Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Clients stuck at 8021X_REQD

I have a CISCO 5508 WLC and 2602 WAP's. Some clients fail to connect while others connect without issue. I am broadcasting 2 SSID's a WPA2 ssid and a 802.1x ssid. The client fails on both. 

I debugged the client and i see the client is stuck in 8021X_REQD. It never progresses past that. BUT....I can physically take the WLC to the campus and put them on the same subnet as the clients and they will connect.  So I am leaning on a Routing issue, but what layer 3 issue would only effect SOME clients?

I am at a loss

10 REPLIES
VIP Purple

Hi Adam,post "show interface

Hi Adam,

post "show interface detail <dyn_int_name>"  & "show interface detail management" output where dyn_int_name is the interface map to this WLAN.

Also post the output of the switchport config where this WLC connected (show run interface g x/x)

 

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

(do1113cisco5508-02) >show


(do1113cisco5508-02) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 78:da:6e:da:a0:20
IP Address....................................... 10.32.0.112
IP Netmask....................................... 255.255.252.0
IP Gateway....................................... 10.32.0.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.32.0.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
IPv4 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled

--More-- or (q)uit

VIP Purple

Which interface is assign to

Which interface is assign to WLAN ? If you does not have any dynamic interface  then that is the problem. You have to define a dynamic-interface on your WLC with same vlan where you want users to get IP from & then map it to your SSID.

Let me know the switchport config as well

 

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

First thanks for quick

First thanks for quick response. I was searching for the interface the WLAN assigned to and I only see my guest network. But I compare this to a controller where I am not having an issue and they are the same configs. I jumped into the web UI to make it easier to see. I am going to upload a few screenshots of what I see. 

I am working on the switchport config, our core switch on the LAN side for the controllers are HP procurve, trying to find the exact command for that 

again thanks so much for the response! 

 

Adam

 

Community Member

I cant find a HP procurve

I cant find a HP procurve command that will give you the same view at the cisco ios command. What are you wanting to verify maybe I can give you that information. 

 

Adam 

VIP Purple

Ok, it looks like you map

Ok, it looks like you map "management interface" for the NCSB wlan. So users should get IP from 10.32.0.0 /22.

If this is not what you want, you have to crate an interface on your WLC with correct subnet/vlan details (like what you have done for guest)

Regarding HP switch, as long as it allow multiple vlans (like trunk port config) that should be fine.

Pls do not forget to rate our responses if that is useful

 

HTH

Rasika

Community Member

Our AP's are running in flex

Our AP's are running in flex connect mode for everything but the guest network which is centrally switched on its on vlan with CAPWAP. 

 

Here is what I see in prime when a client is trying to connect. 

 

I believe the VLAN's are set up correctly because other clients would be experiencing connection issues as well. I would think. Thats the crazy thing here, some clients work,most clients work. But 25 dell venue tablets do not ,but I can take the client to another campus and it works and I can bring the controller and put it on the same LAN and it works. 

VIP Purple

Ok.. Now I understand it

Ok.. Now I understand it little bit better. If it is affected selected location devices, I would check the those FlexConnect AP configuratios & switchoport configs those are connected to make sure vlan mappings are correct.

What is your RADIUS server ? Can you check logs for a working client & not working client.

Also take the "debug client <client_mac_address" output on your WLC for a working client & not-working client.

These will tell us what's the difference.

HTH

Rasika

 

Community Member

We had this issue pop up

We had this issue pop up again today at another location. I am going to post logs from a working client and a few non working 

The non working clients have different hardware. 

All the logs are for 802.1x ssids except the WPA2 specified. 

 

I never see a hit in the RADIUS server (Cisco ISE) for the non working clients 

 

Community Member

Issue was with a QoS policy

Issue was with a QoS policy on the WAN router causing some traffic to be viewed as scavenger traffic and thus dropped 

473
Views
0
Helpful
10
Replies
CreatePlease to create content