Can't contact WLC 4402 on non-default VLAN

Unanswered Question
Jan 19th, 2009

WLC 4402 connected to 4507 switch.

GBIC1 connected to a gigabit port on module 3 of the switch; GBIC 2 connected to module 6. LAG is enabled in the 4402 configuration.

I've recently reworked some VLANs, essentially to move workstations and servers off of the default VLAN1, leaving VLAN1 for network management. Cisco also recommends the management and AP-manager interfaces be configured on a non-default VLAN with LAG enabled.

Workstations and servers are working normally when moved to the new VLAN (which is 10) but the WLC 4402 cannot be contacted. APs don't associate with it anymore and I cannot connect to it via the web manager. Since I couldn't get it to work, I connected to the console port and tried untagging the interfaces and readdressing them with IPs on the default VLAN1. While I could again open the web manager, the APs don't associate with the WLC.

WLC management port is configured:

VLAN ID - 10

IP - 10.30.10.58

Subnet - 255.255.254.0

Gateway - 10.30.10.1

AP-manager port is configured:

VLAN ID - 10

IP - 10.30.10.60

Subnet - 255.255.254.0

Gateway - 10.30.10.1

4507R:

Interface port-channel10

Switchport

Switchport trunk encapsulation dot1q

Switchport trunk native vlan 10

Switchport trunk allowed vlan 1,3,6,10

Swithcport mode trunk

Interface g3/3:

Description WLC4402 GBIC 1

Switchport trunk encapsulation dot1q

Switchport trunk native vlan 10

Switchport trunk allowed vlan 1,3,6,10

Swithcport mode trunk

Channel-group 10 mode on

Interface g6/3:

Description WLC4402 GBIC 2

Switchport trunk encapsulation dot1q

Switchport trunk native vlan 10

Switchport trunk allowed vlan 1,3,6,10

Switchport mode trunk

Channel-group 10 mode on

On all local and remote switches, APs are on an access ports assigned to VLAN3. On the WLC, we use a public and private dynamic interface - public on VLAN3 and private on VLAN6.

Any ideas would be appreciated.

TIA

Rick

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Mon, 01/19/2009 - 21:05

Console into one of the AP's:

Can you ping the Management IP Address of the WLC? If yes, enter following command on the LAP: lwapp ap controller ip address

Does this help?

Scott Fella Tue, 01/20/2009 - 04:49

As long as in the wlc you have specified the management and ap=managager as vlan tagged "0" then you have the wlc side done. Now on the switch side..... If you have the ports setup as native vlan 10, and you loose connection, either make sure you don't have this command on your switch:

vlan dot1q tag native

Or else, make sure that vlan is being forwarded from that switch and all the way to the switches that has the ap's on it.

scdladmin Tue, 01/20/2009 - 09:48

The management and AP-manager interfaces are configured for VLAN 10 - not the untagged parameter of 0, which would place them on the default VLAN 1.

Rick

scdladmin Tue, 01/20/2009 - 09:41

When everything is configured to be on VLAN 10, I cannot ping the WLC.

My workstation is also on an access port on the 4507, assigned to VLAN 10.

Rick

Scott Fella Tue, 01/20/2009 - 09:48

Are you sure vlan 10 is forwarding on all the switches. Doesn't seem to be..... you are also wired in and don't have your wireless on your laptop associated to an ap correct?

scdladmin Tue, 01/20/2009 - 17:35

Since all workstations are currently on access ports assigned to VLAN 10, I think I'm safe in saying that VLAN 10 is forwarded to all switches. Some of these are Nortel switches.

However, the 2 WLC GBICs and my workstation are all on the same 4507 switch on VLAN 10. I should at least be able to access the WLC or ping it, but cannot.

Yes, the workstation I'm using is a PC that is wired in. The APs are not associating with the WLC and are not accepting connections.

Rick

Scott Fella Tue, 01/20/2009 - 17:44

Okay... So on the wlc you have the management and so manager set to vlan 0 and you have LAG enabled. If you configure a port on the 4507 as access port vlan 10 and connect your laptop to that port you can't ping the management interface?

scdladmin Tue, 01/20/2009 - 17:53

No.

On the WLC, I have the management and AP-manager interfaces set with VLAN Identifiers of 10. LAG is enabled.

The 2 physical ports for the GBICS have the channel-group 10 mode on. Port-channel 10 has the switchport trunk navtive vlan 10 command entered.

This configuration is in the WLC 4400 Configuration Guide.

From my PC - wired into an access port on the 4507 and assigned to VLAN 10, I cannot ping the WLC.

Rick

Scott Fella Tue, 01/20/2009 - 18:04

That is the issue. Since you have configured native vlan on the switch you are not tagging. So you need I specify the vlan on the mangement and ap manager to '0' which means untag the frame. That should fix your problem. Vlan1 by default is untagged.

scdladmin Tue, 01/20/2009 - 20:28

Actually, it turned out to be the other way around.

Just before leaving the office for the day, on the 4507 I removed the 'switchport trunk native vlan 10' line from the port-channel configuration. The WLC still has the management and AP-manager VLAN Identifier set at 10.

I could now connect to the WLC web manager and saw that all APs had once again associated with the WLC.

After that, I also went back into the 4507 config and changed the port-channel allowed VLANs to be just 3,6,10 and it still worked.

So, contrary to the WLC documentation, tagging the WLC interfaces with the desired VLAN, but NOT setting the port-channel's native VLAN works.

I did all this at the last minute before leaving work, so I still have to check some things out tomorrow, but it looks like this is functioning this way.

Thanks for all your help.

Rick

Scott Fella Tue, 01/20/2009 - 20:33

That works too, but it is best practice to set the wlc management and ap-manager to vlan '0' and use the native vlan 10 on your trunk ports.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode