Solved: Cisco 2106 Controller Configuration Problems

exonetinf1nity · ‎01-03-2009

Greetings, i have the following network setup.

Vlan 140 - Data - 172.16.1.0 /24

Vlan 141 - Voice - 172.16.2.0 /24

Vlan 200 - Wireless - 172.16.3.0 /24

Vlan 999 - Guest Access - 172.16.4.0 /24

These Vlans are configured on a 2960 Gigabit switch, the gateway for each subnet is an ASA 5510.

I have configured a 2106 Controller with both a management and ap-manager interface which sits on the wireless network and is connected to the switch using port 1, switch config below.

interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk allowed vlan 200

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

Up until this point no problems, i then set about configuring dynamic interfaces for the voice network (172.16.2.5) on port 2 of the controller and one for the guest network (172.16.4.5)on port 3.

Ports 2 and 3 are trunked to the switch only permitting there respective vlans on the trunk.

Now here is where the issue arrises, i then try to add a dynamic interface for the data network on (172.16.1.5) also on port 2, at this point i loose connection too the controller and am unable to ping it.

interface GigabitEthernet0/19

description Connected to it-wlan-2106 Data/Voice Interface - P2

switchport trunk allowed vlan 140,141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/20

description Connected to it-wlan-2106 Guest Interface - P3

switchport trunk allowed vlan 999

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

Ive checked for layer 2 and 3 conflicts but cant find any, has anyone had similar experience with this problem? As such i can only get this to work if i put the management and ap-manager interface on the same data subnet.

Scott Fella · ‎01-10-2009

Since you have configured the management via dynamic ineterface, try managing using the ip of the data interface since you are managing the wlc from that network.

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎01-10-2009

That is the issue. You can't have a dynamic interface in which your radius server resides. You should always seperate your wireless from wired. Best practice.... This way you can avoid many issues like what you are having.

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎01-03-2009

That is because you are on the data vlan when accessing the WLC. Unless you allow access to the dynamic interface, you will not be able to access the wlc from a subnet in which one of the dynamic interfaces belong to. You need to enter on the cli

config network mgmt-via-dynamic-interface enable

This will allow you to access the wlc on any of the dynamic interface subnets.

Also, I would set vlan 200 as native on g0/18 and make sure your managemet and ap-manager interface is configure for vlan tag of "0".

-Scott
*** Please rate helpful posts ***

exonetinf1nity · ‎01-06-2009

Makes alot of sense, thank you for your input ill give it a go.

Regards

exonetinf1nity · ‎01-09-2009

Greetings again, i have found time to make the changes you have suggested unfortunately i am experiencing the same issue.

Could you recommend any further alternatives?

Regards

Scott Fella · ‎01-09-2009

Try to enter this command to see if it helps: config network mgmt-via-wireless

Or else post your show run-config so we can take a look at your config.

-Scott
*** Please rate helpful posts ***

exonetinf1nity · ‎01-10-2009

Thank you for your continued help i have made the above change and still have the same issue.

This is a scaled down version of the config that works. For the purpose of this im connected to the data network for managing the device.

Cisco 2106

Interfaces

management interface - 172.16.1.5 - Port 1 - Vlan 140

ap-manager interface - 172.16.1.5 - Port 1 - Vlan 140

voice interface - 172.16.2.5 - Port 2 - Vlan 141

WLANS

AccessFi - Joined with management interface.

VoiceFi - Joined with voice interface

Switch Config

interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk allowed vlan 140

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/19

description Connected to it-wlan-2106 VoiceInterface - P2

switchport trunk allowed vlan 141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

This is a scaled down version of the config that im having problems with

Cisco 2106

Interfaces

management interface - 172.16.3.5 - Port 1 - Untagged

ap-manager interface - 172.16.3.5 - Port 1 - Untagged

voice interface - 172.16.2.5 - Port 2 - Vlan 141

data interface - 172.16.1.5 - Port 3 - Vlan 140

WLANS

AccessFi - Joined with data interface

VoiceFi - Joined with voice interface

Switch Config

interface GigabitEthernet0/18

description Connected to it-wlan-2106 MgmtInterface - P1

switchport trunk native vlan 200

switchport trunk allowed vlan 200

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/19

description Connected to it-wlan-2106 VoiceInterface - P2

switchport trunk allowed vlan 141

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/20

description Connected to it-wlan-2106 DataInterface - P3

switchport trunk allowed vlan 140

switchport mode trunk

speed 100

duplex full

spanning-tree link-type point-to-point

!

With this config i lose connection with the device even when i have enabled management from both the wireless network and dymanic interface.

Regards

Scott Fella · ‎01-10-2009

Since you have configured the management via dynamic ineterface, try managing using the ip of the data interface since you are managing the wlc from that network.

-Scott
*** Please rate helpful posts ***

exonetinf1nity · ‎01-10-2009

Right ok i feel silly, i can manage it from the data network now, your help has been fantastic.

Regards

Scott Fella · ‎01-10-2009

The wlc will allow you to manage it if you were on the wireless. However, you can't manage the wlc using the management ip from any network that is configured on the wlc. You saw this when you added the data network while you were wired in. Glad you got it working!

-Scott
*** Please rate helpful posts ***

exonetinf1nity · ‎01-10-2009

I knew it was all too good to hope for, sorry to be a pain but now im unabel to contact my radius server being Windows IAS.

Strange thing is if i remove the data interface and wlan and configure the voice wlan to use the same radius server (172.16.1.25)it authenticates against the server without issue and i receive an ip address via dhcp on the voice network, if i try to use the same server when connecting to the data wlan i get the following.

RADIUS server 172.16.1.25:1812 failed to respond to request (ID 69) for client 00:1c:bf:53:5b:a6 / user 'unknown'

Could this be related to having the data dynamic interface on the same subnet as the radius server?

Regards

Scott Fella · ‎01-10-2009

That is the issue. You can't have a dynamic interface in which your radius server resides. You should always seperate your wireless from wired. Best practice.... This way you can avoid many issues like what you are having.

-Scott
*** Please rate helpful posts ***

exonetinf1nity · ‎01-10-2009

No problem, thank you very much for your time ive certainly picked up a few useful tips for the future.

Regards