***4402 Controller VLAN issue***

network_dude · ‎02-09-2008

Hey everyone,

I'm having a strange problem, and I'm having trouble figuring it out.

I'm running two 4402 controllers connect via dot1q trunks to a 6509 (Native VLAN 1).

I have been creating VLAN interfaces on the controllers and assigning them to WLANs...everything seems to be working fine except when I try to add my VLAN 10.

VLAN 10 is addressed 10.18.0.0/16.

All my WAPs and Controllers are on VLAN 2 (10.12.0.0/16)

My WCS is on VLAN 10 (10.18.1.x).

When I add a VLAN 10 interface of (10.18.201.x) on my controller, I am unable to reach the controller by the Management IP address on VLAN2. This happens with both of my controllers. It appears to be intermittent... For one minute I can ping the management interface and not the VLAN 10 Interface I created...and vice versa.

WCS reports the controllers and being down, and I'm unable to push policy to them.

Please help me with this matter, it's driving me crazy.

Thank you in advance,

Scott

dancampb · ‎02-09-2008

The issue is that the controller is responding to the packets sent to the management interface through the dynamic interface you created. What you are trying to setup is not really a good design, but if you want to do this you can enable management via dynamic on the controller and point the WCS to the dynamic interface IP address to monitor the controller.

network_dude · ‎02-10-2008

Thank you for your repsonse...what would be the best design? This is what I have:

CONTROLLER1

Mangement IP: 192.168.12.x/16

VLAN 11: 10.16.12.x/16 (WLAN1)

VLAN 10: 10.18.201.x/16 (WLAN2)

CONTROLLER2

Mangement IP: 192.168.12.x/16

VLAN 11: 10.16.12.x/16 (WLAN1)

VLAN 10: 10.18.201.x/16 (WLAN2)

ACCESS POINTS (30 Total)

192.168.12.x/16

SERVICE PORT (Not Used)

UTILITY PORT (Not Used)

Thank you,

Scott

jwadleigh · ‎02-12-2008

My suggestion would be to put your WCS on the same VLAN as your management interfaces. The management interface is designed to pass all management traffic, including the SNMP traffic to and from WCS.

Hope this helps.

MichaelMarshall · ‎02-13-2008

This is a known issue with the 4.2 software. I had the same issue. I would get two successful pings and then next two would drop.

Here is what Cisco customer support says:

As we saw in the websession the controller was having an issue being pinged or added to WCS from a vlan X wired client. We have seen these issues in the past and all of the instances of this bug are not fixed as of yet (12-05-2007). I would either put WCS on the controller management vlan or remove the vlan X dynamic interface from the controller. You could really put WCS on any vlan which will not exist on the controller as a dynamic interface. Keep in mind this would also affect a RADIUS server on the same vlan as a dynamic interface on the controller.

///////////////////////////////////////

CSCsk51226 - WLC using the wrong DMAC for wired devices on dynamic interfaces

Description:

Wired devices on the same IP subnet as a dynamic interface have no IP connectivity to the managment IP address of the WLC. The WLC is sending traffic back to the client using the wrong DMAC.

That bug was duplicated to a Master bug which is:

CSCsj43744 - WLC ingores default gateway arp reply

Description:

Controller ignores default gateway MAC address learn via ARP, and use the source MAC address of the packet to send the traffic back to destination when traffic is desting to a different subnet.

///////////////////////////////////////

These are not fixed in the 4.2.61.0 code but are supposed to be fixed in the next 4.2 release and the 5 release. I do not currently have the timeframe on when those releases will be available.

You can track bug CSCsj43744 using our bugtoolkit found on cisco.com under Support>>Frequently Used Resources>>Bug Toolkit.

For now the only fix would be to use 1 of the workarounds which I stated earlier.

Best Regards,

Jacob Fussell

network_dude · ‎02-19-2008

Great! Thank you very much for your responses; much appreciated.

Scott