Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Having trouble getting WLAN to access outside its subnet

Brett Tesdall
Level 1
Level 1

‎03-04-2015 08:35 AM - edited ‎03-07-2019 10:56 PM

Hi, all,

I've just started working with a 2504 Wireless LAN controller and bunch of 2702i Access Points.  Spent a lot of time in the controller and working with getting the access points set up and all that.  So far, I have a test WLAN set up, ap-management interfaces set up for all the ports on the controller, an AP group for our building, one AP attached to the controller for testing, and have just recently created a new interface for internal LAN access via wireless and created a DHCP scope in the controller for it.

This is just a quick diagram of how the network is right now:

2504 ----->  3750 switch stack ----> 3550 core switch (VLAN's are managed here, gateways for each VLAN are here and all outbound traffic to the Internet goes out of here through a pfSense firewall VM to the Internet)

 

The 2504 is connected to the 3750 on two ports, G0/1 and G0/4.  G0/1 is mainly for management and is on a 10.200.1.x subnet in VLAN 1001.  The switchport that G0/1 is connected to on the 3750 has this config:

interface GigabitEthernet1/0/8
 description Cisco 2504 Wireless LAN controller Port 1
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1001
 switchport mode trunk
 spanning-tree portfast
end

 

I know that the "switchport access vlan 10" can probably be removed, it was probably leftover from when I was initially setting this up.

G0/4 of the 2504 is connected to the 3750 on port G1/0/7.  This has an ap-management interface also in the 10.200.1.x subnet on VLAN 1001, but I just added a new interface called "internal_wlan".  The IP address on the controller for it is 10.15.15.2, VLAN 15, the gateway is 10.15.15.1 which is the 3550.  (The 3550 is the gateway for pretty much all of our subnets and VLANs.)  I've created a DHCP scope in the controller for between 10.15.15.10-.250.  G1/0/7 on the 3750 has this config:

interface GigabitEthernet1/0/7
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1001
 switchport trunk allowed vlan 15,1001
 switchport mode trunk
end

I have the WLAN up, visible, and able to connect to it with my Android cell phone and DHCP is handing out an address to it.  The problem is, I can't ping or access anything outside of the 10.15.15.x subnet.  My desktop computer has an IP of 10.6.6.140.  The VLAN for the PC's is VLAN 6, gateway is 10.6.6.1 which is again the 3550.  The controller is able to ping both my desktop PC and my cell phone.  I've remotely gotten into every device from the AP all the way to the core switch and am able to ping my desktop PC and my phone with no problems.  However, from my phone, it's unable to "turn the corner" onto another of our subnets or even go out to the internet.

I know I'm probably missing something very simple, but just can't think of what it is.  I could use some help!

Let me know if you need configs to help further.

 

Thanks in advance!

 

Labels:
0 Helpful
1 Reply 1

Brett Tesdall
Level 1
Level 1

‎03-05-2015 08:37 AM

Hey guys, figured out my problem.

 

Apparently in the AP, I had to turn on VLAN tagging in the Advanced options.  This corrected the problem.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card