09-22-2009 11:45 PM - edited 07-03-2021 06:04 PM
Running Symbol Barcode scanners on a WLC4402 + 1131's running 4.2.207.0. The WLAN is currently open for testing purposes. The guns associate and are placed in a run state on the WLC and sees that the station has an IP address, however you cannot ping the device from the WLC and vice versa. Can associate a laptop to same network and are provided with correct network connectivity.
The troublesome guns have a static IP, don't seem to support DHCP. They support no form of 802.11 security. WLAN card is Cisco Aironet at b only. The guns are about 9 years old.
There are two WLANs with different guns running on each due to different security capabilities. The second WLAN and different guns experience no problems.
Tried various bits and pieces with no luck so far. Main points:
- If you place an IOS AP in the same network the guns associate and can ping (This is the frustrating point)
- Have implimented MAC filtering with mapped IP address of the gun and AAA override, no joy.
- Tried various code versions, no joy.
- Disabled all other WLANs, adjusting DTIM's, data rates, disabled short preamble, placed everything in one vlan, broadcast SSID, disabled/enabled Aironet extensions, altered fragmentation thresholds...nothing.
- Did a packet capture, the only data seen from the gun is an arp request to the gateway, there is an arp response from the gateway. This will repeat several times with no other data, looking at the gateway's mac table the device is present but still no IP connectivity.
The client never gets disassociated, de-authed or excluded.
All ideas welcome as I cannot think of anything else to try...
Debug below.
09-22-2009 11:45 PM
Client debug/PEM events debug gives only the below output:
(WLC_02) >Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfMsExpireCallback (apf_ms.c:433) Expiring Mobile!
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Sent Deauthenticate to mobile on BSSID 00:25:84:37:7e:80 slot 0(caller apf_ms.c:4299)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfMsExpireMobileStation (apf_ms.c:4335) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Disassociated to Idle
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Reassociation received from mobile on AP 00:25:84:37:7e:80
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 STA - rates (4): 2 4 11 22 0 0 0 0 0 0 0 0 0 0 0 0
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Applying cached RADIUS Override values for mobile 00:40:96:5d:ed:54 (caller pem_api.c:1557)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1106)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Applied RADIUS override policy
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 00:25:84:37:7e:80, slot 0, interface = 1, QOS = 0
ACL Id = 255, Jumbo Frames = NO, 802.1P = 0, DSCP = 0, TokenID = 5006
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Plumbed mobile LWAPP rule on AP 00:25:84:37:7e:80
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Change state to RUN (20) last state RUN (20)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfPemAddUser2 (apf_policy.c:212) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Idle to Associated
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Scheduling deletion of Mobile Station: (callerId: 49) in 3600 seconds
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Sending Assoc Response to station on BSSID 00:25:84:37:7e:80 (status 0)
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfProcessAssocReq (apf_80211.c:3888) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Associated to Associated
Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 Added NPU entry of type 1
09-23-2009 03:19 PM
If you go Clients, what does it say under "Auth"? If it's "No", then click on the client mac address and under Client Properties what is the result of the "Policy Manager State"?
09-25-2009 04:58 AM
Clients are auth and RUN so as far as the WLC is concerned, it would appear it is happy for the client to pass traffic but it doesn't. It's driving me insane!
09-25-2009 06:22 PM
"RUN" means it should all be good.
09-28-2009 02:00 AM
I know, this is what is driving me insane. If you try to ping that client from the WLC it fails. As soon as you swap the WLC for a Fat AP with basic config it just works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide