WLC2504 VLAN configuration with Cisco SG300 L3 Switch

Stefan van Rozendaal · ‎07-17-2023

I have a small network which consist of a pfSense firewall, Cisco SG300 28-port Switch (L3 configured) and Cisco WLC2504 controller.
The pfSense firewall acts as the DHCP Server and I have configured a couple of VLANs.
Everything seems to work OK except for the VLAN of the WLC.
VLAN setup is VLAN 30 for Management, VLAN 40 for home WiFi and VLAN 50 for Guest WiFi. I'm planning for two more WiFi VLANs but first I wanted these two to be working.
I have configured port #7 of the switch as a untagged port for VLAN 30 and Tagged VLANs 40 and 50.
Port #7 is connected to the 2504 WLC.
Port #8 and #9 are the PoE ports for the 1702 LAP's I have connected to the WLC.
Both port 8 and 9 are configured as untagged VLAN 30 ports
(My understanding was the LAP's communicate by CAPWAP over the management VLAN and the controller itself controls the VLAN 40 and 50 for the WiFi points.)

However, when I factory reset the controller for initial setup, as soon as I fill in the management VLAN ID (#30) I loose connection to the WLC controller. When I leave it blank (ID: 0) then I can connect to the controller but I can't assign an interface with VLAN 40 or VLAN 50.

Is there something I miss here?
Please see the picture of my small setup.

Flavio Miranda · ‎07-17-2023

Hi @Stefan van Rozendaal

https://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html

Thare are some caveats by configuring this WLC ports. But, I would recommend to put the WLC in LAG mode and put the switch port in Port-channel mode or trunk and then pass the vlan.

Stefan van Rozendaal · ‎07-22-2023

I've red the deployment guide and I will try the LAG feature of the WLC to connect to my SG300 switch.
However, almost every example I see is either with a Catalyst switch (with a different IOS software and configuration steps) or with a switch where DHCP server is enabled on the switch.

I'm beginning to doubt myself if it's the WLC configuration that is incorrect, or the Switch configuration because I use an external DHCP server. (In my case a pfSense firewall)
It looks like its working because if I connect my laptop to a VLAN port, I receive a DHCP address according to the corresponding VLAN.

Flavio Miranda · ‎07-22-2023

The External DHCP server should work but you need to check the WLC. Cisco WLC can work as DHCP proxy where it will send the request to the DHCP and wait the DHCP response. Then, sending to the client the DHCP response.

From the client perspective, the WLC is the DHCP server.

Or you can disable the proxy feature and the WLC act as a switch and the client will send the request to the DHCP server directly.

If your switch have Layer3 interface, you need to use the command "ip helper-address" in order to the switch encapsulate the DHCP request into a unicast packet and send to DHCP server. DHCP as you might know is a broadcast traffic and if you have a laayer3 device between clients and server the broadcast will not make getting to the server from the client.

Another config you must do on the WLC is put the DHCP server on the dynamic interface.

Basically, the WLC must be in Lab mode and the switch in trunk or port-channel, if you use more than one interface.

If the switch have layer3 on the interface vlan, you need to use helper address. If the switch is only layer2 and helper address is not necessary as the broadcast coming from the WLC must get to the firewall.

Add the management vlan on the trunk or port-channel as native vlan.

ammahend · ‎07-17-2023

Since on the switch side you have untagged with native vlan 30, you dont need to tag vlan on controller side, when traffic from controller comes untagged on switch port it will be placed into vlan 30 automatically based on switch config.

or tag the vlan on wlc side and leave switch port as default trunk

-hope this helps-