Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Users unable to access the internet sites

Hi Everyone,

We have users who are able to get the IP address but unable to access any internet sites.

I check the trap logs on the WLC

RADIUS server 192.168.50.1:1812 failed to respond to request (ID 16) for client 88:53:2e:99:24:b5 / user 'unknown'

RADIUS server 192.168.50.1:1812 activated on WLAN 1

RADIUS server 192.168.60.1:1812 deactivated on WLAN 1

RADIUS server 192.168.60.1:1812 failed to respond to request (ID 200) for client 88:53:2e:99:24:b5 / user 'unknown'

RADIUS server 192.168.60.1:1812 activated on WLAN 1

RADIUS server 192.168.50.1:1812 deactivated on WLAN 1

RADIUS server 192.168.50.1:1812 failed to respond to request (ID 15) for client 88:53:2e:99:24:b5 / user 'unknown'

RADIUS server 192.168.50.1:1812 activated on WLAN 1
RADIUS server 192.168.50.1:1812 failed to respond to request (ID 16) for client 88:53:2e:99:24:b5 / user 'unknown'
RADIUS server 192.168.50.1:1812 activated on WLAN 1
RADIUS server 192.168.60.1:1812 deactivated on WLAN 1
RADIUS server 192.168.60.1:1812 failed to respond to request (ID 200) for client 88:53:2e:99:24:b5 / user 'unknown'
RADIUS server 192.168.60.1:1812 activated on WLAN 1
RADIUS server 192.168.50.1:1812 deactivated on WLAN 1
RADIUS server 192.168.50.1:1812 failed to respond to request (ID 15) for client 88:53:2e:99:24:b5 / user 'unknown'
RADIUS server 192.168.50.1:1812 activated on WLAN 1

Need to know  how can i troubleshoot this further?

Regards

Mahesh

6 ACCEPTED SOLUTIONS

Accepted Solutions

Users unable to access the internet sites

Looks like your WLC and radius server arent connecting ..

Check the radius server and see if the WLC is set up correctly. Make sure the secret is correct.Also check the logs and post if there are any ...

On the WLC do a debug aaa events enable connect a client and post the output

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: Users unable to access the internet sites

If you are doing 802.1x authentication, your clients should not get an IP address unless they authenticate successfully. I would test with an open ssid and make sure they get a valid IP address and that they can ping local resources on the same layer 2 subnet and also be able to ping the gateway and then be able to ping an Internet site like yahoo. See where it fails as if you created a new subnet, you need to make sure that you also have added the subnet to the NAT.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Users unable to access the internet sites

Can they get to internal resources?  Is this a new WLAN and subnet that was created?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
VIP Purple

Re: Users unable to access the internet sites

I would do the troubleshooting in  following sequence.

1. Put a wired PC on to the vlan allocated for WLAN1

2. Check whether wired PC gets an IP & can browse internet

3. If that works, then we know no issue of DHCP & not issue with L3/NAT routing to access internet

4. If step2, does not work then your issue is not within wireless, you have to change the focus of your troubleshoot.

5. If step2 works, then test a wireless client with OPEN Authentication (No ACS involvment).If this does not work,then it means wireless client does not get proper IP connectivity. Check dynamic interface configuration for this WLAN & make sure gateway addresses correctly configured. Also VLANs are trunk across to WLC from switch.

6. If step5 works, then try your client with ACS & see the client get successfully authenticated. If not it may be WLC to ACS issue. Troubleshoot that in that case.

Do some troubleshooting like this & let us know the outcome. I am sure you will abe to find out the issue easily in this way.

HTH

Rasika

Re: Users unable to access the internet sites

LOL ... this poor guy getting all this advice..

While I think mine is the most sound .. Obvious radius issues are shown  #just saying

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
VIP Purple

Re: Users unable to access the internet sites

George,

ha..ha.. you may be correct...you are telling the answer to this instance. I am going more broader & give him some general advice he can use it for other scenario as well...hope he is fine with that..

I am telling him an approach one day he can become an expert like you by just looking at the log & can pin point the issue.

Rasika

8 REPLIES

Users unable to access the internet sites

Looks like your WLC and radius server arent connecting ..

Check the radius server and see if the WLC is set up correctly. Make sure the secret is correct.Also check the logs and post if there are any ...

On the WLC do a debug aaa events enable connect a client and post the output

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: Users unable to access the internet sites

If you are doing 802.1x authentication, your clients should not get an IP address unless they authenticate successfully. I would test with an open ssid and make sure they get a valid IP address and that they can ping local resources on the same layer 2 subnet and also be able to ping the gateway and then be able to ping an Internet site like yahoo. See where it fails as if you created a new subnet, you need to make sure that you also have added the subnet to the NAT.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Users unable to access the internet sites

Can they get to internal resources?  Is this a new WLAN and subnet that was created?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
VIP Purple

Re: Users unable to access the internet sites

I would do the troubleshooting in  following sequence.

1. Put a wired PC on to the vlan allocated for WLAN1

2. Check whether wired PC gets an IP & can browse internet

3. If that works, then we know no issue of DHCP & not issue with L3/NAT routing to access internet

4. If step2, does not work then your issue is not within wireless, you have to change the focus of your troubleshoot.

5. If step2 works, then test a wireless client with OPEN Authentication (No ACS involvment).If this does not work,then it means wireless client does not get proper IP connectivity. Check dynamic interface configuration for this WLAN & make sure gateway addresses correctly configured. Also VLANs are trunk across to WLC from switch.

6. If step5 works, then try your client with ACS & see the client get successfully authenticated. If not it may be WLC to ACS issue. Troubleshoot that in that case.

Do some troubleshooting like this & let us know the outcome. I am sure you will abe to find out the issue easily in this way.

HTH

Rasika

Re: Users unable to access the internet sites

LOL ... this poor guy getting all this advice..

While I think mine is the most sound .. Obvious radius issues are shown  #just saying

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
VIP Purple

Re: Users unable to access the internet sites

George,

ha..ha.. you may be correct...you are telling the answer to this instance. I am going more broader & give him some general advice he can use it for other scenario as well...hope he is fine with that..

I am telling him an approach one day he can become an expert like you by just looking at the log & can pin point the issue.

Rasika

New Member

Re: Users unable to access the internet sites

Hi Everyone,

Sorry  for getting late  on this.

Issue was Current Radius servers were replaced by new one yesterdy night.

I put the New Radius server IP  in the WLC  and users were able to access the internet.

So George was spot on!

Thanks to everyone to answering the post.

USers were getting IP  from the DHCP  via external DHCP server.

Best regards

MAhesh

Message was edited by: mahesh parmar

Re: Users unable to access the internet sites

So George was spot on!

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
201
Views
0
Helpful
8
Replies