cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1210
Views
10
Helpful
27
Replies
Beginner

Re: Getting Wireless Users onto LAN

NikhiL,

Ok, are you suggesting then that everything be on the same network? or that I move the default gateway off the ASA?

Contributor

Re: Getting Wireless Users onto LAN

Kyle,

I am not suggesting everything on the same network. But suggesting to keep all the gateway interfaces on the same device, either ASA or the switch

Regards

NikhiL

Highlighted
Beginner

Re: Getting Wireless Users onto LAN

Ok, I will give that a try.

Quick question, I created the trunk on the 3750 to the WLC, is there any additional config on the WLC that needs to be made to put it in trunk mode?

Re: Getting Wireless Users onto LAN

The controller is a dot1q trunk by default. The only option you have is to run LAG(ether channel) or not

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: Getting Wireless Users onto LAN

Steve are you sure ...

Its only .1q (IF) you fill in the VLAN ID under the dynamic interafce. Its not tagging if you leave it bank. Or am I off base on this one?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Re: Getting Wireless Users onto LAN

It's still a .1q trunk options being .1q or isl. you just won't have the tag in the management but you will on all the others.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Contributor

Re: Getting Wireless Users onto LAN

Kyle,

Did you try with the ineterfaces on same device

Regards

NikhiL

Beginner

Re: Getting Wireless Users onto LAN

My goal is to get that process going Monday morning. I dont quite know how I am going to achieve this on our LAN. We own two buildings that are redundant, if I put the default gateway on one of the L3 switch stacks I need to go through our production controls team since I will be taking internet access down from our internal LAN.

Are you absolutely sure this is the problem? I am still skeptical and I dont want to involve multiple departments and send out communications for this when it may be something else.

*edit*

I guess I could create a subnet from the WLC to the Switch, and then create a routing statement to the ASA. I can give this a try on Monday.

Beginner

Re: Getting Wireless Users onto LAN

After more troubleshooting this morning i found out that the problem is communication from the WLC to the 3750 switch. From the WLC if I ping 10.100.21.1 I get this:

(Cisco Controller) >ping 10.100.21.1

Send count=3, Receive count=0 from 10.100.21.1

Should I be getting this? I know the management interface has an IP of 10.10.20.100 but on the switch I did this:

description Connection to Wireless LAN Controller (10.100.21.2)

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan add 10

switchport trunk allowed vlan add 21

So I would think that traffic can flow normally between the two devices.

I also tried patching in the port assigned to the dynamic TEST interface directly into the switch and adding that switchport into VLAN 21 but that didnt solve the problem either:

3750 config:

interface GigabitEthernet2/0/20

description Wireless LAN Controller - 10.100.21.2

switchport access vlan 21

interface Vlan21

ip address 10.100.21.1 255.255.255.0

WLC config:

IP Address: 10.100.21.2

Netmask: 255.255.255.0

Gateway: 10.100.21.1

VLAN: 21

Port: 2

DHCP Info: 10.10.20.100

Any ideas?

Re: Getting Wireless Users onto LAN

Kyle:
If you are using default VLAN for management, you need to use to set the VLAN Identifier on the dynamic interface as 0.

If you put the VLAN  Identifier on the management VLAN as 1 then this is wrong.

If you are using DEFAULT VLAN then use the VLAN Identifier as 0 regardless of the vlan number of the default vlan that is being used.

I think there is some kind of vlan mismatch.

Sorry but I did not give detailed look to the above. just skimmed it and trying to help.

Amjad

Rating useful replies is more useful than saying "Thank you"
Beginner

Re: Getting Wireless Users onto LAN

So for example our internal VLAN is vlan 10. You are saying I should set the management interface to VLAN 10 and the dynamic interface to vlan 0?

Re: Getting Wireless Users onto LAN

Kyle,

I can understand the confusion, we have all been there. If I can offer my 2 cents...

Cisco recommends to tag all the traffic, you can find this in the 7MR1 guide. This is a chnage from years past, when Cisco's config guide stated native the managment interface.

Lets look at the dynamic interfaces ...

First

7MR guide - Page 3-13 States: Tag all traffic, including managment

Example 1

Suppose you leave dynamic interface vlan ID blank. You are stating traffic is NOT tagged.  So long as the vlan and the subnet you put on the Wlc match up with the swithc you will pass traffic

Example 2

Suppose you put a vlan ID in like 10. You are telling the WLC to TAG all traffic for this dynamic interface. In return, you would need to TRUNK the swithc port and allow vlan 10

Example 3

Suppose you lag the WLC and you add vlan numbers for all your WLANS (dynamic interfaces) 10,20,30,40 etc. And you take the wlc management interface and you leave the vlan id blank.  You are telling the WLC to tag all the WLANs but not the management. In this case you would trunk at the switch and use the native statement for the management traffic.

So long as the vlan subnet and the native management dynamic interface are on the same subnet, you will pass traffic.

In fact, if you break out all the ports and use NON LAG on the wlc. Say port 1 = vlan 10, port 2 = vlan 20, etc .. If you dont put in vlan id's you would put swith port mode access on the switch side.

I hope this helps ..

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Beginner

Re: Getting Wireless Users onto LAN

George,

Thank you for the thorough explaination. That makes things way more clear than before. We run a small IT shop here and any wireless I learned was from college which was 4-5 years ago, which like you said things have changed. I keep hitting small walls (example: Now I have LAN communication up to our firewall but it wont let me reach the internet) but luckily the forums are here, I just try not to flood them with my questions.

*edit*

Going back into example 1 (which my solve my internet problem) if I leave the dynamic interface untagged how do I make a default gateway on the L3 switch for traffic to route to? Or in that scenario would I have the default gateway on the ASA?

I think the problem im running into is I am taggin WLAN traffic as VLAN 21 and even though I can ping the ASA inside interface the ASA doesnt know about VLAN 21 so it wont route the packets out to the internet.

Thanks again for your help and patience.

CreatePlease to create content
Ask the Expert- Webex Hybrid Services Solutions