Gear: WLC4402 (22.214.171.124) + AP1242AG (APs are in local mode)
Setup: We have 4 WLANs, out of which 2 are of interest for now - 'Staff' and 'Guest'. 'Staff' is used for corporate employees for theit BYOD (phones & tablets). 'Guest' as the name implies, is for guest users coming to our premises. 'Staff' is mapped with 'staff' wireless vlan while 'Guest' is mapped to management vlan. For the sake of completeness, the other 2 WLANs are used for corporate employees for connecting their domain laptops and they work fine.
'Staff' uses 802.1x (PEAP) authentication, while 'Guest' is using WebAuth.
Issue: If a corporate user connects their device to 'Staff', we observe variety of issues ranging from some Windows phones (8.1) comes up with a message 'no internet connectivity' and are unable to browse internet. The issue is also reported on iPhone 5s (iOS 7) and on some Android (4.4) tablets where the devices are able to connect but the Internet access is quite slow. If the same device(s) is/are connected to 'Guest' they work fine, i.e able to access Internet fine.
The same setup works fine at other locations.
So far, I have managed to get hold of a user with issues on his phone, from the debug client I see that the device is able to authenticate without any issue and get the correct IP address and goes to 'RUN' state, however it takes multiple attempts to load up a webpage on the device. When it is connected to 'Guest' it works like a charm (on both the occasion the device associates with the same AP and same radio, with Tx data rate of 48 Mbps. Channel utilization for this AP was 20% with 8 associations). Interestingly, the issue doesn't happen on all BYOD devices but some of them (some Windows 8.1 and Android 4.4 works fine).
I have attached the WLAN config for a review. Any pointers on how to troubleshoot the issue would be appreciated!
P.S: I accidentally deleted the discussion I created earlier for the same issue (it was unanswered though, someone did suggested code upgrade to 126.96.36.199 as a sole reply) hence re-posting it again.
Same device is working fine without encryption (Web authentication) but when using encryption after it connects (RUN) it start facing connectivity issue.
For me, it looks like wireless driver issue for these clients that is triggered by the encryption
My suggestion: Create test SSID (PSK) and play with the configurations (especially the encryption TKIP/ AES) enable and disable WMM and check with WPA1/2 ... this will lead you some where .. according to your finding you can decide if it worth changing the production SSID configurations or not.
However, as we got more and more reports by users, we traced the issue to incorrect DNS configuration for this vlan on DHCP. For some reasons it was not switching to the secondary server on some clients (primary being an incorrect DNS and unreachable) - hence it was working for some and not others! After correcting the primary server. It seems to be working fine.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...