×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Network issues with WLC

Unanswered Question
Aug 9th, 2013
User Badges:

I'm setting up a new WLC (2504 - SW version 7.5.102.0).  The WLC is connected with port 1 to a WS-C3560X-48P-S switch (SW version 15.0(2)SE4).  However, I've a lot of problems getting the VLANs defined on the WLC active. 


The configuration on the switch is as follows:

interface GigabitEthernet0/22

description WLC

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 199,400,599,998,999

switchport mode trunk

channel-group 48 mode on

ip dhcp snooping trust

end

!

interface Port-channel48

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 199,400,599,998,999

switchport mode trunk

ip dhcp snooping trust

end


On the WLC, I've enabled LAG (as it is now available on the 25XX series), but the problem existed also without LAG and without the port-channel configuration on the switch.


VLAN 400 is the AP management interface (IP subnet is very small /27 with only the switch and the WLC in this VLAN).  This VLAN is communicating normally after reboot of the WLC.


But the other VLAN's I've defined on the WLC are only able to communicate after I've initiated a ping from the WLC to the IP address defined on the switch.  For example, on VLAN 199, the IP address 10.102.31.1 is assigned to the switch, and 10.102.31.2 is assigned to the WLC.  I cannot ping from the LAN to the address 10.102.31.2, and systems connecting to the WLAN using this VLAN are not getting an IP address, unless I initiate a ping from the WLC to the ip address 10.102.31.1.  And this situation is not stable (after a certain time, the communication stops).


On both interfaces (switch/WLC), no errors are seen, so I doubt that this is a hardware issue.


Any hint on what the problem could be is appreciated.


Kind regards,


Dirk Blockx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 08/09/2013 - 04:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Post your show run-config if possible

Sent from Cisco Technical Support iPhone App

Scott Fella Fri, 08/09/2013 - 04:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Can you post the show run-config, not the show run-config commands.

Sent from Cisco Technical Support iPhone App

Scott Fella Fri, 08/09/2013 - 04:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

That config isn't complete:)

Sent from Cisco Technical Support iPhone App

DIRK BLOCKX Fri, 08/09/2013 - 06:17
User Badges:

Dear,


I've been following now the following instructions to get the config of the WLC:

How do I obtain the configuration of my Cisco Wireless LAN Controller (WLC) to send to Product Support?

A common way to gather the entire configuration of a Cisco WLC is as follows:


1. Establish a telnet session to the controller via Hyperterminal.
2. In the Hyperterminal window, choose Transfer-Capture Text.
3. Choose a folder and filename for the capture file.
4. Press the Start Button on the Capture Text window.
5. Logon to the Cisco WLC controller via Hyperterminal.
6. Type 'show' at the (Cisco Controller)> prompt.
7. Type 'advanced eap' and press at the show> prompt.
8. Type 'run-config' and press at the show> prompt.
9. Press to scroll through the WLC configuration until back at the show> prompt.
10. In the Hyperterminal window, choose Transfer-Capture Text-Stop
11. Retrieve the file and attach to the Knowledge Central incident.

Telnet is disabled by default on Cisco Unified.  Use SSH or enable telnet by entering 'config network telnet enable' in the CLI (Management-Telnet/SSH in GUI).

The default telnet inactivity timeout is 5 minutes.  Extend this timeout with the CLI command 'config sessions timeout' (Management-Telnet/SSH from GUI).  This allows the data to be captured for more than the default five minutes.

Note:  A 'running-config' is different from a 'run-config.  Obtaining a 'run-config' is always preferred to investigate Unified configurations.


Attached is this output now (without removal of the Press Enter to continue... lines)


Hopefully it is now complete...

Stephen Rodriguez Fri, 08/09/2013 - 05:27
User Badges:
  • Purple, 4500 points or more

Try this, on the WLC disable DHCP Proxy.  IIRC I've seen proxy have issues dhcp snooping



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

DIRK BLOCKX Fri, 08/09/2013 - 06:44
User Badges:

Hi Steve,


I've issued the command 'config dhcp proxy disable' on the WLC and rebooted it.  But the issue remains.


The WLC comes up, but I'm unable to ping the IP address assigned on VLAN199 (10.102.31.2), VLAN599 (10.102.247.130),  VLAN 998 (10.102.134.2) and VLAN 999 (10.102.135.2).


When I logon to the WLC and ping from the WLC to 10.102.31.1 (defined as default gateway on VLAN199), the network comes up and I can ping to 10.102.31.2 from the network.  Also only then users are getting DHCP leases.


Kind regards,


Dirk

Stephen Rodriguez Fri, 08/09/2013 - 06:57
User Badges:
  • Purple, 4500 points or more

interesting, I still think it's somethign to do with the snooping.


Even though G0/22 and PO48 are marked as trusted, as a test, can you remove vlan 199 from the snooping list, and see if a client can pass traffic without the need to do the ping?



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

DIRK BLOCKX Fri, 08/09/2013 - 07:14
User Badges:

Hi Steve,


Removed VLAN 199 from the snooping list and rebooted the WLC.


The clients are getting an IP address, but I'm not able to ping the IP address on the WLC itself.  Clients are reachable.


I believe that the clients are getting the IP address through the ip helper-address configured on the switch, not through the relay defined on the WLC...


It is a very odd situation - I've configured the same kind of WLC's on different locations already without issues.  Now I'm already struggling a long time with this.


Thanks already for the suggestions - I'm now going on weekend and will only be able to reply Monday morning (CET).


Regards,


Dirk

Syed Moazzam Ali Sun, 08/11/2013 - 09:06
User Badges:

This is very awkward situation. do one thing.

Reconfigure the switch port which is connected to wlc and this time just make it trunk and remove command

switchport trunk allowed vlan 199,400,599,998,999. Let all vlans pass through the link and check the result.

Actions

This Discussion