Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1095
Views
0
Helpful
5
Replies

FlexConnect + Local Switching = No Network Access

JamieThompson9945
Level 1
Level 1

‎05-28-2019 12:07 AM - edited ‎07-05-2021 10:28 AM

Hi, I'm working with cisco wireless for the first time.

Im trying to setup some access points with multiple SSIDs/Vlans and to have the access points work even if the VWLC goes down (its on the same network as the APs) . I have a VWLC setup on a hyperV host with 3 networks on 3 different vlans.

 

I have confirmed that the VWLC subinterface ip's can be pinged from each network so I don't think its an issue with the vwlc the network adapter for it is in trunk mode and I made it using the powershell script on the cisco website.

 

The host is connected to a 2901 with an EHWIC-D-8ESG-P which is also where the APs are connected.

On the EHWIC-D-8ESG-P I have the following configured. the following for all 8 ports

 

interface GigabitEthernet0/1/0
switchport trunk native vlan 10
switchport trunk allowed vlan 1,2,10-12,1002-1005
switchport mode trunk
no ip address

On the VWLC I have for the access points

AP Mode FlexConnect

 

In the FlexConnect tab for the APs I have

VLAN Support checked and when I go into VLAN Mappings I can see my SSIDs which I have specified local mode assigned to their vlans

WLAN Id VLAN ID

Guest WiFi 12

 

On the interfaces I have setup

 

Interface Name VLAN IP Address

management 10 10.0.0.11

clientnet 11 10.0.1.11

dmznet 12 10.0.2.11

 

However when I connect any wifi client to the ssid I do not get an IP address from the DHCP server on this vlan.

I have not configured DHCP relay as there is a DHCP server on each vlan

 

The APs themselves get the following config

 

interface GigabitEthernet0.10
 encapsulation dot1Q 10 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 5
 bridge-group 5 spanning-disabled
 no bridge-group 5 source-learning
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 6
 bridge-group 6 spanning-disabled
 no bridge-group 6 source-learning
!

Am I doing something wrong ?

Labels:
0 Helpful
5 Replies 5

Mikey Boy
Level 1
Level 1

‎05-28-2019 02:39 AM

Hi, on the SSID which you have set to flexconnect local switching you will have assigned an interface. If you go to the interfaces tab, under DHCP proxy mode what is that set to? I would set it to disable for my flexconnect SSIDs as normal practice.

 

If this is a live enviroment and that interface is used on any local mode SSID's you will need to be careful not to prevent other users being affected.

 

Regards

0 Helpful

JamieThompson9945
Level 1
Level 1
In response to Mikey Boy

‎05-28-2019 02:49 AM

Yes everything under the DHCP section is disabled for the interface the wlans are on.

 

Primary DHCP Server  empty

Secondary DHCP Server  empty

DHCP Proxy Mode unticked 

Enable DHCP Option 82 unticked 

Enable DHCP Option 6 OpenDNS  unticked 

 

So the local dhcp server on each vlan should be used, Yet whenever I connect a device to the ssid it gets stuck on APIPA.

I have a hyperv vm for testing that im assigning to the various vlans by changing the vlan tag and this gets the right IP address every time. But not anything going through the access points

0 Helpful

Mikey Boy
Level 1
Level 1
In response to JamieThompson9945

‎05-28-2019 08:51 AM

It sounds like you have everything configured. Is there any DHCP snooping config present on the switching?

 

Quick solution to see what is happening, span the switchport with an AP on it during a client association. You should see DHCP traffic outside of the CAPWAP tunnel. This will verify instantly whether or not the DHCP traffic is happening locally on the switchport.

 

 

0 Helpful

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎05-28-2019 08:15 AM

For an example if your AP VLAN is 10 , Domain WiFi is 12 and Guest VLAN is 13. Your AP switch port configuration should be as below.

 

Switch port mode trunk

Switch port trunk native VLAN 10

Switch port trunk allowed VLAN 10,12-13

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

JamieThompson9945
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎05-28-2019 02:15 PM

Because its a ehwic ive had to add the following default vlans

 

interface GigabitEthernet0/1/x
 switchport trunk native vlan 10
 switchport trunk allowed vlan 1,2,10-12,1002-1005
 switchport mode trunk
 no ip address

 

This should work correct ?

 

Because I can ping the VWLC interface ips from the respective network think the wlc is working fine. 

 

Here is the network config on the AP.

 

bridge irb
!
!
!
interface Dot11Radio0
 antenna gain 0
 rxsop-threshold 85
 stbc
 ampdu transmit priority 1
 ampdu transmit priority 2
 ampdu transmit priority 3
 mbssid
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 power client local
 packet retries 64 drop-packet
 station-role root
 no cdp enable
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 6
 bridge-group 6 subscriber-loop-control
 bridge-group 6 spanning-disabled
 bridge-group 6 block-unknown-source
 no bridge-group 6 source-learning
 no bridge-group 6 unicast-flooding
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no cdp enable
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 spanning-disabled
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
!
interface Dot11Radio0.18
 encapsulation dot1Q 18
 no cdp enable
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.19
 encapsulation dot1Q 19
 no cdp enable
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 spanning-disabled
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 no cdp enable
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 spanning-disabled
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
!
!
interface Dot11Radio1
 antenna gain 0
 peakdetect
 rxsop-threshold 80
 stbc
 ampdu transmit priority 1
 ampdu transmit priority 2
 ampdu transmit priority 3
 mbssid
 power client local
 packet retries 64 drop-packet
 station-role root
 no cdp enable
!
interface Dot11Radio1.2
 encapsulation dot1Q 2
 no cdp enable
 bridge-group 6
 bridge-group 6 subscriber-loop-control
 bridge-group 6 spanning-disabled
 bridge-group 6 block-unknown-source
 no bridge-group 6 source-learning
 no bridge-group 6 unicast-flooding
!
interface Dot11Radio1.18
 encapsulation dot1Q 18
 no cdp enable
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface Dot11Radio1.19
 encapsulation dot1Q 19
 no cdp enable
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 spanning-disabled
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
!
interface Dot11Radio1.20
 encapsulation dot1Q 20
 no cdp enable
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 spanning-disabled
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
!
interface GigabitEthernet0
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.10
 encapsulation dot1Q 10 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 5
 bridge-group 5 spanning-disabled
 no bridge-group 5 source-learning
!
interface GigabitEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 6
 bridge-group 6 spanning-disabled
 no bridge-group 6 source-learning
!
interface BVI1
 mac-address 
 ip address dhcp client-id BVI1
 no ip route-cache
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
interface BVI2
 mac-address 
 no ip address
!
interface BVI3
 mac-address 
 no ip address
!
interface BVI4
 mac-address 
 no ip address
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
bridge 4 route ip

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card