Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configure a second Wlan on WLC 2504

Hello,

I  created a topic about this problem on the learningnetwork cisco site too. You can find it here: https://learningnetwork.cisco.com/thread/73201.

 

The problem is:

We have the Cisco WLC 2504 with a couple of access points. On this WLC we have a network connection via a radius server for our employees. The DHCP server for this connection is the server you see on the drawing. The connection from the switch to the WLC is connected on port 1 of the WLC. This connection works like a charm.

Now I want to create a second network (which is divorced from our internal network) for our guests, but it doesn’t work till now. What we have at the moment is:

  • A connection from the firewall via the router to the internet
  • A connected cable from the firewall to the WLC on port 2
  • A configured interface (port 2) on the WLC
  • A configured Wlan on the WLC (it is possible to connect to the guest Wlan with a static ip)
  • The SSID of the guest network is broadcasted via the AP’s which also broadcast the internal network SSID

The problem I have now is:

  • I have no connection between the WLC Port 2 (192.168.10.2) and the firewall (192.168.10.1). When I try to ping the firewall (192.168.10.1) I get a no reply received message.

How can I get this working? I hope someone can help me with this. Thanks in advance!

 

Screenshots:

Guest interface

 

Network layout

 

Show int sum

 

Show wlan sum

 

Wlan general

 

Wlan advanced

 

Everyone's tags (1)
3 REPLIES
VIP Purple

Hi Frank,You cannot configure

Hi Frank,

You cannot configure WLC port as L3 port & directly terminate a connection from your firewall. Physical connection from firewall has to terminate on your switch (let's say vlan 10 access port) & WLC port 2 also connect on to that switch on vlan 10. Then your switch should have a SVI for vlan 10.

Then see whether you can ping from firewall to WLC & vice versa.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Hi Rasika,Thanks for your

Hi Rasika,

Thanks for your answer and sorry for my late answer, but it was very busy in the holiday season.

We just have tested the setup as you mentioned, but it didn't work. I created a Vlan (10) on the switch (HP) and we connected WLC port 2 and the firewall on this Vlan. We've tried it with the ports tagged/untagged/no/forbid, but all 4 settings weren't working. We couldn't ping the firewall on ip 192.168.10.1. We connected a phone with a static ip to the network and with the programm "Fing" we could see everything connected on the network, except the firewall.

Do you have another Idea of how to get this to work? Thanks in advance!

Cisco Employee

Frank, The issue is that the

Frank,

 

The issue is that the WLC will not route between VLANs.  In order for the scenario that Rasika recommended to work, the switch needs to be a layer 3 switch or needs a layer 3 device attached to it to route between the VLANs.

In my WLC, I have a guest interface as well:

 

The gateway listed in the VLAN 50 Interface on my L3 Switch:

I then have a route established on my switch to send that traffic to my ASA:

Due to that, I can ping the ASA from my WLC:

Of course, my WLAN for guests only has access to the guest Interface Group:

 

Try these changes on your switch (or other Layer 3 Device) and let us know if it worked for you.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

423
Views
0
Helpful
3
Replies