×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Clients stuck at 8021X_REQD

Unanswered Question
Oct 7th, 2014
User Badges:

I have a CISCO 5508 WLC and 2602 WAP's. Some clients fail to connect while others connect without issue. I am broadcasting 2 SSID's a WPA2 ssid and a 802.1x ssid. The client fails on both. 

I debugged the client and i see the client is stuck in 8021X_REQD. It never progresses past that. BUT....I can physically take the WLC to the campus and put them on the same subnet as the clients and they will connect.  So I am leaning on a Routing issue, but what layer 3 issue would only effect SOME clients?

I am at a loss

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rasika Nayanajith Tue, 10/07/2014 - 11:45
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Adam,

post "show interface detail <dyn_int_name>"  & "show interface detail management" output where dyn_int_name is the interface map to this WLAN.

Also post the output of the switchport config where this WLC connected (show run interface g x/x)

 

HTH

Rasika

**** Pls rate all useful responses ****

adam.henderson Tue, 10/07/2014 - 13:42
User Badges:


(do1113cisco5508-02) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 78:da:6e:da:a0:20
IP Address....................................... 10.32.0.112
IP Netmask....................................... 255.255.252.0
IP Gateway....................................... 10.32.0.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.32.0.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled

--More-- or (q)uit

Rasika Nayanajith Tue, 10/07/2014 - 13:51
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Which interface is assign to WLAN ? If you does not have any dynamic interface  then that is the problem. You have to define a dynamic-interface on your WLC with same vlan where you want users to get IP from & then map it to your SSID.

Let me know the switchport config as well

 

HTH

Rasika

**** Pls rate all useful responses ****

adam.henderson Tue, 10/07/2014 - 14:06
User Badges:

First thanks for quick response. I was searching for the interface the WLAN assigned to and I only see my guest network. But I compare this to a controller where I am not having an issue and they are the same configs. I jumped into the web UI to make it easier to see. I am going to upload a few screenshots of what I see. 

I am working on the switchport config, our core switch on the LAN side for the controllers are HP procurve, trying to find the exact command for that 

again thanks so much for the response! 

 

Adam

 

adam.henderson Tue, 10/07/2014 - 16:53
User Badges:

I cant find a HP procurve command that will give you the same view at the cisco ios command. What are you wanting to verify maybe I can give you that information. 

 

Adam 

Rasika Nayanajith Tue, 10/07/2014 - 17:13
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Ok, it looks like you map "management interface" for the NCSB wlan. So users should get IP from 10.32.0.0 /22.

If this is not what you want, you have to crate an interface on your WLC with correct subnet/vlan details (like what you have done for guest)

Regarding HP switch, as long as it allow multiple vlans (like trunk port config) that should be fine.

Pls do not forget to rate our responses if that is useful

 

HTH

Rasika

adam.henderson Tue, 10/07/2014 - 17:56
User Badges:

Our AP's are running in flex connect mode for everything but the guest network which is centrally switched on its on vlan with CAPWAP. 

 

Here is what I see in prime when a client is trying to connect. 

 


I believe the VLAN's are set up correctly because other clients would be experiencing connection issues as well. I would think. Thats the crazy thing here, some clients work,most clients work. But 25 dell venue tablets do not ,but I can take the client to another campus and it works and I can bring the controller and put it on the same LAN and it works. 

Rasika Nayanajith Wed, 10/08/2014 - 20:14
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Ok.. Now I understand it little bit better. If it is affected selected location devices, I would check the those FlexConnect AP configuratios & switchoport configs those are connected to make sure vlan mappings are correct.

What is your RADIUS server ? Can you check logs for a working client & not working client.

Also take the "debug client <client_mac_address" output on your WLC for a working client & not-working client.

These will tell us what's the difference.

HTH

Rasika

 

adam.henderson Thu, 10/09/2014 - 12:06
User Badges:

We had this issue pop up again today at another location. I am going to post logs from a working client and a few non working 

The non working clients have different hardware. 

All the logs are for 802.1x ssids except the WPA2 specified. 

 

I never see a hit in the RADIUS server (Cisco ISE) for the non working clients 

 

adam.henderson Mon, 10/27/2014 - 18:26
User Badges:

Issue was with a QoS policy on the WAN router causing some traffic to be viewed as scavenger traffic and thus dropped 

Actions

This Discussion