cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1466
Views
5
Helpful
19
Replies

changing the subnet of WLC 5500 Scope and Its Mgmt IP

Bilal Hakimi
Level 1
Level 1

Hello Everyone,
I have a challenge related to the WLC 5500 and associated APs (1600, 2600, and 2800). I need to change the WLAN subnet from 172.22.0.0/16 to 10.6.15.0/24. The old WLC management IP is 172.22.243.223, and the new one will be 10.6.15.10. The previous DHCP scope for APs ranged from 172.22.105.10 to 172.22.106.199; the new scope will be 10.6.15.100 to 10.6.15.199. The DNS server in the scope will be 172.22.22.22, and the DNS domain is XXXX.local. I'm feeling quite confused as these devices are quite old, and the task outcome is unclear to me, given that I'm attempting this for the first time. I'd appreciate your valuable insights.

Thank you in advance.
Bilal Ahmad Hakimi

Wireless LAN Controller  Wireless Network Management

19 Replies 19

balaji.bandi
Hall of Fame
Hall of Fame

Adding to New Subnet to WLAN is not a hard task, you create another VLAN and add them to VLAN group - and disable or remove Scope from DHCP - so new client will get new IP address scope.

Changing the Managment IP

- this required maintenance window, better to have console access

- make sure new Subnet and any change of VLAN need to allowed across the Switches where required.

- is this HA - then you need to break the ha and apply the new IP address.

check the below guide and syntax or changing the IP : ( WLC required to reboot)

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010011011.html.xml

make sure you have DNS / Options 43 and where all associated to old IP need to be changed.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for the reply, can you please elaborate it a bit, step by step. When I see your answer, it seems very simple, but when I open the GUI of the WLC, I don't know what to do now.
-It was HA, but not anymore, the second WLC is corrupted anyway.
-the DNS IP address will remain the same (172.22.22.22) in first step. later when it is changed I will change it here also.
thank you very much BB

balaji.bandi
Hall of Fame
Hall of Fame

Adding VLAN and IP address pool you can use :


- Logon to WLC
- Click the controller tab
- Under the controller options, click interfaces then click new on top right side of the page
- Fill in the details as below:

LAN Identifier: NEWVAN
IP Address: xx.x.x.2
Netmask: 255.255.255.0
Gateway: x.x.x.1
IPv6 Address: ::
Prefix Length: xxx

DHCP Information

Primary DHCP Server: y.y.y.y
Secondary DHCP Server :z.z.z.z
DHCP Proxy Mode: Global

- Click submit
- Once interface is created go back to controller options and click Interface Groups
- Click SSID interface group and add the newly created interface vlan XXX to the group and click apply.

Make sure Switch configure SVI with VLAN with new IP range IP address x.x.x.1

Make sure you create DHCP scope for the new VLAN IP address range.

chaging Management IP follow above mentioned document.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Bilal Hakimi
Level 1
Level 1

Now the WLC management IP is 10.6.15.10 and management VLAN is 115. With changing mgmt VLAN, now I cant access GUI of my WLC. My WLC and My PC are connected to the same switch. Ports that they are connected to, are access ports and are members of VLAN115. What am I missing here that i can not access GUI of WLC.

can you able to ping the WLC IP ?

check the config is the management can access via mgmt. ? config network mgmt-via-wireless enable

is the switch Layer 2 ? or Layer 3 ? check on the switch have layer3 can see ip arp ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

that is the problem that i can not ping WLC and WLC can not ping its Gateway(VLAN IP in the Switch), I can not access the WLC with its Management IP.
My Config is like this; 
Switch: on fa 1/0/1 my Laptop connected and on fa 1/0/2 WLC connected, with laptop there is no issue  

Sh ip int br
Interface           IP-Address   OK?       Method     Status       Pr
Vlan115         10.6.15.1        YES       NVRAM       up            up
interface range FastEthernet1/0/1-2
switchport access vlan 115
switchport mode access
end
Switch#sho ip arp vlan 115
Protocol Address   Age (min) Hardware Addr         Type      Interface
Internet 10.6.15.1                 - 001a.0c7e.bac1     ARPA     Vlan115
Internet 10.6.15.11     0        Incomplete                ARPA
Internet 10.6.15.20     0        f4a8.0da1.8d95        ARPA     Vlan115

As we see the IP of WLC is there but WLC is not responding to the ARP request of the switch
WLC:
Interface Name................................... management
MAC Address...................................... c0:8c:60:30:74:10
IP Address....................................... 10.6.15.11
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.6.15.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::c28c:60ff:fe35:7430/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. 115
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Disabled



When I make management vlan 0, I can access WLC GUI without the switch just by connecting wlc with my PC. But the time i change WLC management VLAN GUI access is not working.

STATE ........................................... INCOMPLETE
Did you save the config and reload the WLC after you made the change?

The switch port must be a trunk port because vlan 115 will be tagged.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/ports_and_interfaces.html

Each controller port connection is an 802.1Q trunk and should be configured as such on the neighbor switch. On Cisco switches, the native VLAN of an 802.1Q trunk is an untagged VLAN. If you configure an interface to use the native VLAN on a neighboring Cisco switch, make sure you configure the interface on the controller to be untagged.

RichR_0-1706880660077.gif

 

Note


A zero value for the VLAN identifier (on the Controller > Interfaces page) means that the interface is untagged.

The default (untagged) native VLAN on Cisco switches is VLAN 1. When controller interfaces are configured as tagged (meaning that the VLAN identifier is set to a nonzero value), the VLAN must be allowed on the 802.1Q trunk configuration on the neighbor switch and not be the native untagged VLAN.

We recommend that tagged VLANs be used on the controller. You should also allow only relevant VLANs on the neighbor switch’s 802.1Q trunk connections to controller ports. All other VLANs should be disallowed or pruned in the switch port trunk configuration. This practice is extremely important for optimal performance of the controller.

yes I saved restarted many times, I tried with access port having vlan 115, I tried with just trunk port, and i tried with trunk allowed vlan 115, right now i am trying with trunk allowed vlan 1-115. But non of them solved the problem yet
Its arp is still incomplete

BilalHakimi_0-1706882508077.png

 

I don't see "switchport mode trunk" on that switch port?

Let's see output of "sh int Fa1/0/20 switchport"?

BilalHakimi_0-1706891804781.png

I added it again but no effect
Here are logs of WLC

*mmMobility: Feb 02 17:48:30.057: dtlArpFind: ARP Lookup failed on IP 10.6.15.1

*mmMobility: Feb 02 17:48:30.057: dtlARPRequestSend: sending ARP request to ffff.ffff.ffff (vlanId 115, intIfNum 1, exitPort 1, tmpVlanId 0 flag 0x5

*osapiBsnTimer: Feb 02 17:48:32.257: dtlArpSendDefGwEv: Send an event to DTl ARP to Set Default GW

*dtlArpTask: Feb 02 17:48:32.257: dtlArpFind: ARP Lookup failed on IP 10.6.15.1

*dtlArpTask: Feb 02 17:48:32.258: dtlARPRequestSend: sending ARP request to ffff.ffff.ffff (vlanId 115, intIfNum 1, exitPort 1, tmpVlanId 0 flag 0x5

 

Why do you have DHCP server configured on that port?
Shouldn't stop it working but shouldn't be there so suggest to remove it.

Did you shut / no shut after correcting the switch port config?

And can we see that output of "sh int Fa1/0/20 switchport" I asked for?

Yes I did shut no shut and also restarted the switch and controller, I am trying everything

Switch#sh int fa 1/0/20 switchport
Name: Fa1/0/20
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1-115
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

That looks like it should work.  Might be time to open a TAC case.

Review Cisco Networking for a $25 gift card