×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WLC 4404 : AP not routing via second interface

Answered Question
Aug 21st, 2012
User Badges:

WLC4404 - United States

Software Version 5.2.193.0


Hello, we are having a similair problem to another post, where the new WLAN dosn't seem to be routing... but it's not related to name length (ours only 6 charecters). It's almost seems like the new WLC interface (interface2) isn't configured for the same subnet that it's plugged into, but it is.


We actually have 2 WLANS. Alot of the original config was done before my time, between about 3 different people.

The original WLAN config works fine, but part of the problem is the WLC4404 was configured our server VLAN, thus when a client gets an IP, they are placed on our main server VLAN.


Our WLC4404 is connected to our 6509 in our Datacenter, and we have dozens of PTP T1's to our remote offices, which all have WAPs.


On the WLC4404, I've configured a new interface on port 2, vlan404, and I have the new WLAN using that interface. The WLAN security is using WPA2, and authenticates via our ActiveDirector services, as well as handing out DHCP from our Windows DHCP server.


The client wireless PC is able to connect to the WAP, but unable to connect to anything else. It can only ping the WLC4404 interface2 address, and nothing else. It does receieve DHCP info (via WLC via Windows DHCP server), but cannot see DHCP server.


From the WLC4404: I can telnet into the management IP address, and can ping PC's on the new WLAN, and anyplace else, except the vlan gateway ip address on the 6509.


From the 6509: when telnetted in, I can ping everything except interface2 of WLC on vlan404 and the wireless PC using the new WLAN. I am able to ping the ip address of int for vlan404. The 6509 somewhat see's the WLC int2 & wireless PC. Show ARP | inc 404 from the 6509 shows the IP's of the VLAN int, WLC int2, and wireless PC.  Show mac-add-tab | inc 404 shows the WLC and wireless PC on same 6509 port.


From my work PC (via LAN) at a remote location: I can ping everything except Int2 on the WLC, and the wireless PC.


I can provide more settings if that helps.


Thanks,

Jason

Correct Answer by Stephen Rodriguez about 4 years 12 months ago

In the WLC are you tagging 404 on the dynamic interface? if you are, you should set the native vlan on the switch side to be something other than 404.  A dot1q trunk will drop traffic if it receives it's own/native vlan tagged in a packet


HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Stephen Rodriguez Tue, 08/21/2012 - 12:27
User Badges:
  • Purple, 4500 points or more

can you share the switchport configuration of the port connected ot the second port of the WLC?



HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

jasonchristophercobb Tue, 08/21/2012 - 12:56
User Badges:

This is the current config from 6509. 


Again, any WLANs on port1 (management interface) works fine, but it's switchport is set to access(not trunk), and is on our main server VLAN.  Info shown is just for port 2 on the WLC.


interface GigabitEthernet2/45

description Wireless-Guest

no ip address

switchport

switchport access vlan 404

switchport trunk encapsulation dot1q

switchport trunk native vlan 404

switchport trunk allowed vlan 404

switchport mode trunk

spanning-tree portfast



6509_10.X.X.X#show arp | inc 404
Internet  10.32.37.11             0   0c60.764e.8b6d  ARPA   Vlan404       <<<-- laptop on new WLAN
Internet  10.32.37.3              0   0007.0e55.d4a4  ARPA   Vlan404        <<<--- WLC4404
Internet  10.32.37.1              -   0016.9c5d.7400  ARPA   Vlan404         <<<--- 6509 VLAN404 Int


6509_10.X.X.X#show mac-address-table | inc 404
*  404  0016.9c5d.7400    static  No           -   Router
*  404  0c60.764e.8b6d   dynamic  Yes          0   Gi2/45                    <<<<--- laptop on new WLAN
*  404  3333.0000.000d    static  Yes          -   Gi1/24,Gi2/1,Gi2/2,Gi2/3
*  404  3333.0000.0001    static  Yes          -   Switch,Stby-Switch
*  404  3333.0000.0016    static  Yes          -   Switch,Stby-Switch
*  404  0007.0e55.d4a4   dynamic  Yes          0   Gi2/45                    <<<<--- WLC4404 port 2



6509_10.X.X.X#show int gi2/45

GigabitEthernet2/45 is up, line protocol is up (connected)

  Hardware is C6k 1000Mb 802.3, address is 0015.c6c8.f664 (bia 0015.c6c8.f664)

  Description: Wireless-Guest

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Full-duplex, 1000Mb/s

  input flow-control is off, output flow-control is on

  Clock mode is auto

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:08, output 00:00:28, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/2000/99/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     16540190 packets input, 3693669430 bytes, 0 no buffer

     Received 2802720 broadcasts (393747 multicast)

     0 runts, 0 giants, 0 throttles

     99 input errors, 0 CRC, 0 frame, 35 overrun, 0 ignored

     0 watchdog, 0 multicast, 0 pause input

     0 input packets with dribble condition detected

     3114785408 packets output, 3272234004023 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out



6509_10.X.X.X#show int vlan404

Vlan404 is up, line protocol is up

  Hardware is EtherSVI, address is 0016.9c5d.7400 (bia 0016.9c5d.7400)

  Description: PAC Wireless EMR

  Internet address is 10.32.37.1/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

  L2 Switched: ucast: 74 pkt, 5754 bytes - mcast: 165339 pkt, 9962255 bytes

  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast

  L3 out Switched: ucast: 20643 pkt, 1656479 bytes mcast: 0 pkt, 0 bytes

     165403 packets input, 10624635 bytes, 0 no buffer

     Received 165402 broadcasts (0 IP multicast)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     183166 packets output, 12089380 bytes, 0 underruns

     0 output errors, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

Correct Answer
Stephen Rodriguez Tue, 08/21/2012 - 13:00
User Badges:
  • Purple, 4500 points or more

In the WLC are you tagging 404 on the dynamic interface? if you are, you should set the native vlan on the switch side to be something other than 404.  A dot1q trunk will drop traffic if it receives it's own/native vlan tagged in a packet


HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

jasonchristophercobb Tue, 08/21/2012 - 13:46
User Badges:

THANKS! That was it.. well kind of. The clients on the new WLAN can at least see everything internally now, just not routing outside to internet...  I will try and figure that out before I come back and ask for more help.


Thank you!

Actions

This Discussion

Related Content