Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Client State: IPLEARN

Hello,

I am configuring a single Catalyst 3650 switch with Aironet 3702E APs.

If I join an SSID weather its open authentication or otherwise, my devices never receive an IP address.  If I statically assign them, I cannot browse the network.

Relevent Topology:

Router > Switch A (VTP Server) > Trunk > Catalyst 3650 (VTP Client)

*Default VLAN: 1

I have the Wireless Management IP set to the VLAN 1 IP Address.

CAT3650#show wireless client summ

Number of Local Clients : 1

MAC Address    AP Name                          WLAN State              Protocol

--------------------------------------------------------------------------------

xxxx.xxxx.xxxx APxxxx.xxxx.xxxx                 50    IPLEARN            11n(2.4)

This is the only Mobility device for the company.  I have it operating as a Mobility Controller.

Here is the conf:

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

!

hostname CAT3650

!

boot-start-marker

boot-end-marker

!

!

vrf definition Mgmt-vrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

enable secret x

!

username x privilege 15 password x

no aaa new-model

clock timezone CST -6 0

clock summer-time CDT recurring

clock calendar-valid

switch 1 provision ws-c3650-24pd

!

ip name-server 192.168.254.1

ip name-server 192.168.254.254

ip device tracking

!

!

!

crypto pki trustpoint TP-self-signed-764008471

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-764008471

revocation-check none

rsakeypair TP-self-signed-764008471

!

!

crypto pki certificate chain TP-self-signed-764008471

certificate self-signed 01

  x

        quit

!

!

!

!

!

diagnostic bootup level minimal

spanning-tree mode pvst

spanning-tree extend system-id

!

redundancy

mode sso

!

!

!

class-map match-any non-client-nrt-class

  match non-client-nrt

!

policy-map port_child_policy

class non-client-nrt-class

    bandwidth remaining ratio 10

!

!

!

!

!

!

interface GigabitEthernet0/0

vrf forwarding Mgmt-vrf

ip address 192.168.254.249 255.255.255.0

negotiation auto

!

interface GigabitEthernet1/0/1

switchport mode access

!

interface GigabitEthernet1/0/2

switchport mode access

!

interface GigabitEthernet1/0/3

switchport mode access

!

interface GigabitEthernet1/0/4

switchport mode access

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface TenGigabitEthernet1/1/3

switchport mode trunk

!

interface TenGigabitEthernet1/1/4

!

interface Vlan1

ip address 192.168.254.249 255.255.255.0

!

ip default-gateway 192.168.254.254

ip http server

ip http authentication local

ip http secure-server

!

!

!

snmp-server location x

snmp-server contact x

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login local

transport input telnet ssh

line vty 5 15

login local

transport input telnet ssh

!

ntp server 1.pool.ntp.org

ntp server 0.pool.ntp.org

wsma agent exec

profile httplistener

profile httpslistener

wsma agent config

profile httplistener

profile httpslistener

wsma agent filesys

profile httplistener

profile httpslistener

wsma agent notify

profile httplistener

profile httpslistener

!

wsma profile listener httplistener

transport http

!

wsma profile listener httpslistener

transport https

wireless mobility controller

wireless management interface Vlan1

wireless client fast-ssid-change

wlan Test 50 Test

no security wpa

no security wpa akm dot1x

no security wpa wpa2

no security wpa wpa2 ciphers aes

shutdown

ap led

ap mgmtuser username xpassword 0 x secret 0 x

ap group default-group

ap group WAREHOUSE_GROUP

description Warehouse

wlan Test

end

Any help is appreciated

7 REPLIES
Hall of Fame Super Silver

Client State: IPLEARN

Is this an updated show run?  You have the WLAN disabled

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
VIP Purple

Client State: IPLEARN

HI John,

Do you have 'ip dhcp required' set  under your wlan config? Turn it off  and give a try.

Regrads

New Member

Client State: IPLEARN

The shutdown command is not present while testing (no shutdown is configured)

I did see that ip dhcp required issue on another post, but I never had that checked.

Hall of Fame Super Silver

Client State: IPLEARN

I don't see that you have ip dhcp required on your config you posted... that's why I asked if that was a current config or not.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Client State: IPLEARN

Sorry Scott, my wording was a little off.  I mean that that under Configuration > Wireless > Test > Advanced > DHCP Address Assignment required - the box has never been checked / ip dhcp required under wlan Test 50 Test has never been configured.

New Member

Client State: IPLEARN

I'm still having trouble with this.  Am I ok to have everything on one vlan?  Or do I need to have the wireless management address on another vlan/IP address other than the VLAN 1's ip?

New Member

I have multiple reports from

I have multiple reports from various sites running Cisco 3850 (MC) that the wireless client fails to connect to a SSID.

-The problem do not happen to all clients in the sites, only a few.

-Rebooting/Reconnecting the client sometime helps, but not all them time.

-The problem stays on a particular client (appears to be tied to Client's mac address)

-ACS shows authentication successful, but client with missing IP address.

-Cisco 3850 Client Status "sometime" shows Client in IPLEARN status and cannot be cleared.

-Cisco 3850 switch side show client making DHCP request repeatedly, and the DHCP server making multiple IP allocation to the same MAC address can be seen on the ARP table.

For this environment, the Wired and Wireless share the same VLAN and DHCP range.

 

Regards,

S.K. Lai

1508
Views
0
Helpful
7
Replies