09-20-2010 11:59 PM - edited 07-03-2021 07:11 PM
Hi
I have two controllers running code 6.0.182 and one guest controller with same version.
I can see the tunnel UP(Both control and data path) in both controller.
Guest users are authenticated by web authentication.Suddenly guest users become too slow to access internet.Web authentication is successfull.But its too slow to access internet.Did anyone face the same issue.Pls reply me at the earliest.
Regards
Danish Ahammed
10-07-2010 09:22 AM
Hi,
if the web authentication was successful, then the clients are in "RUN" state and treated like any other clients. If there is a delay, it might be happening between your 2 WLCs. I would analyze with sniffer traces to see really what is slowing down the traffic
Regards,
Nicolas
10-09-2010 02:57 PM
I need your advice , i have the same issue ,I can see GUEST connection status on IPad, but i can not brows/ access a web page .
Any Help pls?
Here is my Config;
no dot11 igmp snooping-helper
dot11 syslog
!
dot11 ssid OFFICE
vlan 1
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
accounting acct_methods
!
dot11 ssid GUEST
vlan 40
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXX
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption mode ciphers tkip
!
encryption vlan 40 mode ciphers tkip
!
broadcast-key vlan 1 change 3600 membership-termination capability-change
!
broadcast-key change 3600
!
broadcast-key vlan 40 change 3600
!
!
ssid OFFICE
!
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.40
description GUEST
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
hold-queue 160 in
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.40
description GUEST
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
no bridge-group 40 source-learning
bridge-group 40 spanning-disabled
!
interface BVI1
description GUEST
ip address 10.10.X.X 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.X.X
no ip http server
ip http authentication aaa
ip http secure-server
10-10-2010 12:14 AM
I cannot see the guest ssid inside dot11radio 0
Try to add it.
Regards
Danish
10-11-2010 02:22 PM
Thanks
With enabled GUEST ssid , it is still the same issue.
10-10-2010 10:46 PM
Adewalexdavid => Well It's not the same issue as you seem to be under IOS while the original question was for controller environment :-)
The only thing wrong with your configuration is that you're not enabling the GUEST ssid on your AP at all. Under the "dot11radio0" interface you only have the command "ssid OFFICE" and no "ssid GUEST", so for sure your AP is not serving the GUEST ssid.
If your ipad shows "guest", maybe the ipad is configured to create the GUEST ssid as ad-hoc connection ?
can laptops connect to the guest ssid ? Is anyone receiving an ip address ?
10-10-2010 12:10 AM
thanks for your reply
It was a issue with the policy setting on firewall.Now its working.
Regards
Danish Ahammad
10-11-2010 05:18 AM
Thanks,SSID was added , but i can not login with password.Regards,
10-11-2010 06:11 AM
Not sure what I can reply to this :-)
any message on AP console ?
what does a "show dot11 assoc all" says ?
10-11-2010 01:50 PM
Thanks,
But i am still having the same problem ,after enabling the GUEST SSID , My IPAD cannot obtian IP address.
Could it be on RADIUS server ?
10-11-2010 10:57 PM
No radius involved since your guest SSID is using a wpa pre-shared key.
Can you try with something else than an ipad ?
do you see your client when doing a "show dot11 assoc" on the AP ?
Do you have a dhcp pool configured on the switch for vlan 40 ?
Nicolas.
10-12-2010 11:34 PM
Thanks Nicolas,
I have no Int Vlan 40 on the switch. I will configure that and get back to you ASAP.
Would i need to change the IP on BVI1 and also what about Default Gateway on Access Point, and on Switch?
My config on Switch
interface VLAN1
ip address 10.10.10.22 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.10.1
My config on Access Point
interface BVI1
description GUEST
ip address 10.10.10.9 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.1
Regards
Dak
10-12-2010 11:39 PM
You need an interface vlan40 on a switch that will act as gateway for the clients.
The BVI1 is just to telnet the AP and manage it, so it's fine as it is. The only "strange" part is that your management of the AP is in the guest vlan. So once you have everything working, you might think about having the bridge group 1 and BVI1 on AP that are not for guest access. But no showstopper there.
10-13-2010 12:10 AM
Thanks Nicolas,
so I need to configure this on SWITCH
interface Vlan40
description guest
ip address 10.10.10.X 255.255.255.0
ip access-group GUEST_ACC in
ip helper-address 10.X.X.X
ip helper-address 10.X.X.X
no ip redirects
Will i need to configure default gateway for Vlan 40, with the above config is on my switch and without changing anything on AP ,everything should be fine?
Dak
10-13-2010 12:14 AM
Wow, lots of confusion.
With the current config you showed, you are putting the vlan 40 interface in the same subnet as your vlan 1. This is not good.
There is only 1 default gateway per device. So AP has its default gateway in vlan 1, fine. And your switch already had a defautl gateway, so fine as well.
Simply what is needed is : AP configured with 2 vlans (1 and 40), simply bridging them. One switch somewhere having a vlan interface for both vlan 1 and 40 and a dhcp pool for each subnet.
Regards,
Nicolas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: