03-27-2008 07:01 AM - edited 07-03-2021 03:35 PM
We have a 4402 controller managing 27 ap's. When we connect new laptops to the WLAN, we cannot join the domain but can get on the internet, so it doesn't look like a DNS issue. If we plug the laptop into a network drop, it can join the domain fine.
Also, since moving to LWAPP and implementing the controller, existing clients are having trouble pulling roaming profiles, printing to network printers, and accessing network apps on servers (some on the same subnet).
Has anybody seen problems like this?
03-27-2008 01:00 PM
Might want to post some of your configurations so we can take a look at it.
03-28-2008 07:40 AM
03-28-2008 08:17 AM
Remove your ACL and see if that solves the issue.
03-28-2008 10:49 AM
done, didn't resolve it though
03-28-2008 06:25 PM
Okay... If you want users to boot up and be able to join the domain, you will need to use a 3rd party utility or Vista which allows for netwrok connection prior to performing a login. What might be happening.... might be wrong, is that you boot up a laptop and the user logins into the laptop... however, the user never does login until the desktop and the windows zero configuration services start. So if you have any login scripts, it will fail. IBM has the Thinkvantage Access Connections, Intel has the Intel PRO utility and there are others you can purchase if you want.
Is this what is happening?
03-29-2008 01:15 PM
well, I have had them try waiting a few minutes after the windows login screen comes up, dont know if the WZero service starts before or after login.
Addl. info: this is only happening when the WLAN is set to vlan 6, if I set the WLAN to use vlan 1, the problems go away, they obtain IP's on vlan 1 and have no connectivity issues that I can see. I have the port-channel int trunked to the WLC and management/ap-manager ints are untagged, a dynamic interface is set up for vlan 6 and vlan 6 is allowed on the trunk, also the trunk is set to dot1q. When I set it to vlan 6, the clients obtain ip's on that subnet.
the wlc is in lag mode, but we also tried it on a single interface trunked.
The switch is a 6506-E (Sup-720), the WLC was connected to a WS-X6148-GE-TX with a GLC-T, but is now on a fiber blade using 2 GLC-SX-MM
it seems to be a vlan tagging problem of some sort, but I cant be sure. Sometimes when I ping a resource I get one ICMP reply, then the rest time out - sometimes it doesnt work at all but other network resources, particularly those with interfaces on other vlans, are reachable just fine.
03-29-2008 01:24 PM
verify the configuration on the switch ports in the etherchannel is identical. also verify tha vlan 6 is allowed. When you configure your etherchannel make sure that channel-mode is set to 'ON'. also verify that etherchannel load balancing is configured for scr-dst-ip. what you described does seem like the packet is getting dropped some where.
Can you post the show running-config.
03-31-2008 07:27 AM
which config? the WLC config is attached is a few posts up...
here is what is on both switchports
interface GigabitEthernet1/21
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,6,223,240
switchport mode trunk
no ip address
channel-group 1 mode on
interface GigabitEthernet1/22
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,6,223,240
switchport mode trunk
no ip address
channel-group 1 mode on
end
03-31-2008 08:18 AM
The show config..,, if possible.
04-01-2008 10:37 AM
04-01-2008 03:07 PM
John,
You can't leave the service port as 0.0.0.0. Set it to a bogus IP... 192.168.100.254 or something that you are not using. Remive the ACL from the AP Manager interface. Still reviewing the config.
04-01-2008 09:07 PM
John,
Did you try doing a switch port on VLAN6 and see if your having the same issue ?
04-02-2008 12:10 PM
tried that, one of the laptops plugged in to the 6506 with the switchport in vlan 6 could not replicate the problem
04-02-2008 01:46 PM
John,
Setup a dhcp scope on the controller and add the DNS entry. Enable DHCP override and make sure you you enter the management ip address of the WLC there. See if this works....
You have checked the ckients machine that is has a valid dns entry?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: