Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Wireless LAN Controller

Hello Everybody,

I have a WLC 4402 plugged into a Catalyst 4507R. My problem is I am unable to ping the WLC from a different VLAN. While reading the document about best practices, it mentions that the fiber port should be configured using dot1q encapsulation but when I try to configure that, I do not get encapsulation as an option. The wierd thing is, other ethernet ports on the switch do have encapsulation configured. Please advise!

36 REPLIES
Silver

Re: Wireless LAN Controller

Some versions of IOS do not support ISL, so Dot1q is the only option for encapsulation. As such, it does not give you the option to configure encapsulation.

Rather than checking encapsulation, check to make sure the port is in trunk mode. Run the "switchport mode trunk" command on the switchport and see if that works for you.

I will say that this sounds more like a routing issue than anything. By saying that you can't ping it from other VLANs, are you implying that you can ping it from the same VLAN? If so, it sounds like your network isn't able to route to the controller.

A few questions - is this a new subnet? Can the 4507 ping the WLC? Can you ping it from the 4507 from different VLAN interfaces (will require an extended ping to test). Can you ping any other devices on the same subnet as the controller from different VLANs?

Also, make sure you're not trying to ping the AP Manager interface. This interface does not respond to pings.

Thanks,

Jeff

Community Member

Re: Wireless LAN Controller

The IOS version is 12.2 (25).

I do have “switchport mode trunk" configured on the port already.

I can ping the WLC on the same VLAN. My computer for example is on a different VLAN and I can not ping the WLC, however from my PC I can ping other devices on the same VLAN as the WLC

It is not a new subnet. I can ping the WLC from the 4507

I am pinging the management interface and it is responding to pings.

Community Member

Re: Wireless LAN Controller

Check for proper mask and default gateway configured in the WLC.

Community Member

Re: Wireless LAN Controller

The SM and GW have the correct information. Some of my antonomus AP's have the exact same information as far as SM and GW and I can ping those devices.

Community Member

Re: Wireless LAN Controller

Check your switchport config for the proper "native vlan" assignment for the controller.

Community Member

Re: Wireless LAN Controller

I have set the "native vlan" to the appropriate vlan that the controller is located on...Still no communication.

Here is what I have configured on the Fiber port that the controller plugs in to

interface GigabitEthernet6/15

description ***Wirless Controller***

switchport trunk native vlan 20

switchport mode trunk

Now, when I set the native VLAN, I lose the ability to ping the WLC from the switch

Community Member

Re: Wireless LAN Controller

The ap-manager and management interfaces should both be, "untagged", for VLAN Identifier. You set this on initial setup of the WLC.

Community Member

Re: Wireless LAN Controller

Ok..right now I do have them "tagged" Do you believe that if I set the Native VLAN and change those two interfaces to "untagged" that it may resolve my issue?

Silver

Re: Wireless LAN Controller

It sounds like a potential VLAN mismatch. Best practice is to have your management interface configured for untagged traffic, so I would advise that.

Is your management interface on VLAN 20? If so, your other option would be to remove the native VLAN statement from the switchport. But I would advise making the change on the controller itself.

Community Member

Re: Wireless LAN Controller

Ok...I changed the two interfaces mentioned above to untagged and added back the Native Vlan statement.

However, I still can not ping the WLC from outside its own VLAN.

I setup switchport trunk allowed for the two VLAN's, still no communication.

Silver

Re: Wireless LAN Controller

Can you ping the controller's default gateway from the controller?

Community Member

Re: Wireless LAN Controller

Yes, I can.

Community Member

Re: Wireless LAN Controller

Either clear your arp tables in your router and/or reboot your controller.

Community Member

Re: Wireless LAN Controller

I've rebooted the controller several times.

Im just confused as to why I can not communicate.

Community Member

Re: Wireless LAN Controller

Ok, enough speculation. Please post the switchport config and controller config. At least the networking part of the controller config.

Community Member

Re: Wireless LAN Controller

I am only testing..So I can post my config. Here it is.

Cisco Controller) >show running-config

802.11a cac voice tspec-inactivity-timeout ignore

802.11a cac voice stream-size 84000 max-streams 2

802.11b cac voice tspec-inactivity-timeout ignore

802.11b cac voice stream-size 84000 max-streams 2

aaa auth mgmt local radius

Location Summary

Algorithm used: Average

Client

RSSI expiry timeout: 5 sec

Half life: 0 sec

Notify Threshold: 0 db

Calibrating Client

RSSI expiry timeout: 5 sec

Half life: 0 sec

Rogue AP

RSSI expiry timeout: 5 sec--More-- or (q)uit

Half life: 0 sec

Notify Threshold: 0 db

RFID Tag

RSSI expiry timeout: 5 sec

Half life: 0 sec

Notify Threshold: 0 db

location rssi-half-life tags 0

location rssi-half-life client 0

location rssi-half-life rogue-aps 0

location expiry tags 5

location expiry client 5

location expiry calibrating-client 5

location expiry rogue-aps 5

ap syslog host global 255.255.255.255

--More-- or (q)uit

auth-list add lbs-ssc 00:1b:24:df:f2:5c cbd944156e8248baf99fac0356770099d9dadf5

5

cdp advertise-v2 enable

dhcp create-scope Test

dhcp address-pool Test 10.1.220.50 10.1.220.60

dhcp default-router Test 10.1.220.237

dhcp enable Test

dhcp dns-servers Test 66.109.229.5 66.109.229.6

dhcp network Test 10.1.220.0 255.255.255.0

local-auth method fast server-key *****

interface create data 220

interface address ap-manager 10.1.120.251 255.255.255.0 10.1.120.237

interface address dynamic-interface data 10.1.220.237 255.255.255.0 10.1.220.237

interface address management 10.1.120.250 255.255.255.0 10.1.120.237

--More-- or (q)uit

interface address service-port 10.1.5.212 255.255.255.0

interface address virtual 1.1.1.1

interface dhcp ap-manager primary 10.1.5.45

interface dhcp dynamic-interface data primary 10.1.5.45

interface dhcp management primary 10.1.5.45

interface dhcp service-port disable

interface vlan data 220

interface port ap-manager 29

interface port data 29

interface port management 29

lag enable

load-balancing window 5

--More-- or (q)uit

memory monitor error disable

memory monitor leak thresholds 10000 30000

mesh security eap

mgmtuser add administrator **** read-write

mobility group domain MVE-WLAN

network telnet enable

network mgmt-via-wireless enable

network otap-mode disable

network rf-network-name MVE-WLAN

sessions timeout 160

snmp version v2c enable

--More-- or (q)uit

snmp version v3 enable

spanningtree port mode off 1

spanningtree port mode off 2

sysname MVE-WLC

time ntp interval 3600

time ntp server 1 192.168.1.253

wlan create 1 MVE MVE

wlan broadcast-ssid disable 1

wlan radio 1 802.11g

wlan session-timeout 1 1800

wlan wmm allow 1

wlan security static-wep-key encryption 1 104

--More-- or (q)uit

wlan security wpa akm 802.1x disable 1

wlan security wpa akm psk enable 1

wlan security wpa wpa1 enable 1

wlan security wpa wpa1 ciphers tkip enable 1

wlan dhcp_server 1 0.0.0.0 required required

(Cisco Controller) >

My switchport config is

interface GigabitEthernet6/15

description ***Wirless Controller***

switchport trunk native vlan 20

switchport trunk allowed vlan 2,20

switchport mode trunk

Community Member

Re: Wireless LAN Controller

Hmmm...you should have a "switchport trunk encapsulation dot1q" on your switch config. Your switch should support dot1q trunking. If that doesn't work, try upgrading the IOS on the switch.

Community Member

Re: Wireless LAN Controller

That's kind of my issue. For whatever reason when I go to setup Encapulation on that port, it is not an option. However, other ethernet ports and other fiber ports have it enabled. So I know that my IOS supports it. I have tried other fiber ports, but encapsulation is not an option on those other ports either.

Community Member

Re: Wireless LAN Controller

Try another switch that you know supports dot1q trunking.

Community Member

Re: Wireless LAN Controller

The IOS does support it. Plus other ports are configured with it.

Community Member

Re: Wireless LAN Controller

Do a "show run-config" and compare it to below:

witch Configuration

802.3x Flow Control Mode......................... Disable

Current LWAPP Transport Mode..................... Layer 3

LWAPP Transport Mode after next switch reboot.... Layer 3

FIPS prerequisite features....................... Disabled

Secret obfuscation............................... Enabled

Community Member

Re: Wireless LAN Controller

This is what I have

Switch Configuration

802.3x Flow Control Mode........ Disable

Current LWAPP Transport Mode..... Layer 3

LWAPP Transport Mode after next switch reboot.... Layer 3

FIPS prerequisite features.... Disabled

Secret obfuscation............. Enabled

Community Member

Re: Wireless LAN Controller

Well, I'm all out of ideas other than taking the controller out of lag mode and configuring the switchport as a host, just to see if the controller's hardware, including gbics and cable is ok. The controller should respond at layer3 if there are no hardware issues. We have about 80 controllers in offices across the country and I have yet to see a problem at layer3 with these.

Community Member

Re: Wireless LAN Controller

Well..I really appreciate you trying..I currently do have LAG enabled but am not taking advanatge of it...I only have 1 gbic installed. So, I do not have port-channeling enabled on the switch either. Could that be a problem?

Community Member

Re: Wireless LAN Controller

Well, I think you just thought through your entire problem. You need to setup a port channel for lag mode. It will take you all of about 10 seconds! heheheh

Community Member

Re: Wireless LAN Controller

Even if Im not technically using it because Im only using 1 distribution port on the 4402?

Community Member

Re: Wireless LAN Controller

I disabled LAG, still can not ping the WLC outside its own VLAN

Community Member

Re: Wireless LAN Controller

Start from scratch, erase config on WLC and rebuild without using LAG.

1149
Views
0
Helpful
36
Replies
CreatePlease to create content