×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WLC 5508 centrally switched client errors

Unanswered Question
Aug 17th, 2012
User Badges:

Hello,


I am having trouble with a newly configured install.  Basically it seems that my centrally switched guest SSID is not functioning.  As you change AP groups, which should change the interface associated with the SSID and also the dhcp client address, the client is retaining the original dhcp address from whichever AP group they first associated with. 


I also have a locally switch WPA2 SSID at each location which is working fine.  Clients are able to change dhcp address correctly as they move between AP groups.  It just doesn't seem to be working on the guest network, which is odd because it was working earlier in the install.  It has only started having issues yesteday afternoon. 


It does not always coincide with the guest errors but I am generating these logging errors:

*DHCP Socket Task: Aug 17 15:09:23.526: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'may89-guest_vb_122'. Marking interface dirty.



The interface above is assigned to the guest SSID in one of the AP group.  I assume this has something to do with it but I've been over my DHCP assignments on the core switch, local switch, controller, and dhcp server and can find no issue with the configuration.....Also the fact that it was working earlier this week.



I also seem to be generating a high amount of:


*dot1xMsgTask: Aug 17 14:46:22.844: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx


I am not sure why as I am not using DOT1X at all.  The guest is a pass-thru and the WPA2 network is just WPA + WPA2 with TKIP and AES.  No DOT1X anywhere on the controller...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 08/17/2012 - 14:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

When centrally switched and the client is in the run state, the client will keeps its original ip address. This is the feature of roaming. Even when a device roams from APs in different ap groups. Locally switched, it's different, the client will have to request a new dhcp address if the ap is in a different ap group and if the clan mapping for that WLAN is different.


Sent from Cisco Technical Support iPhone App

ckendzora Fri, 08/17/2012 - 14:48
User Badges:

Ok.  That makes sense.  Could I just create a single guest vlan at the core and then have the guest network at all AP groups place their clients there?  That way I would be generating Ip addresses in teh same scope.  I think the reason I cannot get out currently is because I do not have those core vlans configured at my remote locations?  Does that make sense.


So I could just create a vlan 100 - 10.100.0.1/22 on the core with helper address and dhcp scope that match.  Then each of my remote sites will just need to have a layer 2 vlan 100 interface tagged in order to pass that traffic?


I am just confused because the guest network was working earlier in the week without having to configure the centrally switch vlans at the remote sites.

ckendzora Fri, 08/17/2012 - 15:03
User Badges:

I think I might know what to do.  Could I just create an interface group for each controller and place all of my individual guest interfaces within that group.  Then I could just assign that interface group to each of my AP groups so every AP group would have access to all of the guest interfaces on the controller.  I think the reason it is not currently working is because the AP group at my location is set to a specific interface and the ip addresses when I roam are from different interfaces not set for the AP group.  I am basically being blocked by the AP group/guest interface because my ip address belongs to the wrong interface. 


I think an interface group would solve that problem.  The only other issue would what if I roam to an AP group on the other controller.  Could I just set up a mobility group and place both controllers in that group?  If they both have the UP status in the same mobility group would that allow inter-controller roaming?

Scott Fella Fri, 08/17/2012 - 16:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I usually would centrally switch guest and either use vlan select (interface group) or create a large subnet just for guest. I only locally switch secure internal traffic.


Sent from Cisco Technical Support iPhone App

Scott Fella Fri, 08/17/2012 - 16:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

That is the reason it might not be working for guest. The wlc need to have an interface on each subnet or else its inter subnet roaming.


http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/gu...


Sent from Cisco Technical Support iPhone App

Actions

This Discussion

Related Content