I am configuring an 1852i WAP with the controller image. I'm following the steps located on: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/89/user_guide/b_ME_User_Guide_89/getg_started.html
I have my management network (VLAN 10) defined on my switch and my switchport is configured:
description Connected to Master AP
switchport trunk allowed vlan 10,12,123
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast edge
I'm able to boot the AP and access the CiscoAirProvision SSID and get the initial configuration, and define the management IP Address, subnet, gateway (switch IP of management VLAN), Wireless settings, and the RF parameter. However, in the guide, there are many settings for the Wifi, like VLAN's, that I don't see or have a way of defining in this setup.
Once I apply the settings, the AP reboots and will not communicate in any way shape or form over the management VLAN. The wireless SSID is never broadcasted, so I cannot connect wirelessly to the AP either. I can see the device from the switch using CDP neighbors detail, which shows the AP is present on port 1, has a link local IPv6 address, no IPv4 address.
I can ping the management IP of the switch from the switch, I can ping the AP's management IP from the console CLI of the WAP, but the switch and AP will not communicate in any fashion.
What am I doing wrong here?
switchport trunk allowed vlan remove 10
- No change in behavior, VLAN 10 was listed per Cisco's configuration guidelines.
The switch port to which Access Point is connected can be a trunk port or an access port. If multiple VLANs are being utilized for client traffic, the switch port should be configured as a trunk interface. Also, note that management traffic is untagged and if a VLAN is being used for management, it should be configured as a native VLAN on the switch port.
Example of the switch port configuration. In this example, vlan 40 is being used for Management.
description » Connected to Master AP «
switchport trunk native vlan 40
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
Do you have a client wired to the VLAN 10?
Can you ping/reach the IP address of the AP Management Interface over it?
I can ping the switch, I cannot ping the AP. There is no layer 3 communication to the AP after going through the configuration wizard and the configured SSID is not broadcasting.
What software release is installed on the AP?
Cisco AireOS Version 22.214.171.124
You did wait for around 10 minutes after saving the configuration? The ap has quite a while to boot.
Yes, I watch the boot sequence over console access and wait until it is at prompt to login before I move on. During boot I kept noticing that the AP was looking for a DHCP IP address even though I configured a management IP. On a whim, I reconfigured the port to an access port to my main client subnet and rebooted the AP. It grabbed an IP from the DHCP server, booted quicker, and actually advertised the SSID. I connected to the test SSID and suddenly I have access to the main client subnet and access to the management IP... via the test SSID.
If I connect my laptop wired only to the switch using a switchport in the management VLAN, I still cannot talk to the management IP on the controller since the AP is talking on an access port vs a trunk.
I do have multiple VLAN's so now I'm messing around with the config to see what it takes to have the AP check in correctly with the port in trunk mode.
Which exact model of ap do you have? Including the -B or whatever it is?
After lots of messing around and multiple resets of the AP, I finally found the issue. The "old" switch that I linked into to for DNS resolution, DHCP, etc, had the client subnet VLAN configured under VLAN 1. So every time I configured the client subnet VLAN (same subnet) on the new switch and started tagging the traffic, I lost DHCP and DNS, which tanked the AP on boot up. The controller side is set to a static IP, but the AP is dynamic. So as long as the traffic wasn't tagged, the AP was fine.
I got around it by configuring a new subnet on the ASA on a different interface to isolate the configuration until I was ready to swap out the old hardware with the new hardware.