01-19-2009 08:21 PM - edited 07-03-2021 05:01 PM
WLC 4402 connected to 4507 switch.
GBIC1 connected to a gigabit port on module 3 of the switch; GBIC 2 connected to module 6. LAG is enabled in the 4402 configuration.
I've recently reworked some VLANs, essentially to move workstations and servers off of the default VLAN1, leaving VLAN1 for network management. Cisco also recommends the management and AP-manager interfaces be configured on a non-default VLAN with LAG enabled.
Workstations and servers are working normally when moved to the new VLAN (which is 10) but the WLC 4402 cannot be contacted. APs don't associate with it anymore and I cannot connect to it via the web manager. Since I couldn't get it to work, I connected to the console port and tried untagging the interfaces and readdressing them with IPs on the default VLAN1. While I could again open the web manager, the APs don't associate with the WLC.
WLC management port is configured:
VLAN ID - 10
IP - 10.30.10.58
Subnet - 255.255.254.0
Gateway - 10.30.10.1
AP-manager port is configured:
VLAN ID - 10
IP - 10.30.10.60
Subnet - 255.255.254.0
Gateway - 10.30.10.1
4507R:
Interface port-channel10
Switchport
Switchport trunk encapsulation dot1q
Switchport trunk native vlan 10
Switchport trunk allowed vlan 1,3,6,10
Swithcport mode trunk
Interface g3/3:
Description WLC4402 GBIC 1
Switchport trunk encapsulation dot1q
Switchport trunk native vlan 10
Switchport trunk allowed vlan 1,3,6,10
Swithcport mode trunk
Channel-group 10 mode on
Interface g6/3:
Description WLC4402 GBIC 2
Switchport trunk encapsulation dot1q
Switchport trunk native vlan 10
Switchport trunk allowed vlan 1,3,6,10
Switchport mode trunk
Channel-group 10 mode on
On all local and remote switches, APs are on an access ports assigned to VLAN3. On the WLC, we use a public and private dynamic interface - public on VLAN3 and private on VLAN6.
Any ideas would be appreciated.
TIA
Rick
01-19-2009 09:05 PM
Console into one of the AP's:
Can you ping the Management IP Address of the WLC? If yes, enter following command on the LAP: lwapp ap controller ip address
Does this help?
01-20-2009 04:49 AM
As long as in the wlc you have specified the management and ap=managager as vlan tagged "0" then you have the wlc side done. Now on the switch side..... If you have the ports setup as native vlan 10, and you loose connection, either make sure you don't have this command on your switch:
vlan dot1q tag native
Or else, make sure that vlan is being forwarded from that switch and all the way to the switches that has the ap's on it.
01-20-2009 09:48 AM
The management and AP-manager interfaces are configured for VLAN 10 - not the untagged parameter of 0, which would place them on the default VLAN 1.
Rick
01-20-2009 09:41 AM
When everything is configured to be on VLAN 10, I cannot ping the WLC.
My workstation is also on an access port on the 4507, assigned to VLAN 10.
Rick
01-20-2009 09:48 AM
Are you sure vlan 10 is forwarding on all the switches. Doesn't seem to be..... you are also wired in and don't have your wireless on your laptop associated to an ap correct?
01-20-2009 05:35 PM
Since all workstations are currently on access ports assigned to VLAN 10, I think I'm safe in saying that VLAN 10 is forwarded to all switches. Some of these are Nortel switches.
However, the 2 WLC GBICs and my workstation are all on the same 4507 switch on VLAN 10. I should at least be able to access the WLC or ping it, but cannot.
Yes, the workstation I'm using is a PC that is wired in. The APs are not associating with the WLC and are not accepting connections.
Rick
01-20-2009 05:44 PM
Okay... So on the wlc you have the management and so manager set to vlan 0 and you have LAG enabled. If you configure a port on the 4507 as access port vlan 10 and connect your laptop to that port you can't ping the management interface?
01-20-2009 05:53 PM
No.
On the WLC, I have the management and AP-manager interfaces set with VLAN Identifiers of 10. LAG is enabled.
The 2 physical ports for the GBICS have the channel-group 10 mode on. Port-channel 10 has the switchport trunk navtive vlan 10 command entered.
This configuration is in the WLC 4400 Configuration Guide.
From my PC - wired into an access port on the 4507 and assigned to VLAN 10, I cannot ping the WLC.
Rick
01-20-2009 06:04 PM
That is the issue. Since you have configured native vlan on the switch you are not tagging. So you need I specify the vlan on the mangement and ap manager to '0' which means untag the frame. That should fix your problem. Vlan1 by default is untagged.
01-20-2009 08:28 PM
Actually, it turned out to be the other way around.
Just before leaving the office for the day, on the 4507 I removed the 'switchport trunk native vlan 10' line from the port-channel configuration. The WLC still has the management and AP-manager VLAN Identifier set at 10.
I could now connect to the WLC web manager and saw that all APs had once again associated with the WLC.
After that, I also went back into the 4507 config and changed the port-channel allowed VLANs to be just 3,6,10 and it still worked.
So, contrary to the WLC documentation, tagging the WLC interfaces with the desired VLAN, but NOT setting the port-channel's native VLAN works.
I did all this at the last minute before leaving work, so I still have to check some things out tomorrow, but it looks like this is functioning this way.
Thanks for all your help.
Rick
01-20-2009 08:33 PM
That works too, but it is best practice to set the wlc management and ap-manager to vlan '0' and use the native vlan 10 on your trunk ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide