Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Anchor config with 802.1x

I have working guest configuration using an anchor config.  I'm trying to do it with a second SSID but the difference is that the second SSID is supposed to use 802.1x.

 

Now I do see the client associate with the remote site controller using this second SSID, but I don't see anything on the anchor controller.  And because of that I don't see that client getting an IP address either.  I have the same exact SSID on the anchor controller as well and users are working fine connecting to it in the corporate office.

10 REPLIES

When you try to anchor a 802

When you try to anchor a 802.1x WLAN the authentication happens from the foreign controller not the anchor.

So make sure that WLC is able to do the authentication.

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Hi Steve thank you for the

Hi Steve thank you for the reply, so it looks like it is passing that authentication and associating with the SSID on the foreign controller.  But it is not getting the IP.  When I go look for this client on the Anchor (Main) controller I don't see it there.  So almost seems like for some reason it is not tunneling this SSID traffic back.  I do see the tunnel up/up on both ends though.

 

 

VIP Purple

Did you enable "Mobility

Did you enable "Mobility Anchor" on this SSID ?

Also if you take "debug client <MAC_ADD>" output on both WLC, then it will tells us what's happening. Attach that output in next response 

 

HTH

Rasika

**** Pls rate all useful responses ****

Yes I did and its up/up. 

Yes I did and its up/up.  Same anchor is setup for another SSID but it uses webauth and that is working fine.

I will attach the logs in a few min.

It doesn't appear that the

It doesn't appear that the handoff to the anchor happens, there are a ton of messages about DHCP being dropped due to ongoing mobility handshake:

DHCP Socket Task: Oct 01 15:21:20.141: 3c:ab:8e:67:9f:28 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0,  mobility state = 'apfMsMmAnchorExportRequested'

and then the user gets dropped onto the management interface, which I assume is the interface in the WLAN config:

*apfMsConnTask_0: Oct 01 15:16:00.182: 3c:ab:8e:67:9f:28 Applying Local Bridging Interface Policy for station 3c:ab:8e:67:9f:28 - vlan 0, interface id 0, interface 'management'

 

First, I wouldn't leave an anchored WLAN linked to management, I like to create a dummy interface.

Second, can you post the WLAN configs?

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

I'll work on the WLAN configs

I'll work on the WLAN configs and post in a few.

Yeah I'm not sure why the handoff is not happening it can't be because I have two SSID's on the same mobility anchor because that is supposed to work.

And on the interface yeah that is how they have been doing it over here I'll have to see if I can change the way everyone has been doing it.  We actually use the management interface IP at times to setup some QoS policies so these clients don't start using to much bandwidth.  I'll have to see how it will work with the dummy interface.

Eh you would not believe what

Eh you would not believe what it was lol.  *** smacking my head ***

Anchor controller had Radio Policy set as "All" and the foreign controller had Radio Policy set as "b/g"

 

 

eh, happens to all of us

eh, happens to all of us

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Here are the attachments

Here are the attachments

Here is a screen shot.

Here is a screen shot.

257
Views
10
Helpful
10
Replies
CreatePlease to create content