Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1807
Views
0
Helpful
10
Replies

ASA and WLC Connection Issues

steelinquisitor
Level 1
Level 1

‎08-04-2013 04:54 AM - edited ‎07-04-2021 12:35 AM

asa-wlc.png

Hey guys,

I am having an issue regarding my topology shown above.  Last night, when I was configuring the ASA and WLC, I was able to GUI to my WLC after entering the command same-security-traffic permit inter-interface. However, I was having an issue with WLC. Whenever I created an virtual interface for network 10.2.11.0/24, I lost connectivity to the GUI. I could still ping the WLC's IP address and the virtual interface I created, but I can't GUI back to the WLC.

So what I did to get back to the GUI is, reboot the WLC to clear the virtual interface I created. After doing this, I could GUI back to the WLC. However, after doing this method for 4 times, I lost connectivity to the WLC. I couldn't ping the WLC's IP address from my laptop anymore.  I can still ping all the IP addresses from the ASA. It seems like the there is no L3 routing between the VLANs.

I rebooted both the ASA and WLC, but no luck. The command same-security-traffic permit inter-interface is still configured on the ASA, but the L3 connectivity is gone.

The current config for both ASA and WLC are attached.

Thanks

Labels:
15365216-ASA 5505.txt.zip
15365256-WLC 2504.txt.zip
0 Helpful
10 Replies 10

steelinquisitor
Level 1
Level 1

‎08-04-2013 05:55 AM

I think I have fixed the issue. I changed the VLAN where my station was on, and I was able to GUI to it.

The only thing that bothers me is when I used en extended ping from WLC-if to ping 10.2.11.1, the ping failed. I don't realy know why it did that.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to steelinquisitor

‎08-04-2013 05:57 AM

Well in most cases, the client, wlc and ap would connect to a switch that does the layer 3 and then only traffic that needs to egress the layer 3 would hit the FW.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Scott Fella

‎08-04-2013 06:01 AM

Scott,

Can I use the POE port on the WLC since it is 1Gbit port?

The port that I have on my ASA 5505 are 100Mbits and the AP is currently connected to the ASA POE port.

Also, is it possible to do an etherchannel or LAG port between WLC 2504 and ASA 5505?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to steelinquisitor

‎08-04-2013 06:08 AM

You can, but the WLC isn't a true switch so that the ap would have to be on the SE subnet as the WLC management. That is the only restrictions. Previously, connecting an ap to the 2504 was not supported. They did start supporting it in v7.4 I believe. It's still better to connect to a PoE switch if you ask me. Either way you do it, from the ASA or the WLC is sort of a workaround. Not really what you see in production networks. Even at home, I have my WLC's and AP's connected to a switch. It's just easier to setup and keep stable if you ask me. That just my 2 cents though.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Scott Fella

‎08-04-2013 07:37 AM

Thanks Scott. At this moment, I don't have a switch. The only switch ports that I am using are the ones from ASA 5505.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to steelinquisitor

‎08-04-2013 07:40 AM

Yeah... so what I would do is put the ap on the WLC instead of the ASA.  Your probably better off just getting an AC adapter for your AP and a cheap gigabit switch and connect all your devices to that switch.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Scott Fella

‎08-04-2013 07:51 AM

Scott,

Regarding plugging the AP to the WLC POE port, how would I configure that?

I tried to create a dynamic interface, but I got a IP information address conflict.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to steelinquisitor

‎08-04-2013 07:53 AM

You need to make sure its on the same subnet as your wlc managment.  So your design would be that the WLC and AP are on vlan 6, since your WLC is on vlan 6.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Scott Fella

‎08-04-2013 08:06 AM

I am sorry Scott, but do I need to statically assign an IP address to the AP to do this or should I use a WLC DHCP to provide?

I tried to use the WLC DHCP for the APs plug into WLC POE ports, but the APs are unable to get an IP address from the WLC DHCP.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to steelinquisitor

‎08-04-2013 08:11 AM

You can do either... you can create a dhcp scope on the WLC for the AP's.  DHCP on the WLC is only for AP's and wireless clients, just to let you know... not for wired clients.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card