Hi Tomas -
What type of authentication are you doing to the WLAN your connecting to?
can you reach any local devices or web pages in the same network it connects to this could include its default gateway?
Also have you used the "ipconfig /all" to verify it is in the correct ip address range and settings like DNS is correct?
WLAN authentication method, to quote the description, is "WPA2/openSystem/eapTls"
I'm not sure about the client's ability to reach resources on the local network, but I assume the problem is with both internal and external sites.
Yes, I checked ipconfig /all, the settings there are OK.
And now I checked the host in Cisco Prime again - the laptop is currently associated to an AP, but Traffic (MB) is shown as "<0.1", so there's virtually no action going on this connection. And then I connected to the WLC and pinged the client and results were:
Send count=3, Receive count=0
Tried to ping AP's IP addr from the WLC - ping works:
Send count=3, Receive count=3
So, the client is associated with AP but there is no connection between the laptop and WLC. What should be the next tshoot steps?
Yes, I go to Monitor - Clients and Users and then paste in the laptop's MAC in quick filer and then I get an overview of the client with various info, like association history, duration, RSSI stats, etc., but I don't find anything that could help to tshoot. As I said, there is almost nothing in Events tab. Maybe some CLI command on WLC could help? I am totally new to wireless tshoot
Can you answer these questions please?
does the client have an ip address with appropriate subnet?
does the client have a default gateway configured?
can the client ping it's default gateway?
does the client have a DNS server configured?
can the client ping the DNS server?
can the client ping www.cisco.com?
Now please answer these questions:
what version of code are you using?
goto the WLC GUI, that the client is connected to, find the client on the Monitor>Clients page, and tell me what the following fields say:
policy manager state
security policy completed
auth key mgmt
snmp nac state
radius nac state
After some tinkering, I've assigned this ticket to Level 2 engineers and will see what their solution will be (if any).
Now I don't have access to the info about the machine, but as far as I rememebr about the client's IP configuration, everything looked good, including the default gateway an DNS. Well, at least what I saw in the config did not raise any suspicion to me.
It may sound stupid, but now I am not entirely sure what will be the default gateway in WiFi connection - AP, WLC or the router?
I had no access to the AP, so I could not test ping the client from it, but if Cisco Prime shows me that the laptop is currently associated with the AP, so theoretically the ping should work between these two devices? Or not necessarily?
If Cisco Prime gets the info about the client's association with the AP, it also means that some sort of connection exists between the WLC and the client, doesn't it? But as I said, I tried to ping the client from the WLC at the same time when the client was associated with the AP and I got no response.
So I don't know if this problem might have something to do with, say, DNS settings - it's obvious that there is no L3 connection between the laptop and the WLC. But some sort of data transfer still must happen between the laptop and the WLC, because otherwise how could Cisco Prime show me that the laptop is currently associated with its AP? This is strange.
Associated to the AP, means you are connected to the AP, it does not mean you have an IP address.
There should be a status showing that an IP Address has been assigned.
You say that ipconig looks ok, I am not sure what this means.
If ipconfig is ok, you should be able to ping the gateway from the client, and ping www.cisco.com.
Normally these things could be incorrect:
1. No Layer 3 configuration
2. Incorrect DNS.
3. HTTP/HTTPS blocked.
I would isolate it first by checking the client's IP connectivity. If it's all good, then check DNS. If that is good too, then move towards L4 troubleshooting.
For client, the default gateway will be the Router (most likely).