Cisco 2106 Controller Configuration Problems

Answered Question
Jan 3rd, 2009
User Badges:

Greetings, i have the following network setup.


Vlan 140 - Data - 172.16.1.0 /24

Vlan 141 - Voice - 172.16.2.0 /24

Vlan 200 - Wireless - 172.16.3.0 /24

Vlan 999 - Guest Access - 172.16.4.0 /24


These Vlans are configured on a 2960 Gigabit switch, the gateway for each subnet is an ASA 5510.


I have configured a 2106 Controller with both a management and ap-manager interface which sits on the wireless network and is connected to the switch using port 1, switch config below.


interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk allowed vlan 200

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point


Up until this point no problems, i then set about configuring dynamic interfaces for the voice network (172.16.2.5) on port 2 of the controller and one for the guest network (172.16.4.5)on port 3.


Ports 2 and 3 are trunked to the switch only permitting there respective vlans on the trunk.


Now here is where the issue arrises, i then try to add a dynamic interface for the data network on (172.16.1.5) also on port 2, at this point i loose connection too the controller and am unable to ping it.


interface GigabitEthernet0/19

description Connected to it-wlan-2106 Data/Voice Interface - P2

switchport trunk allowed vlan 140,141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/20

description Connected to it-wlan-2106 Guest Interface - P3

switchport trunk allowed vlan 999

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point


Ive checked for layer 2 and 3 conflicts but cant find any, has anyone had similar experience with this problem? As such i can only get this to work if i put the management and ap-manager interface on the same data subnet.

Correct Answer by Scott Fella about 8 years 3 months ago

That is the issue. You can't have a dynamic interface in which your radius server resides. You should always seperate your wireless from wired. Best practice.... This way you can avoid many issues like what you are having.

Correct Answer by Scott Fella about 8 years 3 months ago

Since you have configured the management via dynamic ineterface, try managing using the ip of the data interface since you are managing the wlc from that network.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Scott Fella Sat, 01/03/2009 - 18:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

That is because you are on the data vlan when accessing the WLC. Unless you allow access to the dynamic interface, you will not be able to access the wlc from a subnet in which one of the dynamic interfaces belong to. You need to enter on the cli


config network mgmt-via-dynamic-interface enable


This will allow you to access the wlc on any of the dynamic interface subnets.


Also, I would set vlan 200 as native on g0/18 and make sure your managemet and ap-manager interface is configure for vlan tag of "0".

exonetinf1nity Tue, 01/06/2009 - 02:41
User Badges:

Makes alot of sense, thank you for your input ill give it a go.


Regards

exonetinf1nity Fri, 01/09/2009 - 13:45
User Badges:

Greetings again, i have found time to make the changes you have suggested unfortunately i am experiencing the same issue.


Could you recommend any further alternatives?


Regards

Scott Fella Fri, 01/09/2009 - 13:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Try to enter this command to see if it helps: config network mgmt-via-wireless


Or else post your show run-config so we can take a look at your config.

exonetinf1nity Sat, 01/10/2009 - 12:18
User Badges:

Thank you for your continued help i have made the above change and still have the same issue.


This is a scaled down version of the config that works. For the purpose of this im connected to the data network for managing the device.


Cisco 2106


Interfaces


management interface - 172.16.1.5 - Port 1 - Vlan 140

ap-manager interface - 172.16.1.5 - Port 1 - Vlan 140

voice interface - 172.16.2.5 - Port 2 - Vlan 141


WLANS


AccessFi - Joined with management interface.

VoiceFi - Joined with voice interface



Switch Config



interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk allowed vlan 140

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/19

description Connected to it-wlan-2106 VoiceInterface - P2

switchport trunk allowed vlan 141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point



This is a scaled down version of the config that im having problems with


Cisco 2106


Interfaces


management interface - 172.16.3.5 - Port 1 - Untagged

ap-manager interface - 172.16.3.5 - Port 1 - Untagged

voice interface - 172.16.2.5 - Port 2 - Vlan 141

data interface - 172.16.1.5 - Port 3 - Vlan 140


WLANS


AccessFi - Joined with data interface

VoiceFi - Joined with voice interface


Switch Config


interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk native vlan 200

switchport trunk allowed vlan 200

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/19

description Connected to it-wlan-2106 VoiceInterface - P2

switchport trunk allowed vlan 141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/20

description Connected to it-wlan-2106 DataInterface - P3

switchport trunk allowed vlan 140

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!


With this config i lose connection with the device even when i have enabled management from both the wireless network and dymanic interface.


Regards

Correct Answer
Scott Fella Sat, 01/10/2009 - 12:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Since you have configured the management via dynamic ineterface, try managing using the ip of the data interface since you are managing the wlc from that network.

exonetinf1nity Sat, 01/10/2009 - 12:52
User Badges:

Right ok i feel silly, i can manage it from the data network now, your help has been fantastic.


Regards

Scott Fella Sat, 01/10/2009 - 13:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The wlc will allow you to manage it if you were on the wireless. However, you can't manage the wlc using the management ip from any network that is configured on the wlc. You saw this when you added the data network while you were wired in. Glad you got it working!

exonetinf1nity Sat, 01/10/2009 - 14:31
User Badges:

I knew it was all too good to hope for, sorry to be a pain but now im unabel to contact my radius server being Windows IAS.


Strange thing is if i remove the data interface and wlan and configure the voice wlan to use the same radius server (172.16.1.25)it authenticates against the server without issue and i receive an ip address via dhcp on the voice network, if i try to use the same server when connecting to the data wlan i get the following.


RADIUS server 172.16.1.25:1812 failed to respond to request (ID 69) for client 00:1c:bf:53:5b:a6 / user 'unknown'


Could this be related to having the data dynamic interface on the same subnet as the radius server?


Regards

Correct Answer
Scott Fella Sat, 01/10/2009 - 15:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

That is the issue. You can't have a dynamic interface in which your radius server resides. You should always seperate your wireless from wired. Best practice.... This way you can avoid many issues like what you are having.

exonetinf1nity Sat, 01/10/2009 - 16:00
User Badges:

No problem, thank you very much for your time ive certainly picked up a few useful tips for the future.


Regards

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode