I am having trouble with a newly configured install. Basically it seems that my centrally switched guest SSID is not functioning. As you change AP groups, which should change the interface associated with the SSID and also the dhcp client address, the client is retaining the original dhcp address from whichever AP group they first associated with.
I also have a locally switch WPA2 SSID at each location which is working fine. Clients are able to change dhcp address correctly as they move between AP groups. It just doesn't seem to be working on the guest network, which is odd because it was working earlier in the install. It has only started having issues yesteday afternoon.
It does not always coincide with the guest errors but I am generating these logging errors:
*DHCP Socket Task: Aug 17 15:09:23.526: %SIM-3-DHCP_SERVER_NO_REPLY: sim_interface.c:1039 Failed to get DHCP response on interface 'may89-guest_vb_122'. Marking interface dirty.
The interface above is assigned to the guest SSID in one of the AP group. I assume this has something to do with it but I've been over my DHCP assignments on the core switch, local switch, controller, and dhcp server and can find no issue with the configuration.....Also the fact that it was working earlier this week.
I also seem to be generating a high amount of:
*dot1xMsgTask: Aug 17 14:46:22.844: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client xx:xx:xx:xx:xx:xx
I am not sure why as I am not using DOT1X at all. The guest is a pass-thru and the WPA2 network is just WPA + WPA2 with TKIP and AES. No DOT1X anywhere on the controller...
When centrally switched and the client is in the run state, the client will keeps its original ip address. This is the feature of roaming. Even when a device roams from APs in different ap groups. Locally switched, it's different, the client will have to request a new dhcp address if the ap is in a different ap group and if the clan mapping for that WLAN is different.
Ok. That makes sense. Could I just create a single guest vlan at the core and then have the guest network at all AP groups place their clients there? That way I would be generating Ip addresses in teh same scope. I think the reason I cannot get out currently is because I do not have those core vlans configured at my remote locations? Does that make sense.
So I could just create a vlan 100 - 10.100.0.1/22 on the core with helper address and dhcp scope that match. Then each of my remote sites will just need to have a layer 2 vlan 100 interface tagged in order to pass that traffic?
I am just confused because the guest network was working earlier in the week without having to configure the centrally switch vlans at the remote sites.
I think I might know what to do. Could I just create an interface group for each controller and place all of my individual guest interfaces within that group. Then I could just assign that interface group to each of my AP groups so every AP group would have access to all of the guest interfaces on the controller. I think the reason it is not currently working is because the AP group at my location is set to a specific interface and the ip addresses when I roam are from different interfaces not set for the AP group. I am basically being blocked by the AP group/guest interface because my ip address belongs to the wrong interface.
I think an interface group would solve that problem. The only other issue would what if I roam to an AP group on the other controller. Could I just set up a mobility group and place both controllers in that group? If they both have the UP status in the same mobility group would that allow inter-controller roaming?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...