Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
1
Replies

2504 Wireless controller, two WANs, VLAN routing through SF200-26P - DHCP issue

Nathan Smith
Level 1
Level 1

‎01-21-2017 08:48 AM - edited ‎03-08-2019 09:00 AM

I've been struggling for a few days trying to figure out how to configure the 2504 and a SF200 to be able to route a VLAN tagged guest WAN through to the gateway port with DHCP.  Ive been through the SF200 documentation on VLAN management and that has not been very helpful.  I've read the 'Guest WLAN and Internal WLAN using WLC's Configuration Example' but that also has not gotten me anywhere either.  I've been through a few other tutorials but nothing seems to work as expected.

Device configuration:

Wingate (V 9) Router / Proxy with 3 interfaces:

External 192.168.1.2/24, no tagging (this goes to the to ISP)

Internal 172.30.3.1/24, no tagging, bind to DHCP scope 172.30.3.100-172.30.3.200 (to be used for internal general network access)

Internal 10.10.10.1/24, no tagging, bind to DHCP scope 10.10.10.100-10.10.10.200 (to be used for guess wireless only)

Cisco WLC 2504 (V8.3.102.0):

Two interfaces used:

management interface, PORT 2, untagged (vlan 0) 172.30.3.11/24, gateway 172.30.3.1, DHCP server IP 172.30.3.1

guest interface, PORT 2, VLAN 10, 10.10.10.10/24, gateway 10.10.10.1, DHCP server 10.10.10.1

DHCP proxy mode is enabled

Two WLANs defined:

1: primary, Interface : management, PSK, defaults

2: guest, Interface : guest, PSK, defaults

On the SF200 I have the 2504 Port 2 connected to SF200 port 1.  My expectation is that the 2504 will send all of the untagged and VLAN 10 tagged packets out on port 2 based on port 2 being specified in both interface definitions.

Wireless access points are connected to other truck ports on the SF200 are powered up and I can see both WLAN SSIDs being broadcast.

SF200 Port 13 connects to router NIC Internal 172.30.3.1/24

SF200 Port 2 connects to router NIC Internal 10.10.10.1/24

The SF200 with the defaults (trunks, default VLAN 1 untagged), the 173.30.3.x network seems to be OK and the primary WLAN gets good IP addresses from the DHCP server.  As expected as that part rather simple and straight forward.

However I've not been able to figure out how to get the SF200 configured to accept the untagged and the VLAN 10 tagged traffic on port 1 and pass VLAN 10 packets to SF200 port 2 as an access port.  My understanding is that I would need port 2 set as an access port so the VLAN 10 traffic has the tag removed assuming all traffic on the port is to the proper path (to the 10.10.10.1 interface).

I did try setting the quest interface to WLC port 3 and connecting to directly to the router NIC 10.10.10.1 but it seemed the DHCP server definition used for that interface was being ignored as the wireless devices would be issued 172.30.3.x addresses.  Testing the 10.10.10.1 network with another switch and the WLC 2504 disconnected, all seems to work well with the DHCP server issuing 10.10.10.x addresses.

So two questions:

1.  How do I configure an SF200 to achieve proper routing based on the configuration above?  Or is there something else that has to be changed?  Reading through the example it seems this should work if I get the SF200 configured properly.  I can't figure out how to setup the SF200 to an access port for VLAN 10.  Setting it to a trunk or general mode with PVID set to 10 doesn't work.  When trying to set to access mode I get an error as I assume there is some magic order I must follow that I haven't figured out.

2.  Why is the WLC 2504 not using the specified interface's DHCP server setting for the 10.10.10.x network when using WLC port 3 connected directly to 10.10.10.1? 

Labels:
0 Helpful
1 Reply 1

Nathan Smith
Level 1
Level 1

‎01-21-2017 01:27 PM

Update: In 'Interface Settings', I did try changing the SF200-FE2 port connecting to the 10.10.10.1 router port to PVID 10 and then changing to an Access mode after applying the PVID change (in trunk mode).  That did seem to allow the port to function in access mode on VLAN 10.

In 'Port to VLAN', for VLAN 1, SF200-FE1 connected to the WLC2504 Port 2 was set as UNTAGGED and SF200-FE2 connected the 10.10.10.1 router port is set as FORBIDDEN.

In 'Port to VLAN' for VLAN 10, SF200-FE1 connected to the WLC2504 Port 2 was set as TAGGED and SF200-FE2 connected the 10.10.10.1 router port is set as UNTAGGED.

With these changes it does appear that the traffic from the two WLANs are isolated and seem to be routing from the WLAN out properly.

However I still see the primary DHCP server settings not being honored for the two interface definitions.  I assume there is a setting somewhere in the WLC2504 that might influence this but I haven't found it yet.  I have tried adding a DHCP server override in each of the WLANs advanced settings tab to the respective DHCP server IP (172.30.3.1 and 10.10.10.1) but still seem to be getting the wrong IP addresses issued.  Any ideas on what would effect this?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card