01-23-2012 12:13 PM - edited 07-03-2021 09:26 PM
Hi,
I just converted AP 1142 to LAP using the image "c1140-rcvk9w8-tar.124-21a.JA2.tar".
The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16
The main management interface is on 192.168/24 but we defined as management the interface on the 10.20/16 network.
For the access points, we use ports on a native VLAN on 10.20/16 with other available VLANS which are used for the wlan networks
We have 1152 APs which work fine on this config but that needed to be registered on the 192.168/24 network, then we moved them in their VLAN 10/20/16 and they work fine.
We also have 1142 APs which have been upgraded to LAP. These AP do not work with our architecture.
They register correctly on the 192.168/24 network, but do not give access to the wlan VLANs. If they are moved in the 10.20/16 network, they don't register to the WLC (message : Timed out while waiting for ECHO repsonse from the AP). The AP do not get an IP.
is there a restriction with VALNs on these AP ? or is something false ?
Thanks,
Christophe
Solved! Go to Solution.
01-23-2012 01:12 PM
The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16
Are the ports of the 5508 configured as LAG and as a Trunk?
What about the switch-side? Are they configured as trunk?
The switch ports configured for the AP, is it a trunk or access port? DO you have the correct VLANs created?
01-28-2012 05:34 AM
Hi,
Thanks for your ideas, finally in investigating around the switch we found out that the port on which was running the AP was disfunctional. The ethernet negociation could not be done... At first I did not think of this kind of problem.
Christophe
01-23-2012 12:22 PM
No, the AP can be on any VLAN so long as it can reach the WLC Management address on UDP 5246/5247.
As for teh access to the WLAN, are you using AP Groups?
Steve
01-23-2012 12:30 PM
Yes we're using AP groups.
When the AP get registered (in the main network) it is assigned to an AP group, and starts broadcasting the wlan networks. But then, any connection fails, the client does not get an IP, as if it is not able to reach the correct VLAN.
The same configuration is applied to the 1152 APs and it works just fine.
01-23-2012 12:34 PM
can you post the config from the WLC?
01-23-2012 12:50 PM
yes, i'll just wipe the "secret" things
Thanks for your help
Christophe
01-23-2012 03:22 PM
Stephen, leolaohoo thank you for your help and ideas
Here is the configuration (some details deleted or renamed), sorry I did not find the way to attach a file :
config location expiry tags 5
config local-auth method fast server-key encrypt 1 xxx xxx xx xxx
config time ntp interval 3600
config time ntp server 1 192.168.0.200
config license boot auto
config logging syslog level informational
config logging syslog level 6
config logging syslog facility local1
config logging syslog host 192.168.0.200
config logging buffered alerts
config logging buffered 1
config sysname wlc1
config interface address management 192.168.0.219 255.255.255.0 192.168.0.254
config interface port management 1
config interface address service-port 169.254.1.2 255.255.255.0
config interface address virtual 1.1.1.1
config interface address dynamic-interface guestwlan 192.168.1.253 255.255.255.0 192.168.1.254
config interface port guestwlan 1
config interface address dynamic-interface "vlan20 servers" 10.20.255.250 255.255.0.0 10.20.255.254
config interface port "vlan20 servers" 2
config interface ap-manager "vlan20 servers" enable
config interface address dynamic-interface "vlan22 wlan test 1" 10.22.255.250 255.255.0.0 10.22.255.254
config interface port "vlan22 wlan test 1" 2
config interface address dynamic-interface "vlan23 wlan test 2" 10.23.255.250 255.255.0.0 10.23.255.254
config interface port "vlan23 wlan test 2" 2
config interface address dynamic-interface "vlan24 wlan test 3" 10.24.255.250 255.255.0.0 10.24.255.254
config interface port "vlan24 wlan test 3" 2
config interface address dynamic-interface "vlan25 wlan test 4" 10.25.255.250 255.255.0.0 10.25.255.254
config interface port "vlan25 wlan test 4" 2
config interface address dynamic-interface "vlan26 wlan test 6" 10.26.255.250 255.255.0.0 10.26.255.254
config interface port "vlan26 wlan test 6" 2
config interface address dynamic-interface "vlan27 wlan test 7" 10.27.255.250 255.255.0.0 10.27.255.254
config interface port "vlan27 wlan test 7" 2
config interface group interface add production guestwlan
config interface group interface add production management
config interface group create production
config interface group interface add r&d "vlan22 wlan test 1"
config interface group interface add r&d "vlan23 wlan test 2"
config interface group interface add r&d "vlan24 wlan test 3"
config interface group interface add r&d "vlan25 wlan test 4"
config interface group interface add r&d "vlan26 wlan test 6"
config interface group interface add r&d "vlan27 wlan test 7"
config interface group create r&d
config interface dhcp management primary 192.168.0.252
config interface dhcp service-port disable
config interface vlan guestwlan 200
config interface create guestwlan 200
config interface dhcp dynamic-interface guestwlan primary 192.168.7.254
config interface vlan "vlan20 servers" 0
config interface create "vlan20 servers" 0
config interface dhcp dynamic-interface "vlan20 servers" primary 10.20.255.252
config interface vlan "vlan22 wlan test 1" 22
config interface create "vlan22 wlan test 1" 22
config interface dhcp dynamic-interface "vlan22 wlan test 1" primary 10.20.255.252
config interface vlan "vlan23 wlan test 2" 23
config interface create "vlan23 wlan test 2" 23
config interface dhcp dynamic-interface "vlan23 wlan test 2" primary 10.20.255.252
config interface vlan "vlan24 wlan test 3" 24
config interface create "vlan24 wlan test 3" 24
config interface dhcp dynamic-interface "vlan24 wlan test 3" primary 10.20.255.252
config interface vlan "vlan25 wlan test 4" 25
config interface create "vlan25 wlan test 4" 25
config interface dhcp dynamic-interface "vlan25 wlan test 4" primary 10.20.255.252
config interface vlan "vlan26 wlan test 6" 26
config interface create "vlan26 wlan test 6" 26
config interface dhcp dynamic-interface "vlan26 wlan test 6" primary 10.20.255.252
config interface vlan "vlan27 wlan test 7" 27
config interface create "vlan27 wlan test 7" 27
config interface dhcp dynamic-interface "vlan27 wlan test 7" primary 10.20.255.252
config country FR
config mobility group domain FRzone
config radius auth add encrypt 1 10.20.255.251 1812 password 1 xxxx
config radius auth management 1 enable
config radius auth retransmit-timeout 1 2
config radius auth network 1 enable
config radius auth rfc3576 enable 1
config radius auth enable 1
config nmsp notification interval rssi rfid 2
config certificate generate webauth
config database size 2048
config network master-base enable
config network rf-network-name FRzone
config rfid timeout 1200
config rfid status enable
config rfid mobility pango disable
config mgmtuser add encrypt admin 1 xxx 32 xxx read-write
config mgmtuser add encrypt RWAdm 1 xxx 32 xxx read-write
config advanced probe-limit 2 500
config advanced probe limit 2 500
config advanced 802.11a channel add 36
config advanced 802.11a channel add 40
config advanced 802.11a channel add 44
config advanced 802.11a channel add 48
config advanced 802.11a channel add 52
config advanced 802.11a channel add 56
config advanced 802.11a channel add 60
config advanced 802.11a channel add 64
config advanced 802.11a channel add 100
config advanced 802.11a channel add 104
config advanced 802.11a channel add 108
config advanced 802.11a channel add 112
config advanced 802.11a channel add 116
config advanced 802.11a channel add 120
config advanced 802.11a channel add 124
config advanced 802.11a channel add 128
config advanced 802.11a channel add 132
config advanced 802.11a channel add 136
config advanced 802.11a channel add 140
config advanced 802.11a channel cleanair-event enable
config advanced 802.11a channel dca chan-width-11n 40
config advanced 802.11b channel add 1
config advanced 802.11b channel add 6
config advanced 802.11b channel add 11
config advanced 802.11b channel cleanair-event enable
config advanced 802.11b tx-power-control-thresh -80
config wlan wmm allow 1
config wlan mfp client disable 1
config wlan wmm allow 2
config wlan mfp client disable 2
config wlan chd 3 disable
config wlan wmm allow 3
config wlan mfp client enable 3
config wlan wmm allow 4
config wlan mfp client enable 4
config wlan wmm allow 5
config wlan mfp client enable 5
config wlan wmm allow 6
config wlan mfp client enable 6
config wlan wmm allow 7
config wlan mfp client enable 7
config wlan security wpa akm psk set-key hex encrypt 1 xxx
config wlan security wpa akm psk enable 1
config wlan security wpa akm 802.1x disable 1
config wlan security wpa enable 1
config wlan security wpa akm psk set-key hex encrypt 1 xxx
config wlan security wpa akm psk enable 2
config wlan security wpa akm 802.1x disable 2
config wlan security wpa enable 2
config wlan security wpa wpa2 disable 3
config wlan security wpa akm 802.1x disable 3
config wlan security wpa disable 3
config wlan security wpa wpa2 disable 4
config wlan security wpa akm psk set-key hex encrypt 1 xxx
config wlan security wpa akm psk enable 4
config wlan security wpa akm 802.1x disable 4
config wlan security wpa wpa1 ciphers tkip enable 4
config wlan security wpa wpa1 enable 4
config wlan security wpa enable 4
config wlan security wpa wpa2 ciphers tkip enable 5
config wlan security wpa akm psk set-key hex encrypt 1 xxx
config wlan security wpa akm psk enable 5
config wlan security wpa akm 802.1x disable 5
config wlan security wpa enable 5
config wlan security wpa akm psk set-key hex encrypt 1 xxx
config wlan security wpa akm psk enable 6
config wlan security wpa akm 802.1x disable 6
config wlan security wpa enable 6
config wlan security wpa enable 7
config wlan exclusionlist 1 1
config wlan channel-scan defer-priority 6 enable 1
config wlan channel-scan defer-priority 5 enable 1
config wlan exclusionlist 2 2
config wlan exclusionlist 3 3
config wlan radius_server acct disable 3
config wlan radius_server auth disable 3
config wlan exclusionlist 4 4
config wlan radius_server acct disable 4
config wlan radius_server auth disable 4
config wlan exclusionlist 5 5
config wlan exclusionlist 6 6
config wlan exclusionlist 7 7
config wlan radius_server acct disable 7
config wlan radius_server auth add 7 1
config wlan broadcast-ssid enable 1
config wlan broadcast-ssid enable 2
config wlan broadcast-ssid enable 3
config wlan broadcast-ssid enable 4
config wlan broadcast-ssid enable 5
config wlan broadcast-ssid enable 6
config wlan broadcast-ssid enable 7
config wlan interface 1 management
config wlan session-timeout 1 1800
config wlan interface 2 guestwlan
config wlan session-timeout 2 1800
config wlan interface 3 "vlan27 wlan test 7"
config wlan session-timeout 3 1800
config wlan interface 4 "vlan22 wlan test 1"
config wlan session-timeout 4 1800
config wlan interface 5 "vlan23 wlan test 2"
config wlan session-timeout 5 1800
config wlan interface 6 "vlan24 wlan test 3"
config wlan session-timeout 6 1800
config wlan interface 7 "vlan25 wlan test 4"
config wlan session-timeout 7 1800
config wlan create 1 linknet linknet
config wlan create 2 guestwlan guestwlan
config wlan create 3 open Open
config wlan create 4 WPA-PSK-TKIP wptkip
config wlan create 5 WPA2-PSK-TKIP wp2tkip
config wlan create 6 WPA2-PSK-AES wp2aes
config wlan create 7 WPA2-ENT-AES ent2
config wlan apgroup add R&D_Group
config wlan apgroup add ValidationNetwork "Validation Network"
config wlan apgroup description ValidationNetwork "Validation Network"
config wlan apgroup interface-mapping add ValidationNetwork 3 "vlan27 wlan test 7"
config wlan apgroup interface-mapping add ValidationNetwork 7 "vlan25 wlan test 4"
config wlan apgroup interface-mapping add ValidationNetwork 4 "vlan22 wlan test 1"
config wlan apgroup interface-mapping add ValidationNetwork 5 "vlan23 wlan test 2"
config wlan apgroup interface-mapping add ValidationNetwork 6 "vlan24 wlan test 3"
config wlan apgroup add TestNetwork "Test Network"
config wlan apgroup description TestNetwork "Test Network"
config wlan apgroup interface-mapping add TestNetwork 4 "vlan22 wlan test 1"
config wlan apgroup interface-mapping add TestNetwork 5 "vlan23 wlan test 2"
config wlan apgroup interface-mapping add TestNetwork 6 "vlan24 wlan test 3"
config wlan apgroup interface-mapping add TestNetwork 7 "vlan25 wifi test 4"
config wlan qos 1 gold
config wlan enable 2
config wlan qos 3 bronze
config wlan radio 3 802.11bg
config wlan enable 3
config wlan radio 4 802.11bg
config wlan enable 4
config wlan radio 5 802.11bg
config wlan enable 5
config wlan radio 6 802.11bg
config wlan enable 6
config wlan enable 7
config dhcp proxy disable bootp-broadcast disable
config 802.11a 11nsupport a-msdu tx priority
config 802.11a rate disabled 6
config 802.11a rate disabled 9
config 802.11a rate supported 24
config 802.11a cleanair alarm device enable cont-tx
config 802.11a cleanair alarm device enable jammer
config 802.11a cleanair alarm device enable wimax-fixed
config 802.11a cleanair alarm device enable dect-like
config 802.11a cleanair alarm device enable tdd-tx
config 802.11a cleanair alarm device enable video
config 802.11a cleanair alarm device enable wimax-mobile
config 802.11a cleanair alarm device enable 802.11-inv
config 802.11a cleanair alarm device enable 802.11-nonstd
config 802.11a cleanair alarm device enable superag
config 802.11a cleanair alarm device enable canopy
config 802.11a cleanair enable
config 802.11a beamforming global enable
config 802.11a cac voice sip bandwidth 64 sample-interval 20
config 802.11a cac voice sip codec g711 sample-interval 20
config 802.11b 11nsupport a-msdu tx priority
config 802.11b rate supported 1
config 802.11b rate supported 2
config 802.11b rate disabled 6
config 802.11b rate disabled 9
config 802.11b cleanair alarm device enable jammer
config 802.11b cleanair alarm device enable wimax-fixed
config 802.11b cleanair alarm device enable dect-like
config 802.11b cleanair alarm device enable video
config 802.11b cleanair alarm device enable wimax-mobile
config 802.11b cleanair alarm device enable superag
config 802.11b cleanair alarm device enable 802.11-inv
config 802.11b cleanair alarm device enable bt-link
config 802.11b cleanair alarm device enable 802.15.4
config 802.11b cleanair alarm device enable 802.11-fh
config 802.11b cleanair alarm device enable cont-tx
config 802.11b cleanair alarm device enable tdd-tx
config 802.11b cleanair alarm device enable msft-xbox
config 802.11b cleanair alarm device enable bt-discovery
config 802.11b cleanair alarm device enable 802.11-nonstd
config 802.11b cleanair alarm device enable canopy
config 802.11b cleanair alarm device enable mw-oven
config 802.11b cleanair enable
config 802.11b beamforming global enable
config 802.11b cac voice sip bandwidth 64 sample-interval 20
config 802.11b cac voice sip codec g711 sample-interval 20
config 802.11b 11gsupport enable
01-23-2012 01:12 PM
The WLC is a 5500 with 2 NIC : one on 192.168.0/24, one on a specific vlan 10.20/16
Are the ports of the 5508 configured as LAG and as a Trunk?
What about the switch-side? Are they configured as trunk?
The switch ports configured for the AP, is it a trunk or access port? DO you have the correct VLANs created?
01-23-2012 03:18 PM
Hi,
The NIC are not configured as LAG, as far as I know/understand.
Management interface is a static, untagged interface, with dynamic ap management, on 192.168/24 net, port 1
Server/WlanAP vlan is a static, untagged interface with dynamic ap management, on 10.20/16, port 2
Client vlans are tagged, dynamic interfaces on port 2.
All VLANs are created, they were working before. The VLAN are reachable from the WLC, so they should be correctly configured on the switch and the WLC.
01-23-2012 03:22 PM
You have two different IP address. Please TAG your ports. Make sure the switch-side is also a Trunk port.
01-23-2012 03:25 PM
It was not possible to tag the port of the management interface as far as i know, this is why it is left untagged
01-23-2012 03:48 PM
Sorrry. Meant the switch port needs to be in a dot1q trunk.
You said that you have two links up? If you try one link does it work?
01-28-2012 05:34 AM
Hi,
Thanks for your ideas, finally in investigating around the switch we found out that the port on which was running the AP was disfunctional. The ethernet negociation could not be done... At first I did not think of this kind of problem.
Christophe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide