cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1633
Views
19
Helpful
5
Replies

Can't get Guest clients to associate

scottwilliamson
Level 2
Level 2

Hi All,

This seems to have happened after upgrading to v7: I've a test guest SSID that my test client PC cannot connect to as it seems to immediately try to associate with the corporate secure SSID. The foreign controller debug showed a line that said something to the effect of "deleting client as SSID has changed" (I was not able to capture this unfortunately and I have not spotted it again), and it then goes on to produce debug outputs as it tries to connect to the corporte SSID. The anchor controller for the guest SSID does not seem to have the traffic passed to it.

Any suggestions?

Many Thanks

Scott

5 Replies 5

Andrew Betz
Cisco Employee
Cisco Employee

Hi Scott,

Would you mind capturing the following from both the foreign, and anchor WLCs:

debug client

Is the anchor WLC acting as the DHCP server?  If so, you may be hitting the following:

CSCth68708    Clients are unableto get a DHCP offer from WLC internal DHCP scope

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCth68708

The debug client output will allow you to see if the client is obtaining an IP address as expected, and whether or not the Guest traffic is being tunneled properly to the anchor. If you're finding that the test client continually connects to your corporate WLAN, I would recommend removing all profiles but the Guest WLAN to ensure you're not fighting a supplicant issue.

Cheers,

Drew

Hi Andrew,

I've attached the debug output from the Foreign WLC, I cannot get any output from the Anchor as the traffic isn't getting passed on. Other SSIDs from the same Foreign using the same Anchor work ok, so I'm starting to suspect that something has gone awry with the config of the SSID on the Foreign WLC, but I cannot see anything wrong; would you recommend deleting it and starting again?

Many Thanks,

Scott

Hi Scott,

Thanks for attaching the debug.  So, it looks like this client is connecting to your corporate network (since we see a lot of EAP exchanges).  Can I have you test with another client that is not configured for the corporate WLAN?  Please be sure to run the debugs on both the anchor and foreign WLCs simutaniously.  It is also important to note that the configuration for the anchored WLAN must be identical on both.  If there is a slight difference, anchoring will fail.

Thanks again,

Drew

Hi Andrew,

Another client worked with no issues. Turns out it was the first client that was at fault, it needed a patch to allow it to connect using WPA2. Apparently it's only required if SP3 (XP) has not been installed:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=662bb74d-e7c1-48d6-95ee-1459234f4483

Thanks for your help

Scott

Scott,

Glad to hear you were able to locate that Windows XP SP2 patch for PEAP.

Take Care,

Drew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: