Wireless Access

I have 2 WLANs :

1)WLAN naik_open_vlan_10 with VLAN 10 Employee VLAN
2)WLAN naik_open_all_vlan VLAN 1 MgmtVLAN

My 1) does not work i.e. when user with mac address 7c:11:be:6d:a0:56 tries to associate it does not get DHCP allocated ip address.

My 2) works fine though .

DHCP server is external Win2008

Please see logs below :

Attachment(s)

mc1_log.txt   8 KB 1 version

Why is VLAN 10 and 1 handing out IPs on the same scope ?

Controller Log ,Good Example ,(WLAN naik_open_all_vlan VLAN 1 MgmtVLAN )
MAC=7c:11:be:6d:a0:56,IP=10.254.1.106

Controller Log ,Bad Example (WLAN naik_open_vlan_10 with VLAN 10 Employee VLAN)
Aug 1 19:46:01 :522050:  <INFO> |authmgr|  MAC=7c:11:be:6d:a0:56,IP=10.254.1.106

Can you do a show arp | include <devicemac> on the controller ?

And you please confirm the DHCP configuration

Also do a show trunk and show vlan on the controller to make sure the VLAN is active and up/up and do the same on the interface of the upstream switch

(MC1) (config) #show arp Protocol Address Hardware Address Interface

Internet 10.254.1.101 00:1A:1E:C0:BD:E6 vlan1

Internet 10.254.1.1 00:0B:86:63:BA:10 vlan1

Internet 10.254.1.103 00:0B:86:66:BD:3E vlan1

Confirm what on DHCP configuration ?

 Also checked the trunk 

(MC1) # show trunk

Trunk Port Table
-----------------
Port Vlans Allowed Vlans Active Native Vlan
---- ------------- ------------ -----------
FE1/4 ALL 1,10-11 1

----------------------------------------------------------------
(MC1) #show interface fastethernet 1/4 switchport   -> to Switch

Name: FE1/4
Switchport: Enabled
Administrative mode: trunk
Operational mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (Default)
Trunking Vlans Enabled: ALL
Trunking Vlans Active: 1,10-11

----------------------------------------------------------------

Below are Switch confguration 

(Switch_Naik) (config) #show interface fastethernet 1/7 switchport -> to DHCP Server

Name: FE1/7
Switchport: Enabled
Administrative mode: trunk
Operational mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (Default)
Trunking Vlans Enabled: ALL
Trunking Vlans Active: 1,10-11

------------------------------------------------------------------------------------------------------

(Switch_Naik) (config) #show interface fastethernet 1/4 switchport ->To MC1

Name: FE1/4
Switchport: Enabled
Administrative mode: trunk
Operational mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (Default)
Trunking Vlans Enabled: ALL
Trunking Vlans Active: 1,10-11

VLAN interfaces are  on the switch with ip address set 

(Switch_Naik) (config) #show ip interface brief

Interface IP Address / IP Netmask Admin Protocol
vlan 1 10.254.1.1 / 255.255.255.0 up up
vlan 10 10.254.10.1 / 255.255.255.0 up up
vlan 11 10.254.11.1 / 255.255.255.0 up up
loopback unassigned / unassigned up up
mgmt unassigned / unassigned down down

(Switch_Naik) (config) #show vlan

VLAN CONFIGURATION
------------------
VLAN Description Ports AAA Profile
---- ----------- ----- -----------
1 Default FE1/0-5 FE1/7 GE1/8 Pc0-7 N/A
10 VLAN0010 FE1/4-5 FE1/7 N/A
11 VLAN0011 FE1/4-5 FE1/7 N/A

To clarify, please run the requested commands from the MC, not the switch.

What VLAN is the DHCP server on?   Do you have anything setup to forward DHCP requests for VLAN 10 to this IP?  Either on the controller or the switch?

(Switch_Naik) (config-subif)#show interface vlan 10

VLAN10 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:0B:86:63:BA:10 (bia 00:0B:86:63:BA:10)
Description: 802.1Q VLAN
Internet address is 10.254.10.1 255.255.255.0
............
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP enable Suppress ARP enable
..................
Proxy Arp is enabled for the Interface
IP Helper Addresses Configured on this Interface:
10.254.1.21

VLAN 10 has ip helper configured as seen above .

DHCP Server is trunk connected to Swicth as seen in out put in this thread (

show interface fastethernet 1/7 switchport)

to understand this better, can you share the following with us:

show vlan

show ip interface brief

show trunk you have already shown this

full results on both networks of the following:

logging level debug networking subcat dhcp

Attempt to connect to First Network

show log network | include <MAC>

Attempt to connec tot Second Network

show log network | include <MAC>

After:

no logging level debug networking subcat dhcp

Please see attached file

Attachment(s)

info2.txt   2 KB 1 version

Thank you for the logs.   The only other question I have at the moment is on the switchport to the DHCP server, you have it configured for trunking.  Do you have the Server NIC setup that way too?   Based on the IP, the DHCP server is on VLAN 1; then you should just setup that port as an access port and let the ip helper address for the VLAN route the request to the server.   Lastly, have you confirmed that DHCP scope can give out addresses to wired devices?

>Do you have the Server NIC setup that way too?

 it is a windows machine and does not allow me to setp the vlan . 

>then you should just setup that port as an access port and let the ip helper address for the VLAN route the request to the server.

 i tried changing from trunk to access , does not help 

>have you confirmed that DHCP scope can give out addresses to wired devices?

 yes , it did give to my laptop that i connected from access port with vlan 1 on the port .

it is other vlans (other  than vlan 1 ) that seem to have issue 

The switchport going to your DHCP server should definitely be an access port / untagged. Also, is the switchport trusted or are you using role-based access control with an untrusted port?