Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clients not getting IP address

Hi, I have configured 5508 with multiple APs but clients on the internal SSID aren't getting an IP address. I have the IP helper address configured and I have also disabled DHCP proxy on the controller.

I get the following from the client debug, I don't know what the below mac address is, it's not one my APs or the clients, I am not seeing this mac address on the controller at all but it shows up in the debug.

type = Airespace AP - Learn IP address

   on AP 6c:9c:ed:87:23:c0

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Entering Backend Auth Success state (id=29) for mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 Received Auth Success while in Authenticating state for mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.579: 08:11:96:20:94:28 dot1x - moving mobile 08:11:96:20:94:28 into Authenticated state

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.589: 08:11:96:20:94:28 Received EAPOL-Key from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Received EAPOL-key in PTK_START state (message 2) from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 PMK: Sending cache add

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Stopping retransmission timer for mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.590: 08:11:96:20:94:28 Sending EAPOL-Key Message to mobile 08:11:96:20:94:28

                                                                                                                    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Received EAPOL-Key from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 08:11:96:20:94:28

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 apfMs1xStateInc

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state DHCP_REQD (7)

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 6c:9c:ed:87:23:c0 vapId 1 apVapId 1for this client

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 Not Using WMM Compliance code qosCap 00

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 6c:9c:ed:87:23:c0 vapId 1 apVapId 1

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) pemAdvanceState2 4793, Adding TMP rule

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.589: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Adding Fast Path rule

  type = Airespace AP - Learn IP address

  on AP 6c:9c:ed:87:23:c0, slot 0, interface = 1, QOS = 0

  ACL Id = 255, Jum

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 100, IPv6 intf id = 0

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Successfully plumbed mobile rule (ACL ID 255)

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4809, Adding TMP rule

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule

  type = Airespace AP - Learn IP address

  on AP 6c:9c:ed:87:23:c0, slot 0, interface = 1, QOS = 0

  ACL Id = 255, Jumbo

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006  IPv6 Vlan = 100, IPv6 intf id = 0

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.595: 08:11:96:20:94:28 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)

*Dot1x_NW_MsgTask_0: Nov 25 16:14:17.596: 08:11:96:20:94:28 Stopping retransmission timer for mobile 08:11:96:20:94:28

*pemReceiveTask: Nov 25 16:14:17.596: 08:11:96:20:94:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

*pemReceiveTask: Nov 25 16:14:17.596: 08:11:96:20:94:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

5 REPLIES
Silver

Clients not getting IP address

Is your question/concern about the mac address you posted? It looks like it is just an AP MAC address (possibly the radio mac, if it isn't the ethernet mac).

I personally don't have any concern about that part of the debug......  my question to you is what happens after this part you pasted? Nothing else in the debug?

Because I dont see anything from the client showing it is trying to do DHCP.... So I assume you must have just not pasted that part?

New Member

Clients not getting IP address

Hi, The question was also regarding the mac address because that doesn't exist on my network but the main question is regarding the fact that clients don't get an IP address.

Nothing happens after the above, I don't see any other messages. I didn't post the first part of the debug because the l2 authentication is complete, however there is zero info after this.

Silver

Clients not getting IP address

Fair enough.  That MAC address in the debug looks like exactyl what I'd expect to see.....  It is either the Base Radio MAC address or the Ethernet MAC Address of the AP you are associated to.   So when you say it doesn't exist on your WLC, are you sure you are comparing to the Radio MAC as well as the Ethernet MAC list?

As far as IP addressing goes, the WLC is not seeing anything at all regarding client doing dhcp. Nor is it seeing the client send packets with an IP address (as if it were static).

What version of code is this?

Every single client has this problem? On this one wlan or all wlans?

Was it ever working?

Better yet, if this is HREAP this becomes an entirely different story, so are you doing HREAP Local Switching?

New Member

Clients not getting IP address

Yes, its hreap, and is switching locally.  this is code version 7.0.22.

Silver

Clients not getting IP address

so it is HREAP+Local Switching...? Then you are only going to see the aftermath of DHCP in the client debug since DHCP never flows through the WLC.

Regardless of DHCP proxy dis/enabled, the packets are going to leave the HREAP in the vlan you have defined and the wired infrastructure is expected to get it wherever.   If DHCP is not working, I'd suspect you either have a vlan/trunk problem, or the the dhcp request just isn't getting to your server correctly.

If you know your hreap vlan mapping, switchport and ip-helper configurations are correct, then my next step would be to track prove whether or not the client's dhcp request is hitting the switch (packet capture?)  and then I'd be following that request to confirm it made it to the dhcp server...

1206
Views
0
Helpful
5
Replies