Hi! I have a Cisco C1111-8PW router, which has a built-in WLC and a built-in Wireless AP. Currently, they are configured for FlexConnect, but I am having some issues setting up some VLANs on the WLC and the APs and using the VLANs, so I figured it's time to try ditching the FlexConnect and using Local Mode. I cannot seem to get the built-in AP to switch modes though.
This is my current setup:
On the Router ------------- ! interface GigabitEthernet0/0/1 description Gigabit Ethernet WAN port mac-address <MAC ADDRESS SWITCHED FOR ONT> ip address <STATIC PUBLIC IP> 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip nbar protocol-discovery ip verify unicast source reachable-via rx allow-default ip access-group NO_OUTFACING_SERVICES in speed 1000 no negotiation auto vlan-range dot1q 1 40 ! end ! interface Wlan-GigabitEthernet0/1/8 switchport trunk native vlan 10 switchport trunk allowed vlan 10,20,40 switchport mode trunk end interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip access-group BLOCK_INTERVLAN_ROUTING in shutdown ! interface Vlan10 description VLAN interface (Layer 3) with 254 Usable Hosts (10.0.0.1 - 10.0.0.254), network address 10.0.0.0 ip address 10.0.0.1 255.255.255.0 ip broadcast-address 10.0.0.255 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ! interface Vlan20 description VLAN interface (Layer 3) with 254 Usable Hosts (10.0.20.1 - 10.0.20.254), network address 10.0.20.0 ip address 10.0.20.1 255.255.255.0 ip broadcast-address 10.0.20.255 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ! interface Vlan40 description Guest VLAN interface (Layer 3) with 254 Usable Hosts (10.0.40.1 - 10.0.40.254), network address 10.0.40.0 ip address 10.0.40.1 255.255.255.0 ip broadcast-address 10.0.40.255 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ! ip access-list standard NAT_TRANSLATIONS permit 10.0.0.0 0.0.0.255 permit 10.0.40.0 0.0.0.255 permit 10.0.20.0 0.0.0.255 ! ip access-list extended BLOCK_INTERVLAN_ROUTING deny ip 10.0.0.0 0.0.0.255 10.0.40.0 0.0.0.255 deny icmp 10.0.0.0 0.0.0.255 10.0.40.0 0.0.0.255 permit ip any any ip access-list extended NO_OUTFACING_SERVICES deny tcp any any eq telnet deny tcp any any eq 22 deny tcp any any eq www deny tcp any any eq 443 deny tcp any any eq finger deny tcp any any eq cmd permit ip any any WLC CONFIG:
----------- Number of Interfaces.......................... 3 Interface Name Port Vlan Id IP Address Type Ap Mgr Guest -------------------------------- ---- -------- --------------- ------- ------ ----- management 1 10 10.0.0.2 Static Yes No virtual N/A N/A 192.0.2.1 Static No No vlan_employees 1 20 10.0.20.2 Dynamic No No WLC BOOTUP MSG:
--------------- [*01/31/2019 12:22:26.6799] ethernet_port wired0, ip 10.0.20.3, netmask 255.255.255.0, gw 10.0.20.1, mtu 1500, bcast 10.0.20.255, dns1 184.108.40.206, is_static true, vid 0, static_ip_failover false, dhcp_vlan_failover false [*01/31/2019 12:22:26.6899] [*01/31/2019 12:22:26.6899] Configured VLAN Tag 20, failover_enabled 0 <CUT> [*01/31/2019 12:22:29.5099] Failed to load flex AP config from file. Default config will be used. [*01/31/2019 12:22:29.5599] Socket Valid Element wcp/wcp_db Handler set_vlan_name_map Data Length 10 [*01/31/2019 12:22:30.7799] ethernet_port wired0, ip 10.0.20.56, netmask 255.255.255.0, gw 10.0.20.1, mtu 1500, bcast 10.0.20.255, dns1 220.127.116.11, dns2 18.104.22.168, vid 20, static_ip_failover true, dhcp_vlan_failover false [*01/31/2019 12:22:39.6099] DOT11_CFG Radio Mode is changed from FlexConnect to FlexConnect [*01/31/2019 12:22:39.6199] DOT11_CFG Radio Mode is changed from FlexConnect to FlexConnect [*01/31/2019 12:22:39.7199] AP IPv4 Address updated from 0.0.0.0 to 10.0.20.3 [*01/31/2019 12:22:39.7299] send CAPWAP ctrl msg to the socket: Socket operation on non-socket [*01/31/2019 12:22:39.7299] send_msg_to_capwap_sm: Capwap SM restart message send failed for message: 9 [*01/31/2019 12:22:44.9899] AP IPv4 Address updated from 10.0.20.3 to 10.0.20.56 [*01/31/2019 12:22:44.9999] send CAPWAP ctrl msg to the socket: Socket operation on non-socket [*01/31/2019 12:22:44.9999] send_msg_to_capwap_sm: Capwap SM restart message send failed for message: 9 [*01/31/2019 12:25:36.9999] chatter: tohost_virtual :: ToHost: device 'virtual' went down [*01/31/2019 12:25:37.0399] chatter: tohost_vlan0 :: ToHost: device 'vlan0' went down [*01/31/2019 12:25:37.0999] chatter: tohost_vlan1 :: ToHost: device 'vlan1' went down <CUT> Starting the Switchdriver...
Originally, I wanted it so the corporation stuff was on the 10.0.0.0 / 24 network, the guests were on a different network, like 10.0.40.0 / 24. I couldn't get that working right though, so I tried putting the WLC on the 10.0.0.0 / 24 network, I was going to have the APs on the 10.0.20.0 / 24 network, and then a WLAN called MyBusiness Guest on 10.0.40.0 / 24 network.
To try and put the AP in Local mode, I typed this:
(WLC0) >show ap join stats summary all Number of APs.............................................. 1 Base Mac AP EthernetMac AP Name IP Address Status 00:bf:77:e0:00:c0 00:a3:8e:95:ac:30 WAP0 10.0.20.56 Joined (WLC0) >config macfilter add 00:a3:8e:95:ac:30 0 vlan_employees "Built-in WAP" 10.0.20.3 (WLC0)> config ap mode local submode none WAP0
I restarted, but as you can see from the WLC0's bootup messages that are displayed on the screen, the AP is still in the FlexConnect mode. Any ideas what I'm doing wrong in my attempt to stop using FlexConnect and switching everything over to Local mode? Any does anyone see anything wrong with the VLANs or know why from the WLC, I cannot reach the router or other various VLANs? I assigned the vlan_employees interface to the WLAN ID 1 (currently, the only wireless SSID). Thanks!
Did you change the SSID from flexconnect to Local mode? WLAN, SSID> Advanced Tab> FlexConnect > Uncheck Fleconnect Local switching.
Try to add device config as txt file.
-If I helped you somehow, please, rate it as useful.-
Thank you for the reply. Currently, because I cannot access any GUIs at all, I must do everything from the console ports. I did not do anything with the SSIDs, I didn't realize I had to. From your example, I have now issues the following command from the WLC's console session:
config wlan disable 1
config wlan flexconnect local-switching 1 disable
config wlan enable 1
Where currently, the only SSID, is the 1st one there.
After executing those commands though, I still see the AP is not joined to the controller, I still can only ping 10.0.0.2 (the management interface), I still cannot ping the vlan_employees interface (10.0.20.2), I cannot ping VLAN10 (10.0.0.1) or VLAN20 (10.0.20.1). I can ping the address the built-in AP is assigned though (currently through DHCP, it's ignoring my static IP address, 10.0.20.58).
I am going about it the right way, trying to tell the WLC what APs are allowed to join? Using the config macaddress command? I am not certain which of the two MAC addresses for the WAP I am supposed to use either, whether I'm supposed to use the Base MAC or the AP EthernetMac (that's what they're called when I do the show ap join stats summary all).
I do not know what you mean by try using a txt file for the device config.
Thanks for helping.
I think I may misunderstood your problem.
I though the AP was joined and you were facing problem with the client on the SSID. Then, I though your AP was in flexconnect but your SSID not.
But, if you AP does not yet joined the WLC then forget it completely.
It seems to me that the AP is not able to reach the WLC and you may have network config problem.
What I said about the txt file is for you to attach the switch config file in a txt file to make it easier to read. This is also true for the wlc.
Keep in mind that the WLC and switch needs to be as trunk mode in order to carrier more that one vlan.
You need also create subinterfaces on the WLC and interface-vlans on your layer 3 switch with ip-helper address pointing to the DHCP server.
Most of it I'm guessing as I don't know your environment.
You may provide a draw to make it easier.
-If I helped you somehow, please, rate it as useful.-
I also believe it's a configuration issue. I am uploading a hand-drawn picture of my network topology. The WLC and first AP are built into the router. I have not figured out how to disable FlexConnect on the WLC, nor have I figured out how to configure the interface as a trunk line on the WLC.
In the Network Topology picture, I did not draw the Wireless APs. There are four total. One is built into the Router (along with the WLC), and the other three I have connected to the router instead of the switch because the router supports PoE and my switch does not.
I have tried putting the management interface on the WLC and the wireless APs on one VLAN but the SSIDs on another VLAN, so users connecting to either SSIDs wouldn't have access to any of the management hardware (WLCs, Routers, Wireless APs, etc), but I could not get that working, then I tried putting the WLC, APs, and the employee SSID all on the same VLAN, with the SSID for Guests on another VLAN, but I could not get that working at all either.
Depending on the configuration, I can get the built-in AP to show Join. I currently want FlexConnect disabled, just to try and make it a little easier getting everything working, but I am not against keeping FlexConnect enabled, I just thought it would be easier right now with it disabled. Eventually, we will be expanding (if everything goes right) and we will have a need for FlexConnect when that time comes.
Thanks for the help!!!!
Take a look on this doc:
The router model is different but you may benefit from the concept. Honestly, dont have experient with WLC and ISR
but I´d say you need some interface between WLC and router in order to work.
Enter configuration commands, one per line. End with CNTL/Z.
c2811(config)#interface wlan-controller 1/0
c2811(config-if)#ip address 192.168.99.254 255.255.255.0
Considering in your scenario the interface would be :
switchport trunk native vlan 999
switchport trunk allowed vlan 10,20,40
switchport mode trunk
Then you can try to put the APs on the vlan 999 in the router.
-If I helped you somehow, please, rate it as useful.-
Have you configured the controller part first?
service-module wlan-controller 1/0 session
Before you can get the APs to register you need to configure that part?
You will then need sub interfaces created for the WLANs on the controller on the router
The AP router port config can either be a connected to a switch or straight to an AP.
You will need a DHCP scope for the APs with option 43 pointing to the WLC IP that you configured.