Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

You need to configure the switch port to support the multiple VLANs configured on the WLC because the WLC is connected to a Layer 2 switch. You must configure the switch port as an 802.1Q trunk port.

Each controller port connection is an 802.1Q trunk and should be configured as this on the neighbor switch. On Cisco switches, the native VLAN of an 802.1Q trunk, for example VLAN 1, is left untagged. Therefore, if you configure a controller's interface to use the native VLAN on a neighbor Cisco switch, make sure you configure the interface on the controller as untagged.

A zero value for the VLAN identifier (on the Controller > Interfaces window) means that the interface is untagged. In the example in this document, the AP-Manager and Management Interfaces are configured in the default untagged VLAN.

When a controller interface is set to a non-zero value, it should not be tagged to the native VLAN of the switch and the VLAN must be allowed on the switch. In this example, VLAN 60 is configured as the native VLAN on the switch port that connects to the controller.

This is the configuration for the switch port that connects to the WLC:

interface f0/12
Description Connected to the WLC
switchport trunk encapsulation dot1q
switchport trunk native vlan 60
switchport trunk allowed vlan 103,104
switchport mode trunk
no ip address

This is the configuration for the switch port that connects to the router as a trunk port:

interface f0/10
Description Connected to the Router
switchport trunk encapsulation dot1q
switchport trunk native vlan 60
switchport trunk allowed vlan 103,104
switchport mode trunk
no ip address

This is the configuration for the switch port that connects to the LAP. This port is configured as an access port:

Refer link : http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html#C3

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/68100-wlan-controllers-vlans.html

interface f0/9
Description Connected to the LAP
Switchport access vlan 104
switchport mode access
no ip address

Hi Mates,

I do have the same issue, how did you manage to resolve this?

1) My WLC is not directly connected to Core Switch, Core is in a different floor, where via fiber optic connected to another Layer3 switch, and this port is a trunk, carrying VLAN 10, 20 and 30.

2) WLC is connected then via its port 1 to the access switch off in VLAN10 as an access port.

3) VLAN 10 is my management segment, with 10.10.10.x ip and all APs are in this segment.

4) I would like to have 3 SSIDs, for the above 3 VLAN mentioned, VLAN10 for office managers(APs can remain in this segment as this is a secure zone), VLAN 20 for office staffs (10.10.20.x) and VLAN 30 for guests (10.10.30.x)

5) VLAN10 remains in "management" dynamic interface. port 1 as active port and 0 as backup is assigned by default.

6) I created dynamic interface for VLAN20 with respective IP addresses. (DHCP Server is 10.10.10.4), assigned port 2 and port 0 as backup.

7) I created dynamic interface for VLAN30 with respective IP addresses. (DHCP Server is 10.10.10.4), assigned port 3 and port 0 as backup.

6) I have created 3 SSIDs, VIPs, Staffs and Guests.

7) in WLAN settings of VIPs I let the interface to be tied to management.

8) in WLAN settings of Staffs I set the interface to be tied to VLAN20 dynamic interface.

9) in WLAN settings of Guests I set the interface to be tied to VLAN30 dynamic interface.

However, only those who connect to SSID VIPs can get and IP address. It couldn't be due tp the fact that my DHCP server is in 10.10.10.x segment, as I have already enabled ip routing on my core and inter-vlan routing is 100% working.

Kindly please guide me in this