Solved: 1142 converted to LAP and VLANs

christophe.berger · ‎01-23-2012

Hi,

I just converted AP 1142 to LAP using the image "c1140-rcvk9w8-tar.124-21a.JA2.tar".

The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16

The main management interface is on 192.168/24 but we defined as management the interface on the 10.20/16 network.

For the access points, we use ports on a native VLAN on 10.20/16 with other available VLANS which are used for the wlan networks

We have 1152 APs which work fine on this config but that needed to be registered on the 192.168/24 network, then we moved them in their VLAN 10/20/16 and they work fine.

We also have 1142 APs which have been upgraded to LAP. These AP do not work with our architecture.

They register correctly on the 192.168/24 network, but do not give access to the wlan VLANs. If they are moved in the 10.20/16 network, they don't register to the WLC (message : Timed out while waiting for ECHO repsonse from the AP). The AP do not get an IP.

is there a restriction with VALNs on these AP ? or is something false ?

Thanks,

Christophe

Leo Laohoo · ‎01-23-2012

The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16

Are the ports of the 5508 configured as LAG and as a Trunk?

What about the switch-side? Are they configured as trunk?

The switch ports configured for the AP, is it a trunk or access port? DO you have the correct VLANs created?

View solution in original post

ChristopheBerger · ‎01-28-2012

Hi,

Thanks for your ideas, finally in investigating around the switch we found out that the port on which was running the AP was disfunctional. The ethernet negociation could not be done... At first I did not think of this kind of problem.

Christophe

View solution in original post

Stephen Rodriguez · ‎01-23-2012

No, the AP can be on any VLAN so long as it can reach the WLC Management address on UDP 5246/5247.

As for teh access to the WLAN, are you using AP Groups?

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

christophe.berger · ‎01-23-2012

Yes we're using AP groups.

When the AP get registered (in the main network) it is assigned to an AP group, and starts broadcasting the wlan networks. But then, any connection fails, the client does not get an IP, as if it is not able to reach the correct VLAN.

The same configuration is applied to the 1152 APs and it works just fine.

Stephen Rodriguez · ‎01-23-2012

can you post the config from the WLC?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

christophe.berger · ‎01-23-2012

yes, i'll just wipe the "secret" things

Thanks for your help

Christophe

christophe.berger · ‎01-23-2012

Stephen, leolaohoo thank you for your help and ideas

Here is the configuration (some details deleted or renamed), sorry I did not find the way to attach a file :

config location expiry tags 5

config local-auth method fast server-key encrypt 1 xxx xxx xx xxx

config time ntp interval 3600

config time ntp server 1 192.168.0.200

config license boot auto

config logging syslog level informational

config logging syslog level 6

config logging syslog facility local1

config logging syslog host 192.168.0.200

config logging buffered alerts

config logging buffered 1

config sysname wlc1

config interface address management 192.168.0.219 255.255.255.0 192.168.0.254

config interface port management 1

config interface address service-port 169.254.1.2 255.255.255.0

config interface address virtual 1.1.1.1

config interface address dynamic-interface guestwlan 192.168.1.253 255.255.255.0 192.168.1.254

config interface port guestwlan 1

config interface address dynamic-interface "vlan20 servers" 10.20.255.250 255.255.0.0 10.20.255.254

config interface port "vlan20 servers" 2

config interface ap-manager "vlan20 servers" enable

config interface address dynamic-interface "vlan22 wlan test 1" 10.22.255.250 255.255.0.0 10.22.255.254

config interface port "vlan22 wlan test 1" 2

config interface address dynamic-interface "vlan23 wlan test 2" 10.23.255.250 255.255.0.0 10.23.255.254

config interface port "vlan23 wlan test 2" 2

config interface address dynamic-interface "vlan24 wlan test 3" 10.24.255.250 255.255.0.0 10.24.255.254

config interface port "vlan24 wlan test 3" 2

config interface address dynamic-interface "vlan25 wlan test 4" 10.25.255.250 255.255.0.0 10.25.255.254

config interface port "vlan25 wlan test 4" 2

config interface address dynamic-interface "vlan26 wlan test 6" 10.26.255.250 255.255.0.0 10.26.255.254

config interface port "vlan26 wlan test 6" 2

config interface address dynamic-interface "vlan27 wlan test 7" 10.27.255.250 255.255.0.0 10.27.255.254

config interface port "vlan27 wlan test 7" 2

config interface group interface add production guestwlan

config interface group interface add production management

config interface group create production

config interface group interface add r&d "vlan22 wlan test 1"

config interface group interface add r&d "vlan23 wlan test 2"

config interface group interface add r&d "vlan24 wlan test 3"

config interface group interface add r&d "vlan25 wlan test 4"

config interface group interface add r&d "vlan26 wlan test 6"

config interface group interface add r&d "vlan27 wlan test 7"

config interface group create r&d

config interface dhcp management primary 192.168.0.252

config interface dhcp service-port disable

config interface vlan guestwlan 200

config interface create guestwlan 200

config interface dhcp dynamic-interface guestwlan primary 192.168.7.254

config interface vlan "vlan20 servers" 0

config interface create "vlan20 servers" 0

config interface dhcp dynamic-interface "vlan20 servers" primary 10.20.255.252

config interface vlan "vlan22 wlan test 1" 22

config interface create "vlan22 wlan test 1" 22

config interface dhcp dynamic-interface "vlan22 wlan test 1" primary 10.20.255.252

config interface vlan "vlan23 wlan test 2" 23

config interface create "vlan23 wlan test 2" 23

config interface dhcp dynamic-interface "vlan23 wlan test 2" primary 10.20.255.252

config interface vlan "vlan24 wlan test 3" 24

config interface create "vlan24 wlan test 3" 24

config interface dhcp dynamic-interface "vlan24 wlan test 3" primary 10.20.255.252

config interface vlan "vlan25 wlan test 4" 25

config interface create "vlan25 wlan test 4" 25

config interface dhcp dynamic-interface "vlan25 wlan test 4" primary 10.20.255.252

config interface vlan "vlan26 wlan test 6" 26

config interface create "vlan26 wlan test 6" 26

config interface dhcp dynamic-interface "vlan26 wlan test 6" primary 10.20.255.252

config interface vlan "vlan27 wlan test 7" 27

config interface create "vlan27 wlan test 7" 27

config interface dhcp dynamic-interface "vlan27 wlan test 7" primary 10.20.255.252

config country FR

config mobility group domain FRzone

config radius auth add encrypt 1 10.20.255.251 1812 password 1 xxxx

config radius auth management 1 enable

config radius auth retransmit-timeout 1 2

config radius auth network 1 enable

config radius auth rfc3576 enable 1

config radius auth enable 1

config nmsp notification interval rssi rfid 2

config certificate generate webauth

config database size 2048

config network master-base enable

config network rf-network-name FRzone

config rfid timeout 1200

config rfid status enable

config rfid mobility pango disable

config mgmtuser add encrypt admin 1 xxx 32 xxx read-write

config mgmtuser add encrypt RWAdm 1 xxx 32 xxx read-write

config advanced probe-limit 2 500

config advanced probe limit 2 500

config advanced 802.11a channel add 36

config advanced 802.11a channel add 40

config advanced 802.11a channel add 44

config advanced 802.11a channel add 48

config advanced 802.11a channel add 52

config advanced 802.11a channel add 56

config advanced 802.11a channel add 60

config advanced 802.11a channel add 64

config advanced 802.11a channel add 100

config advanced 802.11a channel add 104

config advanced 802.11a channel add 108

config advanced 802.11a channel add 112

config advanced 802.11a channel add 116

config advanced 802.11a channel add 120

config advanced 802.11a channel add 124

config advanced 802.11a channel add 128

config advanced 802.11a channel add 132

config advanced 802.11a channel add 136

config advanced 802.11a channel add 140

config advanced 802.11a channel cleanair-event enable

config advanced 802.11a channel dca chan-width-11n 40

config advanced 802.11b channel add 1

config advanced 802.11b channel add 6

config advanced 802.11b channel add 11

config advanced 802.11b channel cleanair-event enable

config advanced 802.11b tx-power-control-thresh -80

config wlan wmm allow 1

config wlan mfp client disable 1

config wlan wmm allow 2

config wlan mfp client disable 2

config wlan chd 3 disable

config wlan wmm allow 3

config wlan mfp client enable 3

config wlan wmm allow 4

config wlan mfp client enable 4

config wlan wmm allow 5

config wlan mfp client enable 5

config wlan wmm allow 6

config wlan mfp client enable 6

config wlan wmm allow 7

config wlan mfp client enable 7

config wlan security wpa akm psk set-key hex encrypt 1 xxx

config wlan security wpa akm psk enable 1

config wlan security wpa akm 802.1x disable 1

config wlan security wpa enable 1

config wlan security wpa akm psk set-key hex encrypt 1 xxx

config wlan security wpa akm psk enable 2

config wlan security wpa akm 802.1x disable 2

config wlan security wpa enable 2

config wlan security wpa wpa2 disable 3

config wlan security wpa akm 802.1x disable 3

config wlan security wpa disable 3

config wlan security wpa wpa2 disable 4

config wlan security wpa akm psk set-key hex encrypt 1 xxx

config wlan security wpa akm psk enable 4

config wlan security wpa akm 802.1x disable 4

config wlan security wpa wpa1 ciphers tkip enable 4

config wlan security wpa wpa1 enable 4

config wlan security wpa enable 4

config wlan security wpa wpa2 ciphers tkip enable 5

config wlan security wpa akm psk set-key hex encrypt 1 xxx

config wlan security wpa akm psk enable 5

config wlan security wpa akm 802.1x disable 5

config wlan security wpa enable 5

config wlan security wpa akm psk set-key hex encrypt 1 xxx

config wlan security wpa akm psk enable 6

config wlan security wpa akm 802.1x disable 6

config wlan security wpa enable 6

config wlan security wpa enable 7

config wlan exclusionlist 1 1

config wlan channel-scan defer-priority 6 enable 1

config wlan channel-scan defer-priority 5 enable 1

config wlan exclusionlist 2 2

config wlan exclusionlist 3 3

config wlan radius_server acct disable 3

config wlan radius_server auth disable 3

config wlan exclusionlist 4 4

config wlan radius_server acct disable 4

config wlan radius_server auth disable 4

config wlan exclusionlist 5 5

config wlan exclusionlist 6 6

config wlan exclusionlist 7 7

config wlan radius_server acct disable 7

config wlan radius_server auth add 7 1

config wlan broadcast-ssid enable 1

config wlan broadcast-ssid enable 2

config wlan broadcast-ssid enable 3

config wlan broadcast-ssid enable 4

config wlan broadcast-ssid enable 5

config wlan broadcast-ssid enable 6

config wlan broadcast-ssid enable 7

config wlan interface 1 management

config wlan session-timeout 1 1800

config wlan interface 2 guestwlan

config wlan session-timeout 2 1800

config wlan interface 3 "vlan27 wlan test 7"

config wlan session-timeout 3 1800

config wlan interface 4 "vlan22 wlan test 1"

config wlan session-timeout 4 1800

config wlan interface 5 "vlan23 wlan test 2"

config wlan session-timeout 5 1800

config wlan interface 6 "vlan24 wlan test 3"

config wlan session-timeout 6 1800

config wlan interface 7 "vlan25 wlan test 4"

config wlan session-timeout 7 1800

config wlan create 1 linknet linknet

config wlan create 2 guestwlan guestwlan

config wlan create 3 open Open

config wlan create 4 WPA-PSK-TKIP wptkip

config wlan create 5 WPA2-PSK-TKIP wp2tkip

config wlan create 6 WPA2-PSK-AES wp2aes

config wlan create 7 WPA2-ENT-AES ent2

config wlan apgroup add R&D_Group

config wlan apgroup add ValidationNetwork "Validation Network"

config wlan apgroup description ValidationNetwork "Validation Network"

config wlan apgroup interface-mapping add ValidationNetwork 3 "vlan27 wlan test 7"

config wlan apgroup interface-mapping add ValidationNetwork 7 "vlan25 wlan test 4"

config wlan apgroup interface-mapping add ValidationNetwork 4 "vlan22 wlan test 1"

config wlan apgroup interface-mapping add ValidationNetwork 5 "vlan23 wlan test 2"

config wlan apgroup interface-mapping add ValidationNetwork 6 "vlan24 wlan test 3"

config wlan apgroup add TestNetwork "Test Network"

config wlan apgroup description TestNetwork "Test Network"

config wlan apgroup interface-mapping add TestNetwork 4 "vlan22 wlan test 1"

config wlan apgroup interface-mapping add TestNetwork 5 "vlan23 wlan test 2"

config wlan apgroup interface-mapping add TestNetwork 6 "vlan24 wlan test 3"

config wlan apgroup interface-mapping add TestNetwork 7 "vlan25 wifi test 4"

config wlan qos 1 gold

config wlan enable 2

config wlan qos 3 bronze

config wlan radio 3 802.11bg

config wlan enable 3

config wlan radio 4 802.11bg

config wlan enable 4

config wlan radio 5 802.11bg

config wlan enable 5

config wlan radio 6 802.11bg

config wlan enable 6

config wlan enable 7

config dhcp proxy disable bootp-broadcast disable

config 802.11a 11nsupport a-msdu tx priority

config 802.11a rate disabled 6

config 802.11a rate disabled 9

config 802.11a rate supported 24

config 802.11a cleanair alarm device enable cont-tx

config 802.11a cleanair alarm device enable jammer

config 802.11a cleanair alarm device enable wimax-fixed

config 802.11a cleanair alarm device enable dect-like

config 802.11a cleanair alarm device enable tdd-tx

config 802.11a cleanair alarm device enable video

config 802.11a cleanair alarm device enable wimax-mobile

config 802.11a cleanair alarm device enable 802.11-inv

config 802.11a cleanair alarm device enable 802.11-nonstd

config 802.11a cleanair alarm device enable superag

config 802.11a cleanair alarm device enable canopy

config 802.11a cleanair enable

config 802.11a beamforming global enable

config 802.11a cac voice sip bandwidth 64 sample-interval 20

config 802.11a cac voice sip codec g711 sample-interval 20

config 802.11b 11nsupport a-msdu tx priority

config 802.11b rate supported 1

config 802.11b rate supported 2

config 802.11b rate disabled 6

config 802.11b rate disabled 9

config 802.11b cleanair alarm device enable jammer

config 802.11b cleanair alarm device enable wimax-fixed

config 802.11b cleanair alarm device enable dect-like

config 802.11b cleanair alarm device enable video

config 802.11b cleanair alarm device enable wimax-mobile

config 802.11b cleanair alarm device enable superag

config 802.11b cleanair alarm device enable 802.11-inv

config 802.11b cleanair alarm device enable bt-link

config 802.11b cleanair alarm device enable 802.15.4

config 802.11b cleanair alarm device enable 802.11-fh

config 802.11b cleanair alarm device enable cont-tx

config 802.11b cleanair alarm device enable tdd-tx

config 802.11b cleanair alarm device enable msft-xbox

config 802.11b cleanair alarm device enable bt-discovery

config 802.11b cleanair alarm device enable 802.11-nonstd

config 802.11b cleanair alarm device enable canopy

config 802.11b cleanair alarm device enable mw-oven

config 802.11b cleanair enable

config 802.11b beamforming global enable

config 802.11b cac voice sip bandwidth 64 sample-interval 20

config 802.11b cac voice sip codec g711 sample-interval 20

config 802.11b 11gsupport enable

Leo Laohoo · ‎01-23-2012

The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16

Are the ports of the 5508 configured as LAG and as a Trunk?

What about the switch-side? Are they configured as trunk?

The switch ports configured for the AP, is it a trunk or access port? DO you have the correct VLANs created?

christophe.berger · ‎01-23-2012

Hi,

The NIC are not configured as LAG, as far as I know/understand.

Management interface is a static, untagged interface, with dynamic ap management, on 192.168/24 net, port 1

Server/WlanAP vlan is a static, untagged interface with dynamic ap management, on 10.20/16, port 2

Client vlans are tagged, dynamic interfaces on port 2.

All VLANs are created, they were working before. The VLAN are reachable from the WLC, so they should be correctly configured on the switch and the WLC.

Leo Laohoo · ‎01-23-2012

You have two different IP address. Please TAG your ports. Make sure the switch-side is also a Trunk port.

christophe.berger · ‎01-23-2012

It was not possible to tag the port of the management interface as far as i know, this is why it is left untagged

Leo Laohoo · ‎01-23-2012

Sorrry. Meant the switch port needs to be in a dot1q trunk.

You said that you have two links up? If you try one link does it work?

ChristopheBerger · ‎01-28-2012

Hi,

Thanks for your ideas, finally in investigating around the switch we found out that the port on which was running the AP was disfunctional. The ethernet negociation could not be done... At first I did not think of this kind of problem.

Christophe