1) the netmask should not be 255.255.255.0, it's a /22 network

2) I lose contact with the WLC completely, except via console. I did manually change so that mytestssid-wlan now uses the "lan" (dynamic) interface. Still no management gui access though ..

(Cisco Controller) >show interface summary 

 Number of Interfaces.......................... 3

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

management                       1    31       10.99.0.60      Static  Yes    No   

lan                       2    33       10.99.12.4      Dynamic No     No   

virtual                          N/A  N/A      1.1.1.1         Static  No     No   

(Cisco Controller) >show wlan summary 

Number of WLANs.................................. 2

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  -------------------- 

2        yo dude / yo dude                      Enabled  management    

(Cisco Controller) >config wlan interface 2 mobengalan

(Cisco Controller) >show wlan summary 

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  -------------------- 

2        mytestssid / mytestssid                Enabled  lan      

You are using the port for 2 for lan wlan.

Change the port to 1 and make sure that all vlan are allowed on the sitchport where wlc is connected. 

Check the ink for dynamic interface configuration.

http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/

Regards

Yes, I know. I first tried port 1 (same as management) but to no avail, thereafter I tried a dedicated port. What baffles me is that I lose management access. A restart (which disables the dynamic interface) fixes that - any suggestions?

So take a look at this. I have the dynamic interface used in wlan 2 (mytestssid as shown above). Now the management address, 10.99.0.60 cant be reached:

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

After removing wlan 2 and the dynamic interface, mgmt access starts to work again:

config wlan disable 2

config wlan delete wlan 2

config interface delete lan

Nmap scan report for 10.99.0.60

Host is up (0.0037s latency).

PORT    STATE SERVICE

22/tcp  open  ssh

443/tcp open  https

So... here's me adding the dynamic interface in cli AGAIN:

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name

-------  -------------------------------------  --------  --------------------

1        someotherssid / someotherssid              Enabled   management  

(Cisco Controller) config> interface create lan 33

(Cisco Controller) config> interface address dynamic-interface lan 10.99.12.4 255.255.252.0 10.99.12.1

(Cisco Controller) >config wlan disable 1

(Cisco Controller) >config wlan interface 1 lan

(Cisco Controller) >config wlan enable 1

Voila, management access lost again:

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

This time, there's no physical port assigned to the dynamic interface 'lan':

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

lan                              -    33       10.99.12.4      Dynamic No     No   

management                       1    31       10.99.0.60      Static  Yes    No   

virtual                          N/A  N/A      1.1.1.1         Static  No     No   

Adding that:

(Cisco Controller) config interface port lan 1

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

lan                              1    33       10.99.12.4      Dynamic No     No   

Still no management access..:

Nmap scan report for 10.99.0.60

Host is up.

PORT    STATE    SERVICE

22/tcp  filtered ssh

443/tcp filtered https

For reference, the detailed interface config (which clearly shows that 'management' should be ap mgmt.. and dynamic interface 'lan' shouldn't (and thus shouldn't affect it - RIGHT?)):

Interface Name................................... lan

MAC Address...................................... c0:8c:60:c7:99:04

IP Address....................................... 10.99.12.4

IP Netmask....................................... 255.255.252.0

IP Gateway....................................... 10.99.12.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 33        

Quarantine-vlan.................................. 0

NAS-Identifier................................... mob-wlc

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. Unconfigured

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... No

Guest Interface.................................. No

Interface Name................................... management

MAC Address...................................... c0:8c:60:c7:99:00

IP Address....................................... 10.99.0.60

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 10.99.0.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 31        

Quarantine-vlan.................................. 0

Active Physical Port............................. 1         

Primary Physical Port............................ 1         

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. 10.99.0.1

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Enabled

By the way, the switchport of my (C3560G) doesnt specifically allow some VLANs - meaning they allow all vlans:

interface GigabitEthernet0/28

 description cisco_wlc

 switchport trunk encapsulation dot1q

 switchport mode trunk

And the vlans in question are present:

31   enet  100031     1500  -      -      -        -    -        0      0   

32   enet  100032     1500  -      -      -        -    -        0      0   

33   enet  100033     1500  -      -      -        -    -        0      0   

34   enet  100034     1500  -      -      -        -    -        0      0   

HI ,

Use swicth port config as:

interface GigabitEthernet0/28

 description cisco_wlc

 switchport trunk encapsulation dot1q

 switchport mode trunk

 switchport trunk allowed vlan 31,33

Try to keep both interafce on same port 1.

Regards

Dont forget to rate ehlpful posts

No difference (because not using 'allowed vlan' implies all vlans are allowed).

Dont know, why its happening.

Must check via teamviewer(Only if you want then send me a private message).

Regards

Dont forget to rate helpful posts

I wouldn't expect that. I have a ccie consultant coming next week to take a look at it, but if you don't mind sure. I can't find out how I can message you, though?

Clcik your name on the right side of the main community page. There you cans ee the Message tab.

I just send u PM chekc it.

Regards

Hi,

Exclude management vlan from Port 2, if it is trunk or try and use the the second port just as access (then vlan ID on WLC interface would be 0) and exclude the port 2 access vlan from trunk on port 1.

Best,

Sumit

Did you manage to get it working? I have similar issues. thanks!

I also have the same issue....

This is not normal. Maybe check the code your running and upgrade and search the bug toolkit. 

-Scott 

*** Please rate helpful posts ***