Wireless Access

Hi, has anyone experienced that when enabling CPSEC, all wifi client can't connect to wifi? I have enabled cpsec to configure bridge mode, but after a day of enabling it all users were unable to connect, and i have not done any configuration for bridge mode yet. By disabling cpsec, all users were able to connect again.

It's a bit weird because after enabling it, I tested the wifi and was able to connect to it, I even have clients coming in after the AP's rebooted. Any feedback is appreciated. Thank you.

Richard

You would need to examine the contents of "show log system 50", to find out what is going on with those access points.  By default CPSEC is enable, but auto-cert-provisioning is also off, so no access points can work unless they are whitelisted.  Please let us know what settings you had for CPSEC and if clients could not connect, were the access points in the whitelist.  If the APs were in the whitelist, we need the contents of "show log system 50" to determine what is happening.

Hi, Thanks for the reply, I enabled Auto Cert Provisioning when i turned on CPSEC, and I saw all the AP's in CAP Whitelist. The SSID's are being broadcasted at that time but users can't connect to it. they are failing in authentication (i think). We are using 802.1x on LDAP server as our authentication. We also have a guest SSID with open authentication but even that is not working as well. Attached is the output for "show log system 50". I'm not sure if the highlighted is the problem. The reboot on 23rd July was when I turned off CPSEC. I hope the info helps. Thanks.

Looks completely normal.  You did you change any virtual APs to "bridged" after turning on CPSEC, or any other changes?  You might have to turn on user debugging to see what is going on after that:

config t

logging level debug user

show log user 50

Hi, I haven't changed anything yet in the Virtual AP after turning on CPSEC. I'll try to do this again and see the debug when my customer agreed to reboot the AP again which i think will take some time. Thanks for the help man.

Hi, We did another testing in enabling the CPSEC, we still get the same result, after the AP's reboot the all the clients were able to connect to the SSID, after few hours all wifi clients start to drop slowly. We enabled CPSEC at night, so by 8am all clients were disconnected already. I've attached output on "show log user 50". So by the time users come in to office, complains started to come in that they can't connect to the SSID. So we ended up disabling CPSEC again. I don't see anything wrong with the logs (or i'm missing it), so i'm not really sure what is wrong, it's odd because we have another customer where their CPSEC is enabled and their wifi is working fine. Thanks

Attachment(s)

O&OLog.txt   24 KB 1 version

The logs look fairly routine with a couple exceptions

Question:

What is providing DHCP to the clients and the access points and the clients?

Hi,

The clients and AP's get their IP from an external Microsoft DHCP server, and both have different subnet. They have around 6 SSID's and all are in different vlans.

Question though.....After I enabled CPSEC from our last test, I created a VAP with bridged forward mode in it, and after I disabled CPSEC the controller didn't ask me to remove the bridged mode. So will the bridge actually work even if the CPSEC is disabled? We haven't tested this yet, maybe we'll test it this coming weekends. Thanks.

The AP will NOT come up if you have a bridged mode SSID and (1) CPSEC is not enabled or (2) the AP is not provisioned as a remote ap.