11-11-2019 03:11 AM - edited 07-05-2021 11:17 AM
Hi,
I recently got a CISCO AP1852i (running Mobility Express 8.5.151.0) and I'm struggling to set up a working wlan (meaning with internet connection).
I believe most of my issues come from the fact it's not a standalone AP but rather a hybrid device including a controller.
The AP is connected to a 2960L switch on a trunk port (all VLAN allowed) and the uplink is also a trunk port.
I thought the way it worked was WLAN > AP > CTRL. Now I'm not so sure.
My lan is 172.16.100.0/24 with the gateway standing on 172.16.100.1 (PFSENSE router).
I created an interface for the VLAN 101 (172.16.101.1) with a rule WIFI net > any on pfsense so the wlan will be able to go through.
Now my current configuration is :
2 DHCP POOL :
day0-mgmt
MANAGEMENT NETWORK : YES
NETWORK : 172.16.100.0/24
START : 172.16.100.253
END : 172.16.100.254
GATEWAY : NETWORK : 172.16.100.1
WIFI_PR
VLAN ID 101
NETWORK : 172.16.101.0/27
START : 172.16.101.2
END : 172.16.101.30
GATEWAY : NETWORK : 172.16.101.1
CTRL IP (static) 172.16.100.16/24
CTRL Gateway 172.16.100.1 (LAN interface on PFSense)
AP IP (Management Network DHCP) : 176.16.100.253
AP GW : (auto from DHCP) 172.16.100.1
WLAN CLIENT IP MGT : Network
WLAN DHCP : WIFI_PR
WLAN VLAN ID : 101
NATIVE VLAN : 100
I played with different configurations and even reset the AP multiple times to restart from scratch both from CLI or the webGUI without luck.
Anyway, this is my last configuration.
In the past, I messed with switches and routers from Cisco but that particular device is puzzling me.
So right now, obviously I can hook up on the WLAN but no internet access (not DNS related). I cannot ping the GW whatever I pick (Network or ME Controller).
I just don't get how is articulated the whole thing : WLAN, AP and Controller. It's confusing.
Any suggestion welcome.
EBO
11-11-2019 04:32 AM
11-11-2019 07:28 AM
Just tried with a laptop.
IP 172.16.101.5/27 GW 172.16.101.1 (the VLAN interface on the switch)
Cannot ping the GW.
The port is a trunk (all vlan allowed). I also tested configuring the port as an access for vlan 101, same result.
11-11-2019 10:02 AM
Ok, fixed a duplicate address problem. VLAN interface on pfsense router and switch was the same so now vlan 101 int on router is 101.1 and on switch 101.2.
Can ping vlan 101 int on switch now. Still cannot go out.
11-11-2019 08:12 PM
11-11-2019 07:56 PM
11-12-2019 02:21 PM
I double checked the NAT on the PFSense router and it's ok as far as I can tell. However I changed a few things like moving from 101 to 110 for the wifi vlan to avoid mistyping.
My new config :
POOL 1: day0-mgmt
MANAGEMENT NETWORK: YES
NETWORK: 10.10.10.0/24
START: 10.10.10.1
END: 10.10.10.254
GATEWAY: NETWORK: 10.10.10.1
POOL 2: WIFI_PR
VLAN ID 110
NETWORK: 172.16.110.0/27
START: 172.16.110.3
END: 172.16.110.30
GATEWAY: NETWORK: 172.16.110.2
CTRL IP (static) 172.16.100.16/24
CTRL Gateway 172.16.100.1 (LAN interface on PFSense)
AP IP (Management Network DHCP): 10.10.10.144
AP GW: (auto from DHCP) 10.10.10.1
WLAN CLIENT IP MGT: Network
WLAN DHCP: WIFI_PR
WLAN VLAN ID: 110
NATIVE VLAN: 100
The phone detects the ssid as one with "no internet access".
What could be the conf on a 'regular' Cisco router (as opposed to PfSense router) to allow internet access for wlan ?
11-15-2019 10:57 AM
Well I guess the title was wrong since I do not think it's a wlan or vlan or dhcp or even gateway issue. I have disabled the wlan.
It's even more simpler than that : the controller does not access the internet.
The controller is on my lan (172.16.100.0/24).
Static 172.16.100.16/24 GW my PFSense router 172.16.100.1
I can ping everything on my lan and that's about it (including the gateway).
Tried another IP just in case 100.17 : same result
Tried with DHCP from PFSense router (with MAC reservation), it gets an IP all right and... same result.
My whole LAN can go out but that device.
I was on 8.5.151.0. I updated to 8.9.111.0. No improvement.
Of course, the ntp servers cannot synch.
I do not see something wrong on the PFSense router : NAT is ok for the whole LAN and right now there is no filtering, the LAN network is allowed to pass (any/any).
On the WS-C2960L-16PS-LL, the g0/15 port hosting the AP is a trunk (all vlan allowed) and the uplink g0/16 is also a trunk (all vlan).
On the switch I got my main PC, a NAS, a printer, a lab router (a Cisco 1941, not always ON, it can access the internet with no trouble at all).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: