Clients cannot join domain or ping servers - WLC 4402

Unanswered Question

We have a 4402 controller managing 27 ap's. When we connect new laptops to the WLAN, we cannot join the domain but can get on the internet, so it doesn't look like a DNS issue. If we plug the laptop into a network drop, it can join the domain fine.


Also, since moving to LWAPP and implementing the controller, existing clients are having trouble pulling roaming profiles, printing to network printers, and accessing network apps on servers (some on the same subnet).


Has anybody seen problems like this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Scott Fella Thu, 03/27/2008 - 13:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Might want to post some of your configurations so we can take a look at it.

Scott Fella Fri, 03/28/2008 - 08:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Remove your ACL and see if that solves the issue.

Scott Fella Fri, 03/28/2008 - 18:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Okay... If you want users to boot up and be able to join the domain, you will need to use a 3rd party utility or Vista which allows for netwrok connection prior to performing a login. What might be happening.... might be wrong, is that you boot up a laptop and the user logins into the laptop... however, the user never does login until the desktop and the windows zero configuration services start. So if you have any login scripts, it will fail. IBM has the Thinkvantage Access Connections, Intel has the Intel PRO utility and there are others you can purchase if you want.


Is this what is happening?

well, I have had them try waiting a few minutes after the windows login screen comes up, dont know if the WZero service starts before or after login.


Addl. info: this is only happening when the WLAN is set to vlan 6, if I set the WLAN to use vlan 1, the problems go away, they obtain IP's on vlan 1 and have no connectivity issues that I can see. I have the port-channel int trunked to the WLC and management/ap-manager ints are untagged, a dynamic interface is set up for vlan 6 and vlan 6 is allowed on the trunk, also the trunk is set to dot1q. When I set it to vlan 6, the clients obtain ip's on that subnet.


the wlc is in lag mode, but we also tried it on a single interface trunked.


The switch is a 6506-E (Sup-720), the WLC was connected to a WS-X6148-GE-TX with a GLC-T, but is now on a fiber blade using 2 GLC-SX-MM


it seems to be a vlan tagging problem of some sort, but I cant be sure. Sometimes when I ping a resource I get one ICMP reply, then the rest time out - sometimes it doesnt work at all but other network resources, particularly those with interfaces on other vlans, are reachable just fine.

Scott Fella Sat, 03/29/2008 - 13:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

verify the configuration on the switch ports in the etherchannel is identical. also verify tha vlan 6 is allowed. When you configure your etherchannel make sure that channel-mode is set to 'ON'. also verify that etherchannel load balancing is configured for scr-dst-ip. what you described does seem like the packet is getting dropped some where.


Can you post the show running-config.

which config? the WLC config is attached is a few posts up...


here is what is on both switchports


interface GigabitEthernet1/21

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on


interface GigabitEthernet1/22

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on

end



Scott Fella Mon, 03/31/2008 - 08:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The show config..,, if possible.

Scott Fella Tue, 04/01/2008 - 15:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

John,


You can't leave the service port as 0.0.0.0. Set it to a bogus IP... 192.168.100.254 or something that you are not using. Remive the ACL from the AP Manager interface. Still reviewing the config.

George Stefanick Tue, 04/01/2008 - 21:07
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

John,


Did you try doing a switch port on VLAN6 and see if your having the same issue ?

Scott Fella Wed, 04/02/2008 - 13:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

John,


Setup a dhcp scope on the controller and add the DNS entry. Enable DHCP override and make sure you you enter the management ip address of the WLC there. See if this works....


You have checked the ckients machine that is has a valid dns entry?

Scott Fella Sat, 04/05/2008 - 08:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well let us know if that fixed the issue or not.

ahmedalshami Sun, 04/06/2008 - 00:38
User Badges:

For Printer issue I think you must make routing between the Vlans in core switch

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode