Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

aironet SAP2602 working only with some clients

Hi,

I've an aironet sap2602 that behaves strangely: dhcp negotiation is allowed only for some clients and not for others.

In detail, AP is connected to a captive portal system, so everybody is allowed to connect by itself, but you have to pass captive portal in order to go on internet.

Captive portal is also dhcp server.

On captive portal I see dhcp transaction only for some clients (the one that work fine), for other clients I don't see any negotiation, either successful or not.

I have done a packet sniffing with wireshark, so I can tell it's not a Captive Portal problem, but something between AP and client, since I don't see traffic from the mac address of the faulty client.

My question is: how can I debug this situation on the AP?????

Thanks a lot

Everyone's tags (3)
10 REPLIES
Hall of Fame Super Silver

Re: aironet SAP2602 working only with some clients

Post your show run-config and tell us what specific devices if any are having issues.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: aironet SAP2602 working only with some clients

Here it is:

MyAP#sh run
Building configuration...

Current configuration : 4325 bytes
!
! Last configuration change at 06:50:57 +0100 Mon Mar 1 1993 by myuser
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MyAP
!
logging rate-limit console 9
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone +0100 1 0
no ip routing
ip domain name mydomain.it
!
!
dot11 syslog
dot11 vlan-name WIRELESS vlan 1
!
dot11 ssid MYSSID
   vlan 1
   authentication open
   guest-mode
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-REMOVED
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-REMOVED
revocation-check none
rsakeypair TP-self-signed-REMOVED
!
!
crypto pki certificate
[REMOVED]
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid MYSSID
!
antenna gain 0
stbc
speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid MYSSID
!
antenna gain 0
no dfs band block
stbc
speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
channel dfs
station-role root
no dot11 extension aironet
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1
no ip route-cache
!
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 192.168.125.253 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.125.1
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
!
bridge 1 route ip
!
!
!
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
transport input all
!
end

MyAP#

Thanks

Re: aironet SAP2602 working only with some clients

is it one device that is having an issue or more than one?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

aironet SAP2602 working only with some clients

More than one, for now PCs (laptops), but between identical laptops, one work and one doesn't.

Hall of Fame Super Silver

Re: aironet SAP2602 working only with some clients

Your using an open authentication from what I see, so I don't think it's an issue with the AP unless you removed some of your SSID configurations.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

aironet SAP2602 working only with some clients

It is IMHO because if I sniff network traffic on the connection between AP and DHCP server I see no DHCP traffic between the two, so if ever the DHCP server is faulty, I'd have to see some unsatisfied dhcp requests on the network.

VIP Purple

Re: aironet SAP2602 working only with some clients

Hi,

You can run following debug command on your AP & see if that gives any useful information with a client who can't get an IP

AAP1#debug ip dhcp server packet detail

HTH

Rasika

**** Pls rate all useful responses ****

New Member

aironet SAP2602 working only with some clients

The debug works if the dhcp server is the ap.

I've set it up with:

ip dhcp excluded-address 192.168.125.1

ip dhcp excluded-address 192.168.125.253

ip dhcp excluded-address 192.168.125.254

ip dhcp pool myapp

int BVI1

ip helper-address 192.168.125.1

and the results are:

*Mar  2 00:17:22.349: %SYS-5-CONFIG_I: Configured from console by XXXX on vty0 (192.168.125.1)

*Mar  2 00:17:28.565: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 6896.yyyy.zzzz Reason: Sending station has left the BSS

*Mar  2 00:17:28.565: %DOT11-4-MAXRETRIES: Packet to client 6896.yyyy.zzzz reached max retries, removing the client

*Mar  2 00:17:32.565: %DOT11-6-ASSOC: Interface Dot11Radio1, Station   6896.yyyy.zzzz Associated KEY_MGMT[NONE]

*Mar  2 00:17:32.637: DHCPD: client's VPN is .

*Mar  2 00:17:32.637: DHCPD: No option 125

*Mar  2 00:17:32.637: DHCPD: DHCPREQUEST received from client 0168.aaaa.bbbb.cc.

*Mar  2 00:17:32.637: DHCPD: Finding a relay for client 0168.aaaa.bbbb.cc on interface BVI1.

*Mar  2 00:17:32.637: DHCPD: setting giaddr to 192.168.125.253.

*Mar  2 00:17:32.637: DHCPD: BOOTREQUEST from 0168.aaaa.bbbb.cc forwarded to 192.168.125.1.

*Mar  2 00:17:32.637: DHCPD: client's VPN is .

*Mar  2 00:17:32.637: DHCPD: No option 125

*Mar  2 00:17:32.637: DHCPD: forwarding BOOTREPLY to client 6896.yyyy.zzzz.

*Mar  2 00:17:32.637: DHCPD: no option 125

*Mar  2 00:17:32.637: DHCPD: creating ARP entry (192.168.125.31, 6896.yyyy.zzzz, vrf default).

*Mar  2 00:17:32.637: DHCPD: broadcasting BOOTREPLY to client 6896.yyyy.zzzz.

*Mar  2 00:17:51.913: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 6896.yyyy.zzzz Reason: Sending station has left the BSS

*Mar  2 00:17:51.917: %DOT11-4-MAXRETRIES: Packet to client 6896.yyyy.zzzz reached max retries, removing the client

*Mar  2 00:18:03.257: %DOT11-6-ASSOC: Interface Dot11Radio1, Station   6067.2000.d4ac Associated KEY_MGMT[NONE]

*Mar  2 00:18:11.873: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 6067.MMMM.NNNN Reason: Sending station has left the BSS

*Mar  2 00:18:41.669: %DOT11-6-ASSOC: Interface Dot11Radio1, Station   6067.MMMM.NNNN Associated KEY_MGMT[NONE]

without helper address on BVI1:

*Mar  2 00:20:30.797: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 6067.MMMM.NNNN Reason: Sending station has left the BSS

*Mar  2 00:20:31.957: %DOT11-6-ASSOC: Interface Dot11Radio1, Station   6067.MMMM.NNNN Associated KEY_MGMT[NONE]

So I think there should be something wrong while associating devices with AP.

Ciao

VIP Purple

Re: aironet SAP2602 working only with some clients

Hi

Can you make the following modification & see if that make any difference. In current configuration you have configured vlan 2 as native on ethernet side & vlan 1 as native on radio side.

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

bridge group 1

no ip route-cache

!

interface GigabitEthernet0.2

encapsulation dot1Q 2 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

HTH

Rasika

**** Pls rate all useful responses ****

New Member

aironet SAP2602 working only with some clients

Done, no way.

443
Views
5
Helpful
10
Replies
CreatePlease to create content