cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1123
Views
10
Helpful
18
Replies

Clients cannot join domain or ping servers - WLC 4402

jburk
Level 1
Level 1

We have a 4402 controller managing 27 ap's. When we connect new laptops to the WLAN, we cannot join the domain but can get on the internet, so it doesn't look like a DNS issue. If we plug the laptop into a network drop, it can join the domain fine.

Also, since moving to LWAPP and implementing the controller, existing clients are having trouble pulling roaming profiles, printing to network printers, and accessing network apps on servers (some on the same subnet).

Has anybody seen problems like this?

18 Replies 18

Scott Fella
Hall of Fame
Hall of Fame

Might want to post some of your configurations so we can take a look at it.

-Scott
*** Please rate helpful posts ***

Here is the controller config and the switchport config

Scott Fella
Hall of Fame
Hall of Fame

Remove your ACL and see if that solves the issue.

-Scott
*** Please rate helpful posts ***

done, didn't resolve it though

Okay... If you want users to boot up and be able to join the domain, you will need to use a 3rd party utility or Vista which allows for netwrok connection prior to performing a login. What might be happening.... might be wrong, is that you boot up a laptop and the user logins into the laptop... however, the user never does login until the desktop and the windows zero configuration services start. So if you have any login scripts, it will fail. IBM has the Thinkvantage Access Connections, Intel has the Intel PRO utility and there are others you can purchase if you want.

Is this what is happening?

-Scott
*** Please rate helpful posts ***

well, I have had them try waiting a few minutes after the windows login screen comes up, dont know if the WZero service starts before or after login.

Addl. info: this is only happening when the WLAN is set to vlan 6, if I set the WLAN to use vlan 1, the problems go away, they obtain IP's on vlan 1 and have no connectivity issues that I can see. I have the port-channel int trunked to the WLC and management/ap-manager ints are untagged, a dynamic interface is set up for vlan 6 and vlan 6 is allowed on the trunk, also the trunk is set to dot1q. When I set it to vlan 6, the clients obtain ip's on that subnet.

the wlc is in lag mode, but we also tried it on a single interface trunked.

The switch is a 6506-E (Sup-720), the WLC was connected to a WS-X6148-GE-TX with a GLC-T, but is now on a fiber blade using 2 GLC-SX-MM

it seems to be a vlan tagging problem of some sort, but I cant be sure. Sometimes when I ping a resource I get one ICMP reply, then the rest time out - sometimes it doesnt work at all but other network resources, particularly those with interfaces on other vlans, are reachable just fine.

verify the configuration on the switch ports in the etherchannel is identical. also verify tha vlan 6 is allowed. When you configure your etherchannel make sure that channel-mode is set to 'ON'. also verify that etherchannel load balancing is configured for scr-dst-ip. what you described does seem like the packet is getting dropped some where.

Can you post the show running-config.

-Scott
*** Please rate helpful posts ***

which config? the WLC config is attached is a few posts up...

here is what is on both switchports

interface GigabitEthernet1/21

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on

interface GigabitEthernet1/22

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,6,223,240

switchport mode trunk

no ip address

channel-group 1 mode on

end

The show config..,, if possible.

-Scott
*** Please rate helpful posts ***

here it is

John,

You can't leave the service port as 0.0.0.0. Set it to a bogus IP... 192.168.100.254 or something that you are not using. Remive the ACL from the AP Manager interface. Still reviewing the config.

-Scott
*** Please rate helpful posts ***

John,

Did you try doing a switch port on VLAN6 and see if your having the same issue ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

tried that, one of the laptops plugged in to the 6506 with the switchport in vlan 6 could not replicate the problem

John,

Setup a dhcp scope on the controller and add the DNS entry. Enable DHCP override and make sure you you enter the management ip address of the WLC there. See if this works....

You have checked the ckients machine that is has a valid dns entry?

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: