Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC-4402+AIR-LAP1142N problem

Hello all,

I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.

Thank you in advance,



Re: WLC-4402+AIR-LAP1142N problem

I don't see any issues with the config that would cause this issue. Was the PC maybe also wired into the network at the same time? The wired connection usually gets a higher priority than the wireless interface on a PC.

New Member

Re: WLC-4402+AIR-LAP1142N problem

Nope, that was the first thing I checked. Wifi was the only connection during the test and routing table on client consist only one default gateway through wireless.

Hall of Fame Super Silver

Re: WLC-4402+AIR-LAP1142N problem

Post the show run-config if you can. I would like to see what that shows.

*** Please rate helpful posts ***
New Member

Re: WLC-4402+AIR-LAP1142N problem

Is this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..

When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.

If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.