Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

L3 connections between Access points and WLC

hi,

we have a customer asking us to configure wireless system as per attached drawing.

 WLC is in Data Center which is connected to Data Center Switch ( Cisco 3850), then this DC-Switch is connected to DC-Core ( Cisco Nexus-7K).

this Nexus-7K is connected to many campus Networks. in all campuses there is Cisco 4507 Campus Core which is connected to Nexus-7K.

then from Campus core many distribution switches are connected.

all Vlans for data and wifi is created in Distribution Switches. Distribution Switches are VTP Servers and many access switches with connected APs are connected back to this Distribution Switch.

All Access Points are registered at WLC in Data Center, but wifi clients are not getting ip address from DHCP Server, as well as even if we configured static ip address at wifi clients they are not able to communicate correctly.

 

please correct me if there is a mistake in this design , or we have a solution to solve this problem please let me know.

attached topology diagram 

 

thanks,

anvar

 

Everyone's tags (1)
13 REPLIES
New Member

Hey Anvar, Too much details

Hey Anvar,

 

Too much details about network, to make it simple:

1- APs and WLC can be in separate VLANs (Not a problem)

2- As APs have joined, these two VLANs look fine for me

 

If your clients can't communicate probably with static IP address

1- From the WLC, ping default gateway for that VLAN

2- If the WLC can reach the gateway, its wired VLAN issue that you need to investigate in the path (maybe using wired device in the same VLAN as the clients in the switch where the APs are connected)

 

Now, about why the clients are not taking IP:

1- What is your DHCP, where its located? Is it the same one for all clients?

2- Do you have local APs or FlexConnect ?

3- When you run the debugs for DHCP where the process breaks?

 

Cheers,

Nour

New Member

Hi Nour, the problem is at L3

Hi Nour,

 

the problem is at L3, as you stated WLC can not ping gateway of VLANs, but from the switch were wlc is connected can reach all subnets.

so i doubt the problem is at wired side. have you check the connectivity diagram uploaded with my initial post.

 

thanks,

anvar

VIP Purple

DId you configure ip helper

DId you configure ip helper-address <dhcp server ip address> on distribution switch ??

Like this:

Interface vlan 27

ip address 10.252.27.254 255.255.255.0

ip helper-address 10.252.2.100

 

Regards

Dont forget to rate helpful posts

New Member

AKH-MFPADMIN-B01-DSW001#sh

AKH-MFPADMIN-B01-DSW001#sh run int vl 27
Building configuration...

Current configuration : 168 bytes
!
interface Vlan27
 description ***Reserved-Vlan-1***
 ip address 10.252.27.254 255.255.255.0
 ip helper-address 10.252.2.100
 no ip redirects
 no ip unreachables
end

New Member

Vlan-27 and 28 can ping from

Vlan-27 and 28 can ping from Server Farm Switch switch, were the WLC is connected to.

but these vlan interfaces are not created in server Farm VTP domain, it is in another VTP domain connected via L3 link

thanks,

anvar

Hi Anvar,if the Access Points

Hi Anvar,

if the Access Points are connected to the WLC, looks like the first step is successful.

The Wifi-Clients need to get their IP Address from Nexus-DC VLAN's. So, separate Wifi Clients VLANs  OR the Nexus-DC Switch has an ip address from VLAN27 or 28 configured.

 

Normally is looks like this - see the pdf

 

br,

Chris

 

New Member

hi Chris, could you please

hi Chris,

 

could you please explain why VLAN-27 ,28 has to create at Nexus-DC. 

currently these two vlans are created at Building Distribution Switch.

 

anvar

 

 

 

Hi Anvar,the AP has a tunnel

Hi Anvar,

the AP has a tunnel to the WLC. The WLC need a L2 connection to each Subnet, where your Wifi clients need ip addresses. That's why your wlc is working if you change the connection from DC to Access Distribution. 

 

Did you see the my pdf? There you can find one solution or an example how to build it.

 

Or second solution. Configure one IP Address in VLAN 27 (one ip address in VLAN28, etc.) on Nexus-DC. Consider Routing VLAN27 from Nexus-DC to Access-DC.

 

br,

chris

 

New Member

thanks chris,the solution you

thanks chris,

the solution you suggested in good, also changing AP mode to flex-connect will fix this problem.

i can ping all other vlan gateways from wlc at building distribution switch, but i can not ping vlan-27 and 28 from wlc..do you know why it is ??

i have created interfaces at wlc with vlan-27 and 28.

 

thanks,

anvar

 

 

Hi,Flex-connect within your

Hi,

Flex-connect within your campus. ok, that's another topic.

Connection WLC: Did you connect your WLC with a trunk? Are this VLAN allowed on the trunk at the switch? Can you ping (extended ping) your VLAN 27 gateay from Nexus-DC Switch from VLAN 27 ip?

If VLAN27 incl one ip address is configured on Nexus-DC you need to check routing (EIGRP or static), because the GW is on Access-DC not Nexus-DC. 

 

Think about my solution and use  own wifi client subnets directly used on Nexus-DC. It's the easiest and most practicable way.

 

br,

chris

 

VIP Purple

Which version of NX-OS you

Which version of NX-OS you running on your 7K ? See whether any DHCP related bugs of that code you running on 7K.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Hi Rasika, Problem in not

Hi Rasika,

 

Problem in not Nexus, same scenarios we had faced before also, and it was not able to fix, then we disconnected WLC from Server farm switch to Admin Distribution Switch directly and it worked.

i can not ping vla 27,28 gateways from WLC but i can ping vlan-25, 26 and 29 which is all in the same distribution switch.

 

thanks,

anvar

 

 

 

New Member

Hey Anvar, The clients are

Hey Anvar,

 

The clients are supposed to take IP address from dynamic interface, this dynamic interface represents a VLAN in the wired side of the network. 

Confirm that the WLC can ping the dynamic interface gateway (else the problem with the direct connection between the controller and switch) 

Can you ping the VLAN GW from the AP itself? if not then the traffic is not reaching the controller in the first place. 

To have wireless connection, keep in mind that all the traffic is switched in the wired between the AP <-> controller and returns back to the AP. 

 

Cheers,

Nour

 

228
Views
0
Helpful
13
Replies
CreatePlease to create content