Correct, its not configured as a LAG.

Yes I pointed the dynamic guest interface to port 2. I have been doing some reading and see that there is a requirement between the WLC and PIX using a trunk port. I may try and plug in a Cisco switch between, to see if that helps.

Do I really need a trunk, if I am only passing the one guest vlan ?

You shouldnt need a truck from a WLC perpsective. Although I am not a PIX guy to be honest. I have my guest access layered into a switch and then our ASA. I would put a swicth inbetween the 2 boxes as you suggested for starters. Make sure from the switch you can hit the guest interface to insure the WLC is good.

So I added the L2 switch in between the Pix and WLC, but I am still having the same issue. I am still unable to ping the interface.

Whats really odd, if I connect a laptop with a static ip to the second interface on the WLC I can ping fine. But if I connect the WLC to a PIX or switch I am unable to ping... what the heck ?

Your switch port that your laptop was on is in the same vlan as your WLC port 2 ? What vlaue (vlan number) do you have in your dynamic interafce for your guest ?

I have two vlans on the WLC.

vlan 250 for Internal Users and vlan 400 for Port 2 (Guest Vlan)

On the switch, have you created the guest vlan and assign switchports to this vlan.  For testing you will need three ports configured on the switch for this vlan.  1) to the controller 2) to the pix 3) laptop for testing.  You might have to configure the port going to the controller as a trunk.

Assuming your L2 is right on the switch .. You should be able to hit the guest interface from your laptop... All are in the same VLAN correct ...

George - Yes this is correct, the L2 is the switch. I can confirm that the switch and pix are working properly, because if I plug in my laptop into any port on the switch I can get internet access through the pix. When I plug in port 2 from the WLC, I dont even receive a link light on the switch from the WLC. I have changed the cables also. Is it possible that port security is creating this from the WLC ?

Colin

Can you post the show run-config

On your PIX, is it a 10/100 port or is it 10/100/1000?  The WLC only does 1000, and doesn't negotiate.

HTH,

Steve

OH CRAP! Great point Steve !

Hey Guys,

The Pix is a 506e and yes its a 10/100 no 1000.

Wow this is a big discovery, thanks guys. I also have an ASA here which I will try, I will let you know how that works.

Colin

Hey Guys,

Unbelievable - I plugged in a 1000 T switch and everything is now up and running.

Thanks so much for all your help.

Cheers

Colin