Wireless clients fail to obtain DHCP address when restarted

Unanswered Question
Aug 19th, 2009
User Badges:

We have an issue at one of our remote sites where our client PC's can't get a connection for a delayed period of time, after a restart, or if they shutdown and boot up within 5 minutes. For some reason it takes about 3-4 minutes to get a successful session running over the wireless network. If they start up fresh of a morning, or if they shutdown and leave it for a period of time over about 5 minutes, they log in fine straight away. Our client PC's are set to boot up and log onto our domain with a set account depending on the Asset, with no user interaction. So the problem arises that when they restart one of the PC's for whatever reason, it tries to log onto the domain, but it doesn't yet have a connection (DHCP Address) so it ends up logging onto the domain with cached credentials. They don't run the normal security checks, then it sits at the desktop trying to acquire a network address and the applications the users need to access aren't available, for that 3-4 minute period.



A bit of background on our setup for this site follows:


Local Site controller is a Cisco 4402 running SV: 5.2.178.0


We're using MAC Filtering, registering against an ACS running 4.2.0.124 (patch 4.2.0.124.7)


The clients have a certificate loaded to check against ACS


The computer is checked against AD


The logon credentials are also checked with AD via the ACS


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
astanislaus Wed, 08/19/2009 - 20:52
User Badges:

Network Manager at this site has been going over the reports in the ACS and has documented the passed authentication and accounting details of an example of it working fine at first login, and an example of what happens when a device is restarted.


See attached file.


The working login, you'll see the MAC pass, then the PC pass, then the login pass and accounting is started. When it fails, it appears the MAC is passed, but it doesn't go to the next stage, it continues to check the MAC three times, then waits around 2 minutes before it tries again. During that time, the accounting stops. Then it registers the AD logon as the device at that stage is logged on with the cached credentials



astanislaus Wed, 08/19/2009 - 20:55
User Badges:

The fact that the PC's log in fine initially, shows that the MAC Address are correctly entered into the ACS, that the certificate is all good, the computer is registered in AD, the username logon credentials are fine, so not sure what else that leaves?


We are not sure if it's just a timer set somewhere or what the problem is.


Customer has another site with the same model and firmware on a controller and it works fine, but it doesn't have MAC Filtering turned on.




George Stefanick Thu, 08/20/2009 - 04:56
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

If your issue is dhcp and your thinking it is tied to wireless in some way...


extend the wireless vlan to a switch port and plug a pc into the wired switch port and monitor your dhcp activity.

Actions

This Discussion