01-04-2012 10:27 AM - edited 07-03-2021 09:19 PM
Hello All,
I have a WLC 4402 with 20 AP's. I currently use it only for my internal Lan and everything works great.
I would not like to add "Guest Wireless" SSID, so I connect a Cisco PIX501 to the second port. For what ever reason
I have no Layer two connectivity between the pix and port. The interfaces are obviously configured on seperate vlans
but my question is, whats the best way to troubleshoot this connectivity issue ? I have removed any Vlan tagging also
on the port. Any help would be appreciated.
Thanks
Colin
01-04-2012 10:41 AM
Hi Colin,
Some assumtions. You mentioned "port", I am assuming you WLC is NOT configured as LAG, correct?
You created a dynamic guest interface. Did you point this interface to the correct port on the WLC? ?
01-04-2012 10:46 AM
Correct, its not configured as a LAG.
Yes I pointed the dynamic guest interface to port 2. I have been doing some reading and see that there is a requirement between the WLC and PIX using a trunk port. I may try and plug in a Cisco switch between, to see if that helps.
Do I really need a trunk, if I am only passing the one guest vlan ?
01-04-2012 11:37 AM
You shouldnt need a truck from a WLC perpsective. Although I am not a PIX guy to be honest. I have my guest access layered into a switch and then our ASA. I would put a swicth inbetween the 2 boxes as you suggested for starters. Make sure from the switch you can hit the guest interface to insure the WLC is good.
01-04-2012 11:47 AM
So I added the L2 switch in between the Pix and WLC, but I am still having the same issue. I am still unable to ping the interface.
Whats really odd, if I connect a laptop with a static ip to the second interface on the WLC I can ping fine. But if I connect the WLC to a PIX or switch I am unable to ping... what the heck ?
01-04-2012 12:12 PM
Your switch port that your laptop was on is in the same vlan as your WLC port 2 ? What vlaue (vlan number) do you have in your dynamic interafce for your guest ?
01-04-2012 12:27 PM
I have two vlans on the WLC.
vlan 250 for Internal Users and vlan 400 for Port 2 (Guest Vlan)
01-04-2012 01:20 PM
On the switch, have you created the guest vlan and assign switchports to this vlan. For testing you will need three ports configured on the switch for this vlan. 1) to the controller 2) to the pix 3) laptop for testing. You might have to configure the port going to the controller as a trunk.
01-04-2012 01:41 PM
Assuming your L2 is right on the switch .. You should be able to hit the guest interface from your laptop... All are in the same VLAN correct ...
01-05-2012 05:55 AM
George - Yes this is correct, the L2 is the switch. I can confirm that the switch and pix are working properly, because if I plug in my laptop into any port on the switch I can get internet access through the pix. When I plug in port 2 from the WLC, I dont even receive a link light on the switch from the WLC. I have changed the cables also. Is it possible that port security is creating this from the WLC ?
Colin
01-05-2012 01:12 PM
Can you post the show run-config
01-05-2012 01:14 PM
On your PIX, is it a 10/100 port or is it 10/100/1000? The WLC only does 1000, and doesn't negotiate.
HTH,
Steve
01-05-2012 01:16 PM
OH CRAP! Great point Steve !
01-06-2012 04:57 AM
Hey Guys,
The Pix is a 506e and yes its a 10/100 no 1000.
Wow this is a big discovery, thanks guys. I also have an ASA here which I will try, I will let you know how that works.
Colin
01-06-2012 10:47 AM
Hey Guys,
Unbelievable - I plugged in a 1000 T switch and everything is now up and running.
Thanks so much for all your help.
Cheers
Colin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide