Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Adding (dynamic) interfaces to WLC 2504 causes loss of network

I'm trying to add a new dynamic interface, that I will tie a specific WLAN to so that clients on that WLAN is in the correct vlan. After adding it I loose connectivity both to the main management address (10.99.0.60) and to the ip address of the dynamic interface (10.99.12.4). In fact, the dynamic interface address responds and prompts me to login, but after doing so all I get is a blank page. Here's the two interfaces pulled from the CLI - what am I doing wrong?

 

And oh, not adding an IP to the dynamic interface makes it impossible to use within a WLAN.

 

Interface Name................................... management

MAC Address...................................... c0:8c:60:c7:99:00

IP Address....................................... 10.99.0.60

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 10.99.0.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 31        

Quarantine-vlan.................................. 0

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. 10.99.0.1

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Enabled

 

 

 

 

Interface Name................................... lan

MAC Address...................................... c0:8c:60:c7:99:04

IP Address....................................... 10.99.12.4

IP Netmask....................................... 255.255.252.0

IP Gateway....................................... 10.99.12.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 33        

Quarantine-vlan.................................. 0

NAS-Identifier................................... mob-wlc

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. Unconfigured

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... No

Guest Interface.................................. No

17 REPLIES
VIP Purple

Hi,IP Netmask................

Hi,

IP Netmask....................................... 255.255.252.0

Try to use this mask: 255.255.255.0 for lan dynamic interface and then try and then map this dynamic interface to your WLAN.

 

Regards

New Member

1) the netmask should not be

1) the netmask should not be 255.255.255.0, it's a /22 network

2) I lose contact with the WLC completely, except via console. I did manually change so that mytestssid-wlan now uses the "lan" (dynamic) interface. Still no management gui access though ..

 

(Cisco Controller) >show interface summary 

 

 

 Number of Interfaces.......................... 3

 

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

management                       1    31       10.99.0.60      Static  Yes    No   

lan                       2    33       10.99.12.4      Dynamic No     No   

virtual                          N/A  N/A      1.1.1.1         Static  No     No   

 

 

               

 

(Cisco Controller) >show wlan summary 

 

Number of WLANs.................................. 2

 

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  -------------------- 

2        yo dude / yo dude                      Enabled  management    

 

 

 

 

 

(Cisco Controller) >config wlan interface 2 mobengalan

 

(Cisco Controller) >show wlan summary 

 

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  -------------------- 

2        mytestssid / mytestssid                Enabled  lan      

 

VIP Purple

You are using the port for 2

You are using the port for 2 for lan wlan.

 

Change the port to 1 and make sure that all vlan are allowed on the sitchport where wlc is connected. 

 

Check the ink for dynamic interface configuration.

http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/

 

Regards

New Member

Yes, I know. I first tried

Yes, I know. I first tried port 1 (same as management) but to no avail, thereafter I tried a dedicated port. What baffles me is that I lose management access. A restart (which disables the dynamic interface) fixes that - any suggestions?

New Member

So take a look at this. I

So take a look at this. I have the dynamic interface used in wlan 2 (mytestssid as shown above). Now the management address, 10.99.0.60 cant be reached:

 

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

 

After removing wlan 2 and the dynamic interface, mgmt access starts to work again:

config wlan disable 2

config wlan delete wlan 2

config interface delete lan

 

 

Nmap scan report for 10.99.0.60

Host is up (0.0037s latency).

PORT    STATE SERVICE

22/tcp  open  ssh

443/tcp open  https

 

So... here's me adding the dynamic interface in cli AGAIN:

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  --------------------

1        someotherssid / someotherssid              Enabled   management  

 

(Cisco Controller) config> interface create lan 33

(Cisco Controller) config> interface address dynamic-interface lan 10.99.12.4 255.255.252.0 10.99.12.1

(Cisco Controller) >config wlan disable 1

(Cisco Controller) >config wlan interface 1 lan

(Cisco Controller) >config wlan enable 1

 

Voila, management access lost again:

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

 

This time, there's no physical port assigned to the dynamic interface 'lan':

 

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

lan                              -    33       10.99.12.4      Dynamic No     No   

management                       1    31       10.99.0.60      Static  Yes    No   

virtual                          N/A  N/A      1.1.1.1         Static  No     No   

 

Adding that:

(Cisco Controller) config interface port lan 1

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

lan                              1    33       10.99.12.4      Dynamic No     No   

 

Still no management access..:

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

 

For reference, the detailed interface config (which clearly shows that 'management' should be ap mgmt.. and dynamic interface 'lan' shouldn't (and thus shouldn't affect it - RIGHT?)):

Interface Name................................... lan

MAC Address...................................... c0:8c:60:c7:99:04

IP Address....................................... 10.99.12.4

IP Netmask....................................... 255.255.252.0

IP Gateway....................................... 10.99.12.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 33        

Quarantine-vlan.................................. 0

NAS-Identifier................................... mob-wlc

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. Unconfigured

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... No

Guest Interface.................................. No

 

Interface Name................................... management

MAC Address...................................... c0:8c:60:c7:99:00

IP Address....................................... 10.99.0.60

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 10.99.0.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 31        

Quarantine-vlan.................................. 0

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. 10.99.0.1

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Enabled

 

 

By the way, the switchport of my (C3560G) doesnt specifically allow some VLANs - meaning they allow all vlans:

interface GigabitEthernet0/28

 description cisco_wlc

 switchport trunk encapsulation dot1q

 switchport mode trunk

And the vlans in question are present:

31   enet  100031     1500  -      -      -        -    -        0      0   

32   enet  100032     1500  -      -      -        -    -        0      0   

33   enet  100033     1500  -      -      -        -    -        0      0   

34   enet  100034     1500  -      -      -        -    -        0      0   

VIP Purple

HI ,Use swicth port config as

HI ,

Use swicth port config as:

interface GigabitEthernet0/28

 description cisco_wlc

 switchport trunk encapsulation dot1q

 switchport mode trunk

 switchport trunk allowed vlan 31,33

 

Try to keep both interafce on same port 1.

 

Regards

Dont forget to rate ehlpful posts

 

New Member

No difference (because not

No difference (because not using 'allowed vlan' implies all vlans are allowed).

VIP Purple

Dont know, why its happening

Dont know, why its happening.

Must check via teamviewer(Only if you want then send me a private message).

 

 

Regards

Dont forget to rate helpful posts

New Member

I wouldn't expect that. I

I wouldn't expect that. I have a ccie consultant coming next week to take a look at it, but if you don't mind sure. I can't find out how I can message you, though?

VIP Purple

Clcik your name on the right

Clcik your name on the right side of the main community page. There you cans ee the Message tab.

I just send u PM chekc it.

 

Regards

Cisco Employee

Hi,

Hi,

Exclude management vlan from Port 2, if it is trunk or try and use the the second port just as access (then vlan ID on WLC interface would be 0) and exclude the port 2 access vlan from trunk on port 1.

Best,

Sumit

New Member

Did you manage to get it

Did you manage to get it working? I have similar issues. thanks!

New Member

I also have the same issue...

I also have the same issue....

Hall of Fame Super Silver

This is not normal. Maybe

This is not normal. Maybe check the code your running and upgrade and search the bug toolkit. 

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
New Member

Update, I managed to get it

Update, I managed to get it working after all. Make sure LAG is enabled and it has basic connectivity and LAG is up with allowed VLAN's that you wan to permit for your WLC. You should also always use 2 gig port setup when using LAG. Having LAG with only 1 port is somewhat pointless after all. 

Also if not using Cisco switches dont allow native VLAN 1 over the LAG since CDP can cause issues.

If this WLC is on DMZ make sure you have proxy ARP enabled.

cheers!

Cisco Employee

wlc code?for test,try using

wlc code?

for test,

try using /16 for management and keep the remaining config.

or use multiple /24 for dyn.int along with interface group.

or use different mask than /252 for dyn.int.

New Member

Was there ever a resolution

Was there ever a resolution to this. I seen the same issue on two seperate controllers.

1411
Views
0
Helpful
17
Replies
CreatePlease to create content