Hi guys, i'll try to explain our trouble as best as i can:
Im trying to do some basic scenario here. Picture this: One L3 Switch connecting a 4402 Controller, 3 Administrative Vlans for APs (63, 93 and 127) and 3 Vlans for clients (one for each Administrative vlan, 16, 64 and 95 respectively). Also, in one of the administrative vlans (63) lives the Management and AP Manager interfaces of the controller. The L3 Switch does the DHCP business also, including giving the Controller IP (option 43).
Here is the deal: When i try to connect one LWAP AP in to the same VLAN as the controller (63) it does gets an IP address of the segment and also gets the Controller IP. BUT, it cannot reach the Controller Management interface, not by ping nor by registering. (i connected a laptop to chek this behavior and it cant ping the Management Interface either)
Then, if i connect the same AP to another VLAN (say.. 93)it will get an IP address of the segment, IP of the controller and it will reach the Controller by means of PING and also discovery request/discovery response. BUT, it wont register with the controller. In both cases, the L3 switch can ping just fine the APs and the Management Interface.
After sniffing little bit I can see that the AP does in fact send the Join request message to the AP Manager interface of the Controller, but it wont get an answer. Then, in the CLI of the Controller (debug lwapp events enable) i can see that the controller does recive the discovery request and send the discovery response messages, but never sees the join request frome the AP.
Configs of the switch and controller attached.
Also, i checked the date of the controller and its up to date, the certificates of the APs should be fine, they will expire in 2 o 3 more years.
Oh, and the Controller its not directly connected to the Switch, its connected to another 3500 switch using a GBIC, but its just used as a media converter... after that switch its connected to a trunk in the L3 Switch.. and yes, the Switch with the controller has all the needed vlans configured so they can be seen on the trunks.
Any help would be greately appretiated.