth another WLC and wants to deploy a active-passive scenario. This new Controller should manages all the AP's when the central WLC fails...
My questions are... I need to have the same ip addressing on both sites? or they can be different. I nedd to configure some on my Ap's that are working as local mode, for allow the secondary WLC manage them when mi central WLC fails
View 10 Replies
View Related
Oct 13, 2011
Our 5508 Wireless Controller will drop MAC addresses clean out of the system. Addresses that are in use everyday just disappear. It is not a limitation issue because we are adding iPads everyday. And it is not a daily occurance, but maybe once or twice a week. Everything has been updated and it is more of a hassle than anything, I am just trying to understand what is happening.
View 2 Replies
View Related
May 1, 2013
Have a WLC 5508 running 7.0.230 with internal DHCP server. Timeout is 3600 seconds. The IP addresses never seem to be released. The controller will show 70 clients but 254 addresses will be assigned.
View 2 Replies
View Related
Jun 22, 2011
We have 2 WLCs, 4402 (main) and 5508 (backup). While we turn on both devices, 4402 have 10 APs, and 5508 have 10 APs as well. Total connected clients will be 120+, but when we turn off either 1 wlc, let's say only 4402 is power on, total 20 APs joined, but the total client will be 90+, never reach over 100 clients. The same happened on 5508, is there any maximum associated connection on WLC?
View 1 Replies
View Related
Nov 23, 2011
I have configured 5508 with multiple APs but clients on the internal SSID aren't getting an IP address. I have the IP helper address configured and I have also disabled DHCP proxy on the controller.
I get the following from the client debug, I don't know what the below mac address is, it's not one my APs or the clients, I am not seeing this mac address on the controller at all but it shows up in the debug.
type = Airespace AP - Learn IP address
on AP 6c:9c:ed:87:23:c0
*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Entering Backend
[Code].....
View 5 Replies
View Related
Nov 17, 2011
Need implementation of an OID to view the number of connected clients per Access-Point? I am using a 5508 WLC.
View 4 Replies
View Related
Jan 22, 2012
I'm having a problem with my clients dropping the network connection constantly throughout the campus. I am using a Cisco 5508 controller and the APs are LAP1141N. At first I thought it was a roaming issue but I tested with only 1 AP and the problem persisted, I can tell you that we don't have interference problems and that our old linksys APs used to work without flaws.
View 1 Replies
View Related
May 1, 2013
I have a 5508 WLC with CAP3502i APs connected to it. I upgreaded the code to the newest 7.2.115.1 code. I am having trouble with laptops that are not physically moving but are moving their connection from AP to AP in the same area. This is in a school and causing a problem with a testing program they are using becuse they drop 2 or 3 pings in the process. I do have the area heavily saturated with AP but that is because of the amount of clients we have connecting to them. There is 8 classrooms in a hallway with 24 laptops in each classroom. Each classroom has an 3502i ap in it. The laptop can be connected to an AP with great signal and move to another AP that still has a good signal but not as great. I don't understand why if I get 4 bars and connected at 144mps it would move to a new AP. These are Lenovo laptos and i have updated their wireless card drivers and set the roaming agressiviness to low but it still happens.
View 3 Replies
View Related
Nov 8, 2012
I have a WLC 5508 with half a dozen LAPs (AIR-CAP3502I-E-K9).They have been working but sometimes clients detect conectivity problems with the wlan.Here is the message log I can obtain from the controller:
View 1 Replies
View Related
Jan 22, 2013
I have a WLC 5508 in my datacenter, and 1142s configured with FlexConnect at a remote site.Two issues:Some APs 'die' from time to time where I cannot ping them anymore and they do not service any clients. I can reset them from the WLC after which they work again. I have some clients in the building (same area) who lose connectivity from time to time and are unable to reconnect to the wireless. I am seeing errors that the gateway cannot be found or there is not a valid IP. restarting the AP closest to the clients fixes the issue. I have replaced the AP and connected to a different port on the switch.
View 6 Replies
View Related
Feb 14, 2011
I have a network setup as live-ssid. It is using the Interface for VLAN 14. All APs under the default-group AP Group obviously allows clients to DHCP an address from VLAN 14. This is working fine.
I created a new AP Group called 3rd Floor. This has the live-ssid setup, but instead of using the Interface for VLAN 14 it is setup for the Interface for VLAN 50. I have all the APs on this floor moved to the 3rd Floor AP Group.
The problem is that 95% of the clients on 3rd Floor are still picking up DHCP addresses from VLAN 14. I checked and all the clients are connected to the APs on the 3rd Floor. Only 4 Clients are getting an address from VLAN 50.
I'm not sure if something is configured wrong or not since some devices pick up the new VLAN and the rest don't. I've manually reboot the APs on the 3rd floor to see if that would fix it.
View 2 Replies
View Related
Apr 14, 2013
We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe
[code]....
View 7 Replies
View Related
May 16, 2012
We got a question about our WLC 5508 single controller deployment with 14 access points without a VLAN configuration.
When our clients connect to the wifi, we cannot see any ip address of them in the client details page. It shows everytime the ip address 0.0.0.0. The clients are configured with a static ip.
View 8 Replies
View Related
Mar 29, 2012
I would like to share one problem with WLC 5508 . we added a new virtual interface on the WLC. One new SSID is associated with this interface.
We created a ACL for this interface to restrict the access via WIFI to certian services. It´s not correct that everything works fine because the change were not applied. [code]
The changes of the ACL are applied on the fly, but for reason we don´t know, the clients don´t get a DHCP IP-Address (after changing the ACL) until the Controller is rebooted.
View 2 Replies
View Related
Aug 6, 2012
question in regards to the deployment of a new WLC and new LAPs,I have configured and connected a 5508 WLC and 3500 series LAP.LAG is enabled in the WLC and successfully connected to the neighboring switch (using etherchannel) and to the network.
The port-channel port is set to trunk mode obviously and certain vlan ids are currently allowed (3-5)
The management interface has this IP address 192.168.5.250/24
I created a WLAN with WLAN ID 3, Interface set to Management and say SSID test1
I have connected a new LAP to the network, which switchport interface is set to access mode and assigned with vlan id 3. The LAP is able to join the WLC successfully with an IP address, such as, 192.168.3.100 (assigned via DHCP).
When I try connecting a mobile client to the wireless LAN, it can successfully detect and connect to the WLAN, created in the WLC (test1) however it gets an IP address by DHCP, in the 192.168.5.0/24 network, which is the IP range of the management interface's IP address.
What can I do to get the clients connecting on network 192.168.3.0/24? I thought this would be the case since I allocated the WLAN Id of 3 in the WLAN test1 configuration and since the LAP switchport is set to access mode with vlan ID 3.
View 3 Replies
View Related
Apr 16, 2013
We have a Cisco 5508 controller with 1142 LWAP's running version 7.4.100.We have several Dell laptops which will not associate to the access point UNLESS you stand directly underneath it, power off the wireless, turn it back on then eventually the PC will associate to the AP.Once the PC is associated to the AP and user is authenticated then all is well.
Have tried updating the wireless drivers downloaded from both Dell or INTEL. This does not happen to all of our laptops. However, without making any changes to the WLC or the PC's, we have begun to expirence this problem with laptop which previously did not have this issue.
View 4 Replies
View Related
Mar 18, 2013
For WLC 5508 software version 7.0.235.0, which command is needed to get the WLC send syslog messages everytime a wireless client associate and desassociate?
View 2 Replies
View Related
Aug 26, 2012
I'm working on migrating autonomous WAPs to lightweight mode in a WLC 5508. Some of the older WAPs are being decommissioned at the same time.
One issue I have found is that after replacing an old WAP in autonomous mode with a new WAP (3502); some clients near the coverage of this new LWAPP are now connecting to another WAP in autonomous mode that has not been converted or replaced yet; but that is located quite far away from where these clients are, actually two floors down. Users on these clients have reported wifi dropouts, which is obvious due to the distance where the old WAP is. A workaround that seems to work is removing the wifi profiles in the client machines and recreating them again, which is not a good solution for all of the wifi profiles we have in place. At this point of time we still need to have the older WAPs until they are all replaced.
How can I get clients connecting to a LWAPP that is closer to their location? I'm wondering what causes those clients to look for an existing older WAP rather than connecting to the new LWAPP, which is broadcasting the same SSID closer to where they aree. Bear in mind that the new LWAPP is working fine and has live sessions working just fine.
View 5 Replies
View Related
Jan 15, 2013
Just inserted a new 5508 WLC into the network. We current have 3 4404 WLCs, and there was a need to duplicate, as much as possible, the configurations on the 4404s, and the design. The 5508 came online as expected. We moved a few access points over to it. The APs got the correct address range. The clients are expected to get addresses in the same scope range as the APs. However, the clients are receiving addresses in the management IP scope.I know there are two "not a good way to do it" in here. Why is the management address range in the DHCP scope, and why are the clients using the same scope as the APs. We are going to change that. For now, the AP and client in the same range has been going on since we rolled out wireless in 2006.The 8 ports on the 5508 are configured for LAG. There is no dedicated port for management. They tell me not to do that on a 5508.
View 8 Replies
View Related
Jun 12, 2012
I have a 5508 WLC and 40+ LAP1142N APs spread across 19 locations that allows staff to connect to our private network via wireless. I recently deployed about 40 new laptops all identical make and model HP ProBook 4530's and all have the same client setup for the wireless. Out of those 40 laptops I have 4 that will not connect to the private network. However, these same laptops will connect to my public, open wireless network without issue. In addition to the 4 that will not connect all the others will prompt twice for network authentication.Now, I have about 10 other laptops that are not the HP model and all connect without issue and without dual propt. I don't think this is a wireless network issue but could be some type of issue with this model of laptop.
View 8 Replies
View Related
Jul 10, 2011
which is the maximum number of simultaneous wired guest clients on a 5508? And in a 2112 controller?
Wired clients count as wireless clients??
What about anchoring limitations, what is the effect of wired guest clients on the anchor controller?
View 2 Replies
View Related
Jan 22, 2013
I have a strange behavior between a WLC 5508 (version 7.0.116.0) and NEXUS7010.
WLC
The WLC is configured in DHCP Bridging Mode (it sends DHCP requests without change)
Nexus
The VLAN interface is configured as follows
interface Vlan501
ip access-group acl-int-vlan501-in-1 in
no ip redirects
ip address 10.12.56.4/21
ip ospf network broadcast
ip router ospf 100 area 10.23.0.0
hsrp 51
Clients can not obtain an IP address intermittently. If I deactivates the ACL when the problem appears(when the client can not obtain an IP@) the probleme is resolved
Note: Before the WLC was connected to Catalyst 6500 and worked properly for 2 years (with same configuration)
I saw this note about differences between DHCP relay on the NEXUS7000/NXOS an Ip helper one the 6500/IOS URL. Do you think the problem may come from the DHCP relay or ACL on the NEXUS.
View 2 Replies
View Related
Mar 26, 2013
We are deploying BYOD with Cisco ISE 1.1.2 and WLC (5508) using 802.1x authentication.Windows clients cannot connect to 802.1x SSID with the following error on ISE:Authentication failed : 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
The client doesn't have preconfigured wifi profile or root certificate installed.The concept of BYOD suppose that you can connect your device without any installed certificates and preconfigured wifi-profiles.
The problem is that Windows 7 supplicant does not send TLS alert in pop up window, when connecting to 802.1x SSID.If this alert is seen, than you can accept it and proceed the connection. After that you will be asked to install ROOT-cert, get your own cert and etc.So, the question is: how to make the windows supplicant to show the pop-up window with TLS alert?
p.s. the attached file shows the example of pop up TLS-alert window
View 6 Replies
View Related
Apr 7, 2013
DHCP scope is configured on a WLC 5508.I'm checking if there' a way for WLC to clear the dhcp leasing when a user is diconnected from wireless?
View 2 Replies
View Related
Oct 8, 2012
In setup for old RV042 (V1), when updating / adding Mac addresses, the table is always sorted by IP addresses. But in the new oneRV042 (V3) I have, even with latest firmware 4.2.1.02 the list is random, thereby increasing the chance of user entering DUPLICATE IP addr with diff Mac addr. That will result in conflict.If the firmware sorts the DHCP entries by ip addresses, user would be able to catch duplicate ip errors even if the system does not flag the errors. All Cisco smart engineers can you all get the dhcp entries SORT by ip addresses.
View 2 Replies
View Related
Jan 23, 2012
I´m currently looking for a document that specify how many MAC addresses can be stored and authenticated via an ACS (1120)? I prefer to use the internal identity store over AD or LDAP for MAB authentication for 802.1X project. I would like to know what is the impact on the ACS? CPU/MEM? What is the impact on the user authentication? delay, timeout, etc.
View 7 Replies
View Related
