12-26-2022 11:08 AM
<span;>I would like to request for some help with finalizing my cisco catalyst wlc 9800 configuration. The case is that we have configured two different vlans and different SVI for those vlans, with different subnets of course.
<span;>One is used for WiFi clients and DHCP running, an the other one is just part of a different vlan where the pfsense is located wich is being used to access noncorporate internet.
<span;>The client gets the correct IP address via dhcp, the wlc is capable of reaching and pinging the pfsene also 8.8.8.8 but the client has no internet connectivity, can't ping 8.8.8.8 but can ping his gateway SVI.
<span;>Tried with configurin static routing on the wcl wich was meaningless in the beginning, because all those networks are directly connected to the wlc.
<span;>Both vlans are available through trunk on the wlc port and also the upstream switch wich leads to our pfsense wich should act as a gateway.
<span;>Pfsense is correctly configured and being already used as our way out to the internet.
<span;>Would be grateful for some hints. Thanks
Solved! Go to Solution.
12-26-2022 01:07 PM
Does both SSID have the same issue?
what IP address range are you using for client SSID and Guest SSID
where is Layer 3 interface on switch or pfsense ?
you need to route back to from PFSence to your Layer 3 gateway where located and also required NAT in PFsense for that IP address?
for use to understand your network, can you make a small diagram showing us the connection?
12-26-2022 01:07 PM
Does both SSID have the same issue?
what IP address range are you using for client SSID and Guest SSID
where is Layer 3 interface on switch or pfsense ?
you need to route back to from PFSence to your Layer 3 gateway where located and also required NAT in PFsense for that IP address?
for use to understand your network, can you make a small diagram showing us the connection?
12-27-2022 04:59 AM
Thanks, we figured it out on our own and what your wrote was basically what we did. We just set our client IP range behind the L3 interface on PF sense and adjusted the firewall rules on pfsense and the request from the client came through. Pfsense new where to route traffic back.
Thank you all for your suggestions.
12-26-2022 11:39 PM
>I would like to request for some help with finalizing my cisco catalyst wlc 9800 configuration.
Note that you can always have the 9800 configuration analyzed and reviewed with the CLI command show tech wireless , have the output analyzed by https://cway.cisco.com/
M.
12-27-2022 12:39 AM
It seems to me you are using C9800 as L3 switch to route traffic between clients from managemente interface to the second SVI where PFSense sits, and I don't think this is a supported scenario.
As @balaji.bandi said, you need to route all traffic from WLC to a L3 switch or PFSense, and not use WLC as L3 switch to route all internal traffic, it can, but I think is not something WLC can manage.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide