12-20-2013 12:14 PM - edited 07-04-2021 01:28 AM
I know that the virtual wireless controller connected AP's have to be in Flex Connect mode. My question is do all associated wlan's have to be locally switched or can any of them be centrally switched? If they can, can someone offer me some configuration help? The management interface leads me to believe at least one associated wlan can be centrally switched but all the documentation I've read says its not possible.
12-20-2013 01:23 PM
You have to create dynamic interface on vWLC like any other controller and then map it onto Central switched WLAN.
Remember that vWLC would hv ~ 500Mbps of total throughput, so passing all traffic through it may not be ideal. That's why local switching is recommended.
Sent from Cisco Technical Support iPhone App
*** Pls rate all useful responses ****
12-20-2013 01:52 PM
I've done that but it doesn't seem to work. I can't connect to the SSID I'm broadcasting for the Centrally Switched wlan. I'm not sure if there is some special configuration that is needed. The VMWare configuration is set correctly per the documentation and I can ping the dynamc interface from an upstream switch. So I'm missing something somewhere.
12-20-2013 02:01 PM
It should work.. In order to find out what's missing pls provide the two CLI output of the below on your vWLC
(vWLC) >show interface detailed
(vWLC) >show wlan
HTH
Rasika
**** Pls rate all useful responses ****
12-23-2013 12:38 PM
output from show wlan
WLAN Identifier.................................. 2
Profile Name..................................... Annex-Guest
Network Name (SSID).............................. CityGuest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CityvWLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ cityvwlc-group
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
--More-- or (q)uit
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Disabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Enabled
Load Balancing................................... Client-Count Based
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
--More-- or (q)uit
802.11u........................................ Disabled
MSAP Services.................................. Disabled
output from show interface detailed
Interface Name................................... cityguest.charlottesville.org
MAC Address...................................... 00:50:56:97:5e:b5
IP Address....................................... 192.168.65.35
IP Netmask....................................... 255.255.255.224
IP Gateway....................................... 192.168.65.33
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 765
Quarantine-vlan.................................. 0
NAS-Identifier................................... CityvWLC
Physical Port.................................... 1
DHCP Proxy Mode.................................. Enabled
Primary DHCP Server.............................. 192.168.65.33
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Enabled
Remote ID format................................. ap-mac
ACL.............................................. Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
12-23-2013 04:29 PM
I noticed you have mapped an interface goup to the WLAN. Try to map dynamic interface to WLAN & check. Also enalbe DHCP Address Assigment requirement under WLAN Advanced tab if no static client allow ont this WLAN
Interface........................................ cityvwlc-group
.
.
DHCP Address Assignment Required................. Disabled
Interface Name................................... cityguest.charlottesville.org
.
.
Primary DHCP Server.............................. 192.168.65.33
HTH
Rasika
*****Pls rate all useful responses ****
12-26-2013 05:43 AM
Thanks for your response. I've made the changes you suggest and its made no difference on connecting. If I statically assign and ip address to the client I can ping the dynamic interface ip address (192.168.65.35). And from an upstream switch interface I can also ping the dynamic interface.. The dhcp server is upstream from the dynamic interface and a client can't seem to reach it. I never get an ip address assignment, nor can I get any traffic past it when I statically assign an address...
12-26-2013 06:02 AM
Is the ESXi host set to Promiscuous Mode? If so, I would setup a dhcp scope on the vWLC for testing and see if that works. If so, then you need to see if something is blocking the dhcp request or dhcp offers between the vWLC and the dhcp server.
http://www.cisco.com/en/US/products/ps12723/products_tech_note09186a0080bd2d04.shtml#definition
Sent from Cisco Technical Support iPhone App
12-26-2013 06:21 AM
I have just verified with our Systems Engineers that the ESXi host is set to promiscuous mode for the data port of the vWLC. I'd like to set up a dhcp scope on the vWLC but it appears that it doesn't support it. I don't see the option in the Web GUI to do that. Am I missing something?
12-26-2013 06:27 AM
Yeah I forgot about that. They don't support it. As far as testing, if you are able to configure a static in the client and are able to access the network, then it seems like something is blocking. Do you up helpers configured in the vlan that the wireless clients are on pointing to your dhcp server?
Sent from Cisco Technical Support iPhone App
12-26-2013 06:49 AM
The DHCP server for this vlan (765) is the upstream switch 192.168.65.33, which also happens to be the default gateway. From that switch I can ping the dynamic interface... I agree that something is blocking, at this point, I just don't have a clue as to what it is...
12-26-2013 08:04 AM
Yeah.... you would need to sniff the traffic to see which direction things are being blocked. I would also try to enable/disable dhcp proxy on the vWLC to see if that helps.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
12-27-2013 06:55 AM
We placed a guest windows VM on the same virtual switch and set the nic to be tagged in vlan 765. It got an ip address from the upstream DHCP server in the correct Vlan and was able to get to the internet...so I am confident the ESXi set up is correct at this point.
12-27-2013 09:03 AM
Create a test ssid which is open, no authentication and connect a client to that ssid. See if the client gets an ip address.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
12-27-2013 11:25 AM
So I found out what the issue was after all. No where in the instructions does it say you need to have MAC Address Changes and the Forged Transmits set to accept. Our environment has those set as reject by default but they need to be set to accept along with Promiscuous mode. All is now working as it should.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: