I've three 1242AG LWAPP which are able to associate to the WLAN controller.
My issue is, I cannot get an IP via DHCP for clients requiring 802.1x authentication.
For an open SSID with no authentication it seems to work fine.
My questions are.
Should the controller maintain interfaces for the corresponding VLAN/WLANs at the site? I don't have this.
Ifso should they be addressed?
My AP-manager and managment interface are in VLAN that is not even used on the remote site (where the AP's are).
Should the controller ap-manager and management interface exist in the same VLAN (native) as the AP's?
Does anyone have a insight? Ideally I want one SSID which requires user authentication via radius/PEAP on a server remote. DHCP should be ideally served up for this WLAN via a local DHCP server (Windows box) onsite with the AP's (different VLAN).
Cisco's documentation appears to be a little vague in this regard. It appears I only need to ensure the H-REAP page has the VLAN mappings correct for the WLAN's and the native VLAN ticked. No reference is made to creating (or not creating) an interface on the controller.
I suspect given I can get a WLAN working with no authentication its not overly my configuration. I.e. lack of matching interfaces on the controller for the VLANS used onsite (mapped to the WLAN).
This is driving me nuts.....so any help would be greatly appreciated!
A few of the things you mention, such as local (to the AP) PEAP authentication (and possibly DHCP for clients) require a 4.2 code train. As for the management and ap-manager addresses, they don't have to be in the same VLAN themselves, nor do they have to be in the same VLAN as the APs, but it is recommended that the ap-manager and management address be in the same VLAN. Cisco is now supporting L3 as the method of choice for LWAPP, so as long as your routing is working, those H-REAP APs should be able to find your controller, which you mention they can. Finally, AFAIK, you DO have to have an L3 presence on the controller for each of your remote VLANs. You can download a guide specific to H-REAP deployments here:
Also, make sure the SSID you are configuring is set up for H-REAP (i.e. local switching) instead of central switching. This will affect your DHCP for your remote users. There is a check box to enable this in the WLAN settings. Then make sure that in each AP that is remote and configured for H-REAP that you map that SSID to the appropriate VLAN(s). I hope that helps.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...