Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

vWLC Switching

I know that the virtual wireless controller connected AP's have to be in Flex Connect mode.  My question is do all associated wlan's have to be locally switched or can any of them be centrally switched?  If they can, can someone offer me some configuration help?  The management interface leads me to believe at least one associated wlan can be centrally switched but all the documentation I've read says its not possible.

14 REPLIES
VIP Purple

Re: vWLC Switching

You have to create dynamic interface on vWLC like any other controller and then map it onto Central switched WLAN.

Remember that vWLC would hv ~ 500Mbps of total throughput, so passing all traffic through it may not be ideal. That's why local switching is recommended.

Sent from Cisco Technical Support iPhone App

        *** Pls rate all useful responses ****

Community Member

vWLC Switching

I've done that but it doesn't seem to work.  I can't connect to the SSID I'm broadcasting for the Centrally Switched wlan.  I'm not sure if there is some special configuration that is needed.  The VMWare configuration is set correctly per the documentation and I can ping the dynamc interface from an upstream switch. So I'm missing something somewhere.

VIP Purple

Re: vWLC Switching

It should work.. In order to find out what's missing pls provide the two CLI output of the below on your vWLC

(vWLC) >show interface detailed

(vWLC) >show wlan

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

Re: vWLC Switching

output from show wlan

WLAN Identifier.................................. 2

Profile Name..................................... Annex-Guest

Network Name (SSID).............................. CityGuest

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

  Client Profiling Status ....................... Disabled

   DHCP ......................................... Disabled

   HTTP ......................................... Disabled

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 1

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

User Idle Timeout................................ 300 seconds

--More-- or (q)uit

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... CityvWLC

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ cityvwlc-group

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

mDNS Status...................................... Disabled

mDNS Profile Name................................ unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

Burst Realtime Data Rate.........................   0             0

Per-Client Rate Limits........................... Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

--More-- or (q)uit

Burst Realtime Data Rate.........................   0             0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Global Servers

   Accounting.................................... Global Servers

      Interim Update............................. Disabled

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

--More-- or (q)uit

Security

   802.11 Authentication:........................ Open System

   FT Support.................................... Disabled

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Disabled

   WAPI.......................................... Disabled

   Wi-Fi Direct policy configured................ Disabled

   EAP-Passthrough............................... Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   FlexConnect Local Switching................... Disabled

   flexconnect Central Dhcp Flag................. Disabled

   flexconnect nat-pat Flag...................... Disabled

   flexconnect Dns Override Flag................. Disabled

   FlexConnect Vlan based Central Switching ..... Disabled

   FlexConnect Local Authentication.............. Disabled

   FlexConnect Learn IP Address.................. Disabled

--More-- or (q)uit

   Client MFP.................................... Optional but inactive (WPA2 not configured)

   PMF........................................... Disabled

   PMF Association Comeback Time................. 1

   PMF SA Query RetryTimeout..................... 200

   Tkip MIC Countermeasure Hold-down Timer....... 60

AVC Visibilty.................................... Disabled

AVC Profile Name................................. None

Flow Monitor Name................................ None

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Assisted Roaming Prediction Optimization......... Disabled

802.11k Neighbor List............................ Disabled

802.11k Neighbor List Dual Band.................. Disabled

Band Select...................................... Enabled

Load Balancing................................... Client-Count Based

Multicast Buffer................................. Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

--More-- or (q)uit

802.11u........................................ Disabled

MSAP Services.................................. Disabled

output from show interface detailed

Interface Name................................... cityguest.charlottesville.org

MAC Address...................................... 00:50:56:97:5e:b5

IP Address....................................... 192.168.65.35

IP Netmask....................................... 255.255.255.224

IP Gateway....................................... 192.168.65.33

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 765

Quarantine-vlan.................................. 0

NAS-Identifier................................... CityvWLC

Physical Port.................................... 1

DHCP Proxy Mode.................................. Enabled

Primary DHCP Server.............................. 192.168.65.33

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Enabled

Remote ID format................................. ap-mac

ACL.............................................. Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... No

Guest Interface.................................. No

L2 Multicast..................................... Enabled

VIP Purple

Re: vWLC Switching

I noticed you have mapped an interface goup to the WLAN. Try to map dynamic interface to WLAN & check. Also enalbe DHCP Address Assigment requirement under WLAN Advanced tab if no static client allow ont this WLAN

Interface........................................ cityvwlc-group

.

.

DHCP Address Assignment Required................. Disabled

Interface Name................................... cityguest.charlottesville.org

.

.

Primary DHCP Server.............................. 192.168.65.33

HTH

Rasika

*****Pls rate all useful responses ****

Community Member

Re: vWLC Switching

Thanks for your response. I've made the changes you suggest and its made no difference on connecting.  If I statically assign and ip address to the client I can ping the dynamic interface ip address (192.168.65.35).  And from an upstream switch interface I can also ping the dynamic interface..  The dhcp server is upstream from the dynamic interface and a client can't seem to reach it.  I never get an ip address assignment, nor can I get any traffic past it when I statically assign an address...

Hall of Fame Super Silver

Re: vWLC Switching

Is the ESXi host set to Promiscuous Mode? If so, I would setup a dhcp scope on the vWLC for testing and see if that works. If so, then you need to see if something is blocking the dhcp request or dhcp offers between the vWLC and the dhcp server.

http://www.cisco.com/en/US/products/ps12723/products_tech_note09186a0080bd2d04.shtml#definition

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

Re: vWLC Switching

I have just verified with our Systems Engineers that the ESXi host is set to promiscuous mode for the data port of the vWLC.  I'd like to set up a dhcp scope on the vWLC but it appears that it doesn't support it.  I don't see the option in the Web GUI to do that.  Am I missing something?

Hall of Fame Super Silver

Re: vWLC Switching

Yeah I forgot about that. They don't support it. As far as testing, if you are able to configure a static in the client and are able to access the network, then it seems like something is blocking. Do you up helpers configured in the vlan that the wireless clients are on pointing to your dhcp server?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

Re: vWLC Switching

The DHCP server for this vlan (765) is the upstream switch 192.168.65.33, which also happens to be the default gateway.  From that switch I can ping the dynamic interface...  I agree that something is blocking, at this point, I just don't have a clue as to what it is...

Hall of Fame Super Silver

vWLC Switching

Yeah.... you would need to sniff the traffic to see which direction things are being blocked.  I would also try to enable/disable dhcp proxy on the vWLC to see if that helps.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Community Member

vWLC Switching

We placed a guest windows VM on the same virtual switch and set the nic to be tagged in vlan 765.  It got an ip address from the upstream DHCP server in the correct Vlan and was able to get to the internet...so I am confident the ESXi set up is correct at this point.

Hall of Fame Super Silver

Re: vWLC Switching

Create a test ssid which is open, no authentication and connect a client to that ssid.  See if the client gets an ip address.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Community Member

Re: vWLC Switching

So I found out what the issue was after all.  No where in the instructions does it say you need to have MAC Address Changes and the Forged Transmits set to accept.  Our environment has those set as reject by default but they need to be set to accept along with Promiscuous mode.  All is now working as it should.

788
Views
0
Helpful
14
Replies
CreatePlease to create content