Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

AIR-CAP3602 and ISE

I have AP's Profiled in ISE without problem but the AP keeps sending a DHCP release message. It only does this when ISE is applied to the interface. The interface config is at the bottom. Keep in mind despite the vlan of the switchport I have ISE pull the AP into the correct VLAN when it see's an AP. I have verified that is working as well. This is driving me insane,

switch#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------

170  WIRELESS_AP                      active    Fa0/21

 

switch#sh auth session

Interface  MAC Address     Method   Domain   Status         Session ID
Fa0/21     fc99.47c8.436e  mab      DATA     Authz Success  0AFDFAFC0000000100066AA8


switch#sh auth session int f0/21
            Interface:  FastEthernet0/21
          MAC Address:  fc99.47c8.436e
           IP Address:  10.253.250.213
            User-Name:  FC-99-47-C8-43-6E
               Status:  Authz Success
               Domain:  DATA
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-domain
     Oper control dir:  both
        Authorized By:  Authentication Server
          Vlan Policy:  170
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0AFDFAFC0000000100066AA8
      Acct Session ID:  0x00000005
               Handle:  0x08000001

Runnable methods list:
       Method   State
       mab      Authc Success
       dot1x    Not run

<Switch Log with debug ip dhcp server packet enabled>

Aug  4 15:28:38 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug  4 15:28:38 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug  4 15:28:38 EST: DHCPD: client's VPN is .
Aug  4 15:28:38 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug  4 15:28:39 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug  4 15:28:39 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug  4 15:28:39 EST: DHCPD: client's VPN is .
Aug  4 15:28:39 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug  4 15:28:39 EST: DHCPD: Finding a relay for client 01fc.9947.c843.6e on interface Vlan170.
Aug  4 15:28:39 EST: DHCPD: Looking up binding using address 10.253.250.209
Aug  4 15:28:39 EST: DHCPD: setting giaddr to 10.253.250.209.
Aug  4 15:28:39 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug  4 15:28:39 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug  4 15:28:41 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug  4 15:28:41 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug  4 15:28:41 EST: DHCPD: client's VPN is .
Aug  4 15:28:41 EST: DHCPD: DHCPRELEASE message received from client 01fc.9947.c843.6e (10.253.250.221).
Aug  4 15:28:41 EST: DHCPD: Finding a relay for client 01fc.9947.c843.6e on interface Vlan170.
Aug  4 15:28:41 EST: DHCPD: Looking up binding using address 10.253.250.209
Aug  4 15:28:41 EST: DHCPD: setting giaddr to 10.253.250.209.
Aug  4 15:28:41 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>
Aug  4 15:28:41 EST: DHCPD: BOOTREQUEST from 01fc.9947.c843.6e forwarded to <ISE-NODE>.
Aug  4 15:28:43 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug  4 15:28:43 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug  4 15:28:43 EST: DHCPD: client's VPN is .
Aug  4 15:28:43 EST: DHCPD: using received relay info.
Aug  4 15:28:43 EST: DHCPD: DHCPDISCOVER received from client 01fc.9947.c843.6e on interface Vlan170.
Aug  4 15:28:43 EST: DHCPD: using received relay info.
Aug  4 15:28:45 EST: DHCPD: Sending DHCPOFFER to client 01fc.9947.c843.6e (10.253.250.222).
Aug  4 15:28:45 EST: DHCPD: no option 125
Aug  4 15:28:45 EST: DHCPD: broadcasting BOOTREPLY to client fc99.47c8.436e.
Aug  4 15:28:45 EST: DHCPD: Reload workspace interface Vlan170 tableid 0.
Aug  4 15:28:45 EST: DHCPD: tableid for 10.253.250.209 on Vlan170 is 0
Aug  4 15:28:45 EST: DHCPD: client's VPN is .
Aug  4 15:28:45 EST: DHCPD: DHCPREQUEST received from client 01fc.9947.c843.6e.
Aug  4 15:28:45 EST: DHCPD: Sending DHCPACK to client 01fc.9947.c843.6e (10.253.250.222).
Aug  4 15:28:45 EST: DHCPD: no option 125
Aug  4 15:28:45 EST: DHCPD: broadcasting BOOTREPLY to client fc99.47c8.436e.
Aug  4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.221| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-RELEASE
Aug  4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.221| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-WAIT
Aug  4 15:28:45 EST: %EPM-6-IPEVENT: IP 10.253.250.222| MAC fc99.47c8.436e| AuditSessionID 0AFDFAFC0000000100066AA8| AUTHTYPE DOT1X| EVENT IP-ASSIGNMENT

interface FastEthernet0/21
 description 000_ACCESS_PORTS
 switchport access vlan 4
 switchport mode access
 switchport voice vlan 2
 ip access-group PREAUTH-ACL in
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 authentication event fail action next-method
 authentication event server dead action authorize vlan 4
 authentication event server alive action reinitialize
 authentication host-mode multi-domain
 authentication open
 authentication order mab dot1x
 authentication priority mab dot1x
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 mls qos trust device cisco-phone
 mls qos trust cos
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 auto qos voip cisco-phone
 dot1x pae authenticator
 macro description cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end

 

 

70
Views
0
Helpful
0
Replies
CreatePlease to create content