09-27-2019 10:35 AM
I am having issues with C3650's in MDF's (4) that when I change from an access port to a trunk port the ap will lose access to VLAN 1 native. when in trunk mode I can access Vlan 60 guest wifi and not Vlan 1 secure wifi. What is crazy is the 2960's that link up to the 3650's are working giving access to VLAN 1 and VLAN 60 in truck mode.
I have talked to TAC support for 4 hours and nothing. I have talked to wifi support for 6 hours and nothing.
here is the config for 3650
3650
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret
!
no aaa new-model
boot system switch all flash:cat3k_caa-universalk9.16.09.03a.SPA.conf
clock timezone CST -6 0
clock summer-time CDT recurring
switch 1 provision ws-c3650-48pq
switch 2 provision ws-c3650-48pq
switch 3 provision ws-c3650-48pq
switch 4 provision ws-c3650-48pq
!
ip routing
!
no ip domain lookup
!
login on-success log
!
qos queue-softmax-multiplier 1200
!
license boot level ipbasek9
!
!
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
username
redundancy
mode sso
!
!
transceiver type all
monitoring
hw-switch switch 1 logging onboard message
hw-switch switch 2 logging onboard message
hw-switch switch 3 logging onboard message
hw-switch switch 4 logging onboard message
vlan dot1q tag native
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
interface TenGigabitEthernet1/1/1
description
switchport trunk allowed vlan 2
switchport mode trunk
shutdown
spanning-tree portfast
!
interface TenGigabitEthernet1/1/2 <---downlink to next 3650 in line
description
switchport trunk allowed vlan 2
switchport mode trunk
spanning-tree portfast
!
interface TenGigabitEthernet1/1/3 <---uplink to next 3650 in line to Wifi Controller after another hop
description
switchport trunk allowed vlan 2
switchport mode trunk
shutdown
spanning-tree portfast
!
interface TenGigabitEthernet1/1/4
description
switchport trunk allowed vlan 2
switchport mode trunk
spanning-tree portfast
!
interface TenGigabitEthernet2/1/1 <---downlink to 2960
description
switchport mode trunk
spanning-tree portfast
!
interface TenGigabitEthernet2/1/2 <---downlink to 2960
description
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet4/0/13 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/15 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/17 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/19 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/21 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/23 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/25 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/27 <---AP
description "AP_"
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet4/0/29 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet4/0/31 <---AP
description "AP_"
switchport mode access
spanning-tree portfast
!
interface Vlan1 <---Native Valn
ip address 172.25.60.1 255.255.252.0
ip helper-address 172.25.60.49
!
interface Vlan2 <---back bone
ip address 172.25.250.20 255.255.252.0
!
interface Vlan50 <--Voice Vlan
ip address 172.25.65.1 255.255.252.0
ip helper-address 172.25.60.49
!
interface Vlan60 <-- AP Guest Vlan
description "Guest Wifi"
ip address 172.25.68.1 255.255.252.0
ip helper-address 172.25.60.49
!
ip default-gateway 172.25.100.1
ip forward-protocol nd
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.25.100.1
ip route 0.0.0.0 0.0.0.0 172.25.250.1
ip route 172.25.40.0 255.255.252.0 172.25.250.15
ip route 172.25.44.0 255.255.252.0 172.25.250.15
ip route 172.25.48.0 255.255.252.0 172.25.250.15
ip route 172.25.100.0 255.255.252.0 172.25.250.1
ip route 172.25.104.0 255.255.252.0 172.25.250.1
ip route 172.25.120.0 255.255.252.0 172.25.250.1
ip route 172.25.200.0 255.255.252.0 172.25.250.2
ip route 172.25.204.0 255.255.252.0 172.25.250.2
ip route 172.25.208.0 255.255.252.0 172.25.250.2
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
!
control-plane
service-policy input system-cpp-policy
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
end
Config for 2960
2960
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
enable secret
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CDT recurring
switch 1 provision ws-c2960x-24pd-l
!
ip routing
!
mls qos
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
lldp run
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
interface GigabitEthernet1/0/13
switchport mode access
switchport voice vlan 50
spanning-tree portfast edge
!
interface GigabitEthernet1/0/14 <---AP Port
description "AP_"
switchport mode trunk
spanning-tree portfast edge
!
interface GigabitEthernet1/0/25 <---UpLink to C3650
description
switchport mode trunk
spanning-tree portfast edge
!
interface GigabitEthernet1/0/26
switchport mode access
spanning-tree portfast edge
!
interface TenGigabitEthernet1/0/1
switchport mode access
shutdown
spanning-tree portfast edge
!
interface TenGigabitEthernet1/0/2
switchport mode access
shutdown
spanning-tree portfast edge
!
interface Vlan1 <---Native Valn
ip address 172.25.60.3 255.255.252.0
ip helper-address 172.25.60.49
!
interface Vlan50 <---Voice Vlan
ip address 172.25.65.3 255.255.252.0
ip helper-address 172.25.60.49
!
interface Vlan60 <---AP Guest Vlan
description "Guest Wifi"
ip address 172.25.68.3 255.255.252.0
ip helper-address 172.25.60.49
!
ip default-gateway 172.25.60.1
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.25.60.1
!
Can anyone give me a clue where to look or what to change?????
10-03-2019 01:07 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide