New 5Ghz SSID not working

anon · February 18, 2021, 04:09:43 PM

I've been having issues with wireless on my 2.4Ghz network. So I decided to create a 5Ghz SSID, and I'm unable to connect to it. I went ahead and removed PSK and opened up access, but I'm still unable to connect to that SSID. Error states connection failed.

I'm running a vWLC, version 8.2.110.0 on ESXi with Cisco 3700 APs with the short stub external antenna.

I've configured -

Radio Policy: 802.11a only
Broadcast SSID: enabled
FlexConnect Local Switching: Enabled

Somebody told me it could be a channel issue, but I don't believe so as my new 5Ghz SSID is running on channel 36,40 and my 2.4Ghz SSID is running on channel 11.

I'm at a loss why creating a new SSID wouldn't work.

deanwebb · February 18, 2021, 05:01:32 PM

Is there anything in between the WLC, AP, and test device? Could be interference, especially if there's a lot of metal or old walls (which usually had a lot of metal in them).

Do the APs show up registered in the WLC? If yes, it could be client settings on the test device.

Dieselboy · February 18, 2021, 10:29:30 PM

Sometimes I get refusal to connect because the device has cached configuration for an SSID and the cache does not match what the AP/WLC is expecting. Have you tried "forget network" and setting up again on the device?

If that fails, then as mentioned this can be caused by interference. Every wifi AP within an area needs to be on a different channel. Maybe you are using the same channel as some other wifi device nearby which is causing the interference. Try changing the channel.

Also you say you're using 36,40. This is 40mhz-wide. Maybe you have a little bit older wifi client and it cant use the 40mhz channel. Change it back to 20mhz and then try and see if you can connect after "forgetting" the wifi network.

In the WLC you may be able to view logging to tell you the reason for the connection failures.

icecream-guy · February 19, 2021, 06:42:57 AM

just ran across this article this morning

How to fix Wi-Fi interference

https://www.networkworld.com/article/2215287/coping-with-wi-fi-s-biggest-problem-interference.html

SQ
Does your wireless NIC Support 5G?

anon · February 20, 2021, 02:39:04 PM

Thanks so much guys for the quick reply! You guys have been so helpful, and given me some paths to take on tshooting this issue.

@deanwebb
So I believe there is definitely some kind of interference, as on my 2.4Ghz SSID my NEST cameras have been cutting out and it keeps saying some kind of interference is affecting the connection. When I attempt to stream video, at random times it will cut out. As far as what's between them, there isn't much that would cause interference to my knowledge.

The AP does indeed show registered in the WLC.

@dieselboy
I did try forgetting the network, and attempt to reconnect to it. So I'm thinking changing the channel would be a good idea. So, do I have to be cognizant on which channel I choose? I did change it back to 40mhz for some increased performance, but let me put that back down to 20mhz.

I didn't see any logs in the WLC. Maybe I'm looking in the wrong place, but it came up empty. Am I able to see those logs if I console into the WLC? View them just like I would on a Cisco switch?

@ristau5741
I will check out that link. Thank you!

So my main devices that connect to the WiFi are MacBooks, iPads, and iPhones. So it would just be the iPhone that could do 5G, which I must say does save me at times.

I thought about dumping the whole Cisco WLC setup, and switching to Ubiquiti. But I'm thinking the issues might in fact be the same, if it truly was an interference issue. The whole WiFi setup is pretty great, as it's enterprise grade. I'm going to change the channels, as I noticed earlier today there are a ton of other WiFi networks in the area, I'm talking about 25+ SSIDs.

icecream-guy · February 20, 2021, 03:13:56 PM

if you are using Cisco, it's probably a bug!

anon · February 20, 2021, 03:18:46 PM

This doesn't surprise me. Also, I must say I know I'm running an older version of the wireless controller. So it might be a good idea to upgrade the WLC. I'm just worried something will tank, and then I'm really in trouble. I haven't upgraded a WLC before, but I'm thinking it shouldn't be much different than a switch. I wonder if I can just do it from the GUI? I will poke around now and verify.

So just so I'm understanding this, the channel I choose is open to choose I just need to verify if other things are on it. Like I've scanned SSIDs around me, and they are all on the standard 11 and the other norms people deploy by default. So can I choose any other one of my choosing?

Dieselboy · February 21, 2021, 10:16:48 PM

Anon, if you have an Android device then go grab this free (and possibly dodgy) app which I use all the time for exact things like this: https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en&gl=US

Note: The app will not work until you allow the permissions: Storage and GPS access.

I say "possibly dodgy" because the app needs those permissions to work and I don't really know why. I just install when I need then remove it once I am done.

In the app. you can show 2.4GHz and 5GHz wifi bands and neighbouring AP's and their broadcasting channels.

Some things to note that are worth remembering:

- all wifi AP's need to be on their own unique channel. This means each of your AP's as well as your neighbours. This easily becomes a problem on 2.4GHz band where there are mostly only 3 unique and non-overlapping channels.

- AP's that broadcast the same SSID need to have the same authentication/authorization settings

///

With your issue specifically I wonder if the wifi is in fact fine but there's no underlying DHCP server within the layer 2 network to provide the wifi client an IP address and concequently internet access so in turn your smart iPhone is ignoring the wifi and putting it in the "bad" box? I've had a similar issue when my home internet went down and I Was unable to control my smart lights because the phone was outright refusing to do anything on the wifi due to the internet being down - even though the lights were controllable. I needed to select "use network anyway" on my Android phone.

anon · February 23, 2021, 02:19:02 AM

Funny have it I just picked up an Android device the other day, so let me fire that up and take a look.

I was thinking this could be a layer 2 issue, as I have my networks separated. By separated, I mean that my APs sit on it's own VLAN on 10.10.20.x /24 and my devices on another VLAN on 172.17.70.x /24. Now, all I did was add a second SSID to the network controller, which I would think would just sit on the device VLAN as the first SSID does, right? I believe it is, as I see here under All APs > HallwayAP > VLAN Mappings with the appropriate VLAN ID.

I switched it to channel 100 too, and still no luck.

I noticed a lot of rogue AP messages under the Trap Logs, but I have a feeling this is normal on the 2.4Ghz frequency. It looks something like this, which per the MAC address OUI is a Netgear device.

Code Select

Rogue AP: e4:f4:c6:19:56:7b detected on Base Radio MAC: 5c:83:8f:c7:c2:30 Interface no: 1(802.11ac) Channel: 153 RSSI: -73 SNR: 22 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0

Dieselboy · February 23, 2021, 11:49:42 PM

Your OP states flexconnect = enabled.

What this does is locally switch wifi traffic to the local wired lan on the AP's. So in your case you will need to trunk this VLAN to the AP and map the SSID to the VLAN to allow the local bridging / switching.

The other option is to turn off flexconnect. This will send all client wifi traffic back to the controller over an encrypted tunnel. However you may not be able to do this if you are running a controller VM (I don't know, havent used the VM but I have used mobility express which uses a software WLC so I am adding 2+2 and getting 6 here

). Flexconnect is usually turned off on WLCs. So maybe this is why it is enabled for you.

If you use vlan 100, maybe you can make this the native vlan on that port and see if you get wifi access onto that native vlan (ie vlan "1"). Or you'll need to set up the vlan 100 in the AP so that the AP will trunk (tag) wifi client traffic with vlan 100.

You will get a rogue AP log for every AP detected by your system where those detected APs are not part of your WLC system. Hope that makes sense?

anon · February 24, 2021, 02:30:43 AM

That's correct, I had to enable flexconnect because it's running as a virtual machine. I know on our other WLC the flexconnect option is not enabled.

So I thought you had something, as that would be a great catch. But I confirmed I do indeed have the correct VLAN Mappings for the native vlan, and the inheritance is set for WLAN-Specific just like the working SSID.

The MacBook states the network is not available, and the iPad states the password is incorrect. So weird.

On the plus side, I did change the channel on the 2.4Ghz SSID and the interference appears to have stopped. I switched it to channel 6 for the 2.4Ghz network.

But the 5Ghz SSID ...

Dieselboy · February 25, 2021, 02:25:41 AM

OK so lets say you have VLAN 100 configured on the LAN. You need to understand whether this is a tagged VLAN or not (native). Basically native means remove the tag when traffic leaves the switch port or add the tag when any untagged traffic arrives. You can only have one native VLAN for this reason.

Have you considered using 1 SSID (1 VLAN) on the WLC side and then using your VLAN on the switch port as either access mode or native VLAN as a test? You probably need the AP IP address to be in the same VLAN as the wifi client traffic so that the AP can get an IP and then talk to the WLC. I think this will let the wifi AP work as a test with 5GHz.

Another way to say the same thing -> have only one untagged VLAN on the switch port and then on the WLC add the VLAN number but mark it as native.

For example in a remote office I use VL33 for LAN traffic and wifi. The AP has an IP in the same VLAN. on the WLC I have WLAN to VLAN mapping making vl 33 the native VLAN.

anon · February 25, 2021, 06:12:26 PM

Forgive me if I'm missing it, but I don't think this would be an issue since the AP is on the correct VLAN, tagged appropriately as well as the user VLAN, which can indeed get an addressed assigned. But this is only the case on the 2.4Ghz SSID. If I add the 5Ghz SSID to the vWLC using that same AP, that's associated to the same AP Group I would think it would be a L2 issue. Or am I wrong in that statement?

Within the AP Group, the only different is it has a different WLAN ID, with the corresponding Profile Name(SSID Name) but inside the settings, for L2 and L3 options, it's purely security related (ie WPA+WPA2, Encryption, PSK athentication) options like this.

Dieselboy · February 25, 2021, 10:11:06 PM

If you're adding a new SSID then you need to map that to a VLAN. You may be able to map it to the same VLAN ID on the LAN - I'm not sure.

Why not just enable the 5G network on the existing and working 2.4GHz WLAN? Having a separate 2.4 and 5G SSID means that clients wont automatically roam to the best one which is a downside. Also having separate 2.4 and 5 SSIDs mean you are bridging to different VLANs and so you must have unique SSID names else a client could roam between the SSIDs but the client IP address will be wrong.

The only use case I've found for configuring and using separate SSIDs for the two frequency bands is when you need to force (ie stick) clients to either the 2.4 or 5GHz band. ISPs send out their pre-configured home routers with separate -2.4G and -5G wifi SSIDs. I generally just rename both of these SSIDs to get the same name so that the client will roam to the best one (ie 5GHz when it can and fall back to 2.4G when it's a bit far from the AP). Some home ISP routers wont let you do this which is poor.

anon · March 01, 2021, 01:32:04 PM

Just so I'm not missing it, when you say map that VLAN. Where do I do that at? I have the VLAN set, or mapped under FlexConnect on under the Wireless tab. You said separate 2.4Ghz and 5Ghz SSIDs means I'm bridging two different VLANs, but they are actually configured as the same VLAN and I never created a new VLAN for 5Ghz. Maybe that's my problem overall that I didn't separate them that way, as I didn't know. I just added the 2nd SSID to the same VLAN and just configured the SSID.

So the radio policy is indeed set for 'ALL' but my MacBook is right next to the AP and it's still preferring 2.4Ghz. So that's why I thought I would create a dedicated 5Ghz. I've never seen a device get on the 5Ghz network on it's own. I think I'm missing a configuration if this is the case that it will choose the best band, because it for sure should be choosing the 5Ghz SSID since it's so close to the AP.

Thanks so much for continuing the help me. I'm learning more and helps to talk it out, as the walls haven't been of much help.