Clients cannot join domain or ping servers - WLC 4402

Unanswered Question

We have a 4402 controller managing 27 ap's. When we connect new laptops to the WLAN, we cannot join the domain but can get on the internet, so it doesn't look like a DNS issue. If we plug the laptop into a network drop, it can join the domain fine.

Also, since moving to LWAPP and implementing the controller, existing clients are having trouble pulling roaming profiles, printing to network printers, and accessing network apps on servers (some on the same subnet).

Has anybody seen problems like this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Scott Fella Thu, 03/27/2008 - 13:00

Might want to post some of your configurations so we can take a look at it.

Scott Fella Fri, 03/28/2008 - 18:25

Okay... If you want users to boot up and be able to join the domain, you will need to use a 3rd party utility or Vista which allows for netwrok connection prior to performing a login. What might be happening.... might be wrong, is that you boot up a laptop and the user logins into the laptop... however, the user never does login until the desktop and the windows zero configuration services start. So if you have any login scripts, it will fail. IBM has the Thinkvantage Access Connections, Intel has the Intel PRO utility and there are others you can purchase if you want.

Is this what is happening?

well, I have had them try waiting a few minutes after the windows login screen comes up, dont know if the WZero service starts before or after login.

Addl. info: this is only happening when the WLAN is set to vlan 6, if I set the WLAN to use vlan 1, the problems go away, they obtain IP's on vlan 1 and have no connectivity issues that I can see. I have the port-channel int trunked to the WLC and management/ap-manager ints are untagged, a dynamic interface is set up for vlan 6 and vlan 6 is allowed on the trunk, also the trunk is set to dot1q. When I set it to vlan 6, the clients obtain ip's on that subnet.

the wlc is in lag mode, but we also tried it on a single interface trunked.

The switch is a 6506-E (Sup-720), the WLC was connected to a WS-X6148-GE-TX with a GLC-T, but is now on a fiber blade using 2 GLC-SX-MM

it seems to be a vlan tagging problem of some sort, but I cant be sure. Sometimes when I ping a resource I get one ICMP reply, then the rest time out - sometimes it doesnt work at all but other network resources, particularly those with interfaces on other vlans, are reachable just fine.

Scott Fella Sat, 03/29/2008 - 13:24

verify the configuration on the switch ports in the etherchannel is identical. also verify tha vlan 6 is allowed. When you configure your etherchannel make sure that channel-mode is set to 'ON'. also verify that etherchannel load balancing is configured for scr-dst-ip. what you described does seem like the packet is getting dropped some where.

Can you post the show running-config.

which config? the WLC config is attached is a few posts up...

here is what is on both switchports

interface GigabitEthernet1/21


switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on

interface GigabitEthernet1/22


switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on


Scott Fella Tue, 04/01/2008 - 15:07


You can't leave the service port as Set it to a bogus IP... or something that you are not using. Remive the ACL from the AP Manager interface. Still reviewing the config.

Scott Fella Wed, 04/02/2008 - 13:46


Setup a dhcp scope on the controller and add the DNS entry. Enable DHCP override and make sure you you enter the management ip address of the WLC there. See if this works....

You have checked the ckients machine that is has a valid dns entry?

ahmedalshami Sun, 04/06/2008 - 00:38

For Printer issue I think you must make routing between the Vlans in core switch


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode