Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
5
Replies

Associated but no network connectivity

mat.edwards
Level 1
Level 1

‎09-22-2009 11:45 PM - edited ‎07-03-2021 06:04 PM

Running Symbol Barcode scanners on a WLC4402 + 1131's running 4.2.207.0. The WLAN is currently open for testing purposes. The guns associate and are placed in a run state on the WLC and sees that the station has an IP address, however you cannot ping the device from the WLC and vice versa. Can associate a laptop to same network and are provided with correct network connectivity.

The troublesome guns have a static IP, don't seem to support DHCP. They support no form of 802.11 security. WLAN card is Cisco Aironet at b only. The guns are about 9 years old.

There are two WLANs with different guns running on each due to different security capabilities. The second WLAN and different guns experience no problems.

Tried various bits and pieces with no luck so far. Main points:

- If you place an IOS AP in the same network the guns associate and can ping (This is the frustrating point)

- Have implimented MAC filtering with mapped IP address of the gun and AAA override, no joy.

- Tried various code versions, no joy.

- Disabled all other WLANs, adjusting DTIM's, data rates, disabled short preamble, placed everything in one vlan, broadcast SSID, disabled/enabled Aironet extensions, altered fragmentation thresholds...nothing.

- Did a packet capture, the only data seen from the gun is an arp request to the gateway, there is an arp response from the gateway. This will repeat several times with no other data, looking at the gateway's mac table the device is present but still no IP connectivity.

The client never gets disassociated, de-authed or excluded.

All ideas welcome as I cannot think of anything else to try...

Debug below.

Labels:
0 Helpful
5 Replies 5

mat.edwards
Level 1
Level 1

‎09-22-2009 11:45 PM

Client debug/PEM events debug gives only the below output:

(WLC_02) >Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfMsExpireCallback (apf_ms.c:433) Expiring Mobile!

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Sent Deauthenticate to mobile on BSSID 00:25:84:37:7e:80 slot 0(caller apf_ms.c:4299)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfMsExpireMobileStation (apf_ms.c:4335) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Disassociated to Idle

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Reassociation received from mobile on AP 00:25:84:37:7e:80

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 STA - rates (4): 2 4 11 22 0 0 0 0 0 0 0 0 0 0 0 0

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Applying cached RADIUS Override values for mobile 00:40:96:5d:ed:54 (caller pem_api.c:1557)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1106)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Applied RADIUS override policy

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Replacing Fast Path rule

type = Airespace AP Client

on AP 00:25:84:37:7e:80, slot 0, interface = 1, QOS = 0

ACL Id = 255, Jumbo Frames = NO, 802.1P = 0, DSCP = 0, TokenID = 5006

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Successfully plumbed mobile rule (ACL ID 255)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Plumbed mobile LWAPP rule on AP 00:25:84:37:7e:80

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 RUN (20) Change state to RUN (20) last state RUN (20)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfPemAddUser2 (apf_policy.c:212) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Idle to Associated

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Scheduling deletion of Mobile Station: (callerId: 49) in 3600 seconds

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 Sending Assoc Response to station on BSSID 00:25:84:37:7e:80 (status 0)

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 apfProcessAssocReq (apf_80211.c:3888) Changing state for mobile 00:40:96:5d:ed:54 on AP 00:25:84:37:7e:80 from Associated to Associated

Mon Sep 21 14:08:27 2009: 00:40:96:5d:ed:54 10.14.131.32 Added NPU entry of type 1

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-23-2009 03:19 PM

If you go Clients, what does it say under "Auth"? If it's "No", then click on the client mac address and under Client Properties what is the result of the "Policy Manager State"?

0 Helpful

mat.edwards
Level 1
Level 1
In response to Leo Laohoo

‎09-25-2009 04:58 AM

Clients are auth and RUN so as far as the WLC is concerned, it would appear it is happy for the client to pass traffic but it doesn't. It's driving me insane!

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-25-2009 06:22 PM

"RUN" means it should all be good.

0 Helpful

mat.edwards
Level 1
Level 1
In response to Leo Laohoo

‎09-28-2009 02:00 AM

I know, this is what is driving me insane. If you try to ping that client from the WLC it fails. As soon as you swap the WLC for a Fat AP with basic config it just works.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card