cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
919
Views
20
Helpful
4
Replies

Cisco Catalyst WLC C9800 inter SVI connectivity

Amar_Tufo
Level 1
Level 1

<span;>I would like to request for some help with finalizing my cisco catalyst wlc 9800 configuration. The case is that we have configured two different vlans and different SVI for those vlans, with different subnets of course.

 

<span;>One is used for WiFi clients and DHCP running, an the other one is just part of a different vlan where the pfsense is located wich is being used to access noncorporate internet.

 

<span;>The client gets the correct IP address via dhcp, the wlc is capable of reaching and pinging the pfsene also 8.8.8.8 but the client has no internet connectivity, can't ping 8.8.8.8 but can ping his gateway SVI.

 

<span;>Tried with configurin static routing on the wcl wich was meaningless in the beginning, because all those networks are directly connected to the wlc.

 

<span;>Both vlans are available through trunk on the wlc port and also the upstream switch wich leads to our pfsense wich should act as a gateway.

 

<span;>Pfsense is correctly configured and being already used as our way out to the internet.

 

<span;>Would be grateful for some hints. Thanks

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

Does both SSID have the same issue?

what IP address range are you using for client SSID and Guest SSID

where is Layer 3 interface on switch or pfsense ?

you need to route back to from PFSence to your Layer 3 gateway where located and also required NAT in PFsense for that IP address?

for use to understand your network, can you make a small diagram showing us the connection?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Does both SSID have the same issue?

what IP address range are you using for client SSID and Guest SSID

where is Layer 3 interface on switch or pfsense ?

you need to route back to from PFSence to your Layer 3 gateway where located and also required NAT in PFsense for that IP address?

for use to understand your network, can you make a small diagram showing us the connection?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks, we figured it out on our own and what your wrote was basically what we did. We just set our client IP range behind the L3 interface on PF sense and adjusted the firewall rules on pfsense and the request from the client came through. Pfsense new where to route traffic back. 

Thank you all for your suggestions.

marce1000
VIP
VIP

 

                  >I would like to request for some help with finalizing my cisco catalyst wlc 9800 configuration.
       Note that you can always have the 9800 configuration analyzed and reviewed with the CLI command show  tech   wireless , have the output analyzed by  https://cway.cisco.com/tools/WirelessAnalyzer/  , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer.  All advisories red-flagges should be corrected!

 M.     



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

JPavonM
VIP
VIP

It seems to me you are using C9800 as L3 switch to route traffic between clients from managemente interface to the second SVI where PFSense sits, and I don't think this is a supported scenario.

As @balaji.bandi said, you need to route all traffic from WLC to a L3 switch or PFSense, and not use WLC as L3 switch to route all internal traffic, it can, but I think is not something WLC can manage.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: