***4402 Controller VLAN issue***

Unanswered Question
Feb 9th, 2008
User Badges:

Hey everyone,


I'm having a strange problem, and I'm having trouble figuring it out.


I'm running two 4402 controllers connect via dot1q trunks to a 6509 (Native VLAN 1).


I have been creating VLAN interfaces on the controllers and assigning them to WLANs...everything seems to be working fine except when I try to add my VLAN 10.


VLAN 10 is addressed 10.18.0.0/16.


All my WAPs and Controllers are on VLAN 2 (10.12.0.0/16)


My WCS is on VLAN 10 (10.18.1.x).


When I add a VLAN 10 interface of (10.18.201.x) on my controller, I am unable to reach the controller by the Management IP address on VLAN2. This happens with both of my controllers. It appears to be intermittent... For one minute I can ping the management interface and not the VLAN 10 Interface I created...and vice versa.


WCS reports the controllers and being down, and I'm unable to push policy to them.


Please help me with this matter, it's driving me crazy.


Thank you in advance,


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
dancampb Sat, 02/09/2008 - 15:36
User Badges:
  • Cisco Employee,

The issue is that the controller is responding to the packets sent to the management interface through the dynamic interface you created. What you are trying to setup is not really a good design, but if you want to do this you can enable management via dynamic on the controller and point the WCS to the dynamic interface IP address to monitor the controller.

network_dude Sun, 02/10/2008 - 11:26
User Badges:

Thank you for your repsonse...what would be the best design? This is what I have:


CONTROLLER1

Mangement IP: 192.168.12.x/16

VLAN 11: 10.16.12.x/16 (WLAN1)

VLAN 10: 10.18.201.x/16 (WLAN2)


CONTROLLER2

Mangement IP: 192.168.12.x/16

VLAN 11: 10.16.12.x/16 (WLAN1)

VLAN 10: 10.18.201.x/16 (WLAN2)


ACCESS POINTS (30 Total)

192.168.12.x/16


SERVICE PORT (Not Used)

UTILITY PORT (Not Used)


Thank you,


Scott

jwadleigh Tue, 02/12/2008 - 06:53
User Badges:

My suggestion would be to put your WCS on the same VLAN as your management interfaces. The management interface is designed to pass all management traffic, including the SNMP traffic to and from WCS.


Hope this helps.

MichaelMarshall Wed, 02/13/2008 - 12:54
User Badges:

This is a known issue with the 4.2 software. I had the same issue. I would get two successful pings and then next two would drop.


Here is what Cisco customer support says:


As we saw in the websession the controller was having an issue being pinged or added to WCS from a vlan X wired client. We have seen these issues in the past and all of the instances of this bug are not fixed as of yet (12-05-2007). I would either put WCS on the controller management vlan or remove the vlan X dynamic interface from the controller. You could really put WCS on any vlan which will not exist on the controller as a dynamic interface. Keep in mind this would also affect a RADIUS server on the same vlan as a dynamic interface on the controller.

///////////////////////////////////////

CSCsk51226 - WLC using the wrong DMAC for wired devices on dynamic interfaces

Description:

Wired devices on the same IP subnet as a dynamic interface have no IP connectivity to the managment IP address of the WLC. The WLC is sending traffic back to the client using the wrong DMAC.

That bug was duplicated to a Master bug which is:

CSCsj43744 - WLC ingores default gateway arp reply

Description:

Controller ignores default gateway MAC address learn via ARP, and use the source MAC address of the packet to send the traffic back to destination when traffic is desting to a different subnet.

///////////////////////////////////////

These are not fixed in the 4.2.61.0 code but are supposed to be fixed in the next 4.2 release and the 5 release. I do not currently have the timeframe on when those releases will be available.

You can track bug CSCsj43744 using our bugtoolkit found on cisco.com under Support>>Frequently Used Resources>>Bug Toolkit.

For now the only fix would be to use 1 of the workarounds which I stated earlier.

Best Regards,

Jacob Fussell


network_dude Tue, 02/19/2008 - 06:41
User Badges:

Great! Thank you very much for your responses; much appreciated.


Scott

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode