Solved: cisco vWlc + flexconnect mode central switched don't work

Alexius85 · ‎03-11-2022

Hi all, and sorry for my bad English.

Last week I installed in my data center a new version of vWlc cisco to manage a few ap in my network.

I have installed 8.5.171.0 version of vwlc small capability.

After installation through vmware dc, I configured a trunk port port vlan 255 for mgmt and 1038 for data port , vlan in dc, in firewall and routing and finally it's all reachable.

But for working my ap and wireless network i have discovered that ap worked only in flex connect mode in virtual wlc.

I have tried many more solutions but they don't work!!

I need a local mode but in flexconnect mode and i have tried this setting:

Create a ssid wi fi network

Setting wpa2 password

setting interface of 1038 vlan group ( 1038 vlan and network for user wi fi 10.38.0.0/16)

setting ap in flex connect mode and no local switching

setting in vlan1038 ip and ip dhcp

the ssid broadcast but when I acces dont worked!

I tried a setting vlan mapping e wlan mapping but without solution.

The ap is configured in access port of remote switch with vlan 82 but into ap i reachable with routing vlan mgmt and ip vwlc , the ap is joined!!!

and i reachable dhcp ip and the new network for client wi fi 10.38.0.0/16 vlan 1038 stay in the DC.

Please let me know and thanks for your support.

ap are cisco 1851 and 3802

Regards

Arshad Safrulla · ‎03-14-2022

Can you check the vswitch config in your ESXI? Promiscuous mode must be set to accept.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

Flavio Miranda · ‎03-11-2022

Hi

Did you create the SSID in flexconnect mode as well? Which will determine if the traffic will be sending to the WLC or not is the SSID configuration not the AP mode. Of course, if the SSID is flexconnect, then the AP needs to be as well.

Try this:

Configure the SSID as flexconnect in the Advanced tab.

Configure the switch interface for the Access Point as trunk

Configure the vlan in which the Access Point will use to join the wlc as native vlan

Allow all others vlans you intend to use on your SSIDs

On the Access Point Flexconnect tab, map your flexconnect SSID to VLAN id.

This should be enough.

Alexius85 · ‎03-12-2022

Hi Flavio thank you so much for you answer.

I answer for every your point:

Configure the SSID as flexconnect in the Advanced tab. -> for this point, flex connect in my opinion it must be blank, I want flex connect mode but central switch

Configure the switch interface for the Access Point as trunk ,the vlan in which the Access Point will use to join the wlc as native vlan -> ok now I set the switch remote site for ap in the trunk port with native port vlan for discover ap by controller, is it correct? for me is influent because the vlan there is not present in remote switch and I think that capwap tunnel carries a new vlan.

Allow all others vlans you intend to use on your SSIDs-> yes, I set in Wlans the group/interface network/vlan I intend use on my ssid

On the Access Point Flexconnect tab, map your flexconnect SSID to VLAN id.-> I tried many option but may be I wrong setting.

I have attached photos, please let me know and thank you so much for your patience and support.

Regards

Alexius

Flavio Miranda · ‎03-13-2022

Hi

All the configuration I suggested only apply if you checked the Flexconnect local option on the advanced tab of the SSID. If you didn´t, then, forget about I said.

The Access Point in flexconnect mode but the SSID in Central mode, you are actually in Central mode. Forget about the Access Point, leave the interface in access mode, forget about the flexconnect tab on the AP. All traffic will be send back to the WLC.

I´d like to see two things:

Did you create an AP group or did you left in default group? If you left in default group, how is it configured?

Also, which device is doing the Layer 3 on the network side ? You mentioned Firewall somewhere so let´s say this is a firewall...Where is your DHCP server? Does the firewall know how to handle DHCP request?

Keep in mind that in Central mode, the WLC will be the Client for DHCP request. Usually we need to setup a DHCP help address if DHCP server is not on the same network.

In your scenario, the WLC interface is on .38 network and the DHCP server is on .39 network, which means, they need someone in between and helper address.

According to the screen you sent, all the rest looks good.

Alexius85 · ‎03-13-2022

Hi Flavio, thank you so much for your answer.

I answer to you questions with photo in attach:

Did you create an AP group or did you left in default group? If you left in default group, how is it configured?

- I configured a new group for flex connect and new group ap

Also, which device is doing the Layer 3 on the network side ? You mentioned Firewall somewhere so let´s say this is a firewall...Where is your DHCP server? Does the firewall know how to handle DHCP request?

- Yes, in my network is present a firewall but it's all right , we are a policy and routing for reacheble ap.

ap have network 10,31,82,0/24 and reach a network mgmt of vwlc behind DC ( router,firewall, nexus, server, VM and Vwlc) 10,31,255/24 and reach a new network for client user wi fi 10,38,0,0/16 , and ap in the end reach trough routing also dhcp server central 10,39,0,11.

AP 10,31,82,99 vlan 82 reach <-> vwlc 10,31,255,26 and discover and join AP

AP 10,31,82,99 vlan 82 reach <-> network user client 10,38,0,0/16 for ex i reach ip gw fw 10,38,0,1 and .2 setting in the interface on vwlc with ping icmp policy on fw is open

AP 10,31,82,99 vlan 82 reach <-> ip dhcp server 10,39,0,11

Keep in mind that in Central mode, the WLC will be the Client for DHCP request. Usually we need to setup a DHCP help address if DHCP server is not on the same network.

- Yes , dhcp is a stand alone server 10,39,0,11 and this network reach from every point of network.

In attach photo you need.

Thank you so much .

Regards

Alexius85 · ‎03-13-2022

other photo config .

thanks all

Flavio Miranda · ‎03-13-2022

I am not reffering to flex connect group. I meant AP group? Does in your AP group the wlan is properly mapped to the Interface vlan ?

About dhcp, forget about AP. The wlc will ask for DHCP and send it to client. AP does not participate on it as you are not using local switching.

What I asked was, when the WLC send a DHCP request on the Client interface, vlan 1038, does it get to the DHCP server? Do you see the DHCP request on the DHCP server?

Alexius85 · ‎03-13-2022

Hi Flavio thank you for answer and support.

The Flex gorup is new but is default mode. I configured name and insert the ap and other are in default. is it correct?

The are many photo for the ap group in and i don't set a vlan mapped . will I do set?

Ok forget ap , and tomorrow i will see in the debug dhcp is arrived request dhcp, maybe I remember yes

Noy in attach photo relative of wlans and wlans gorup on controller.. is it right in your opinion?

Alexius85 · ‎03-13-2022

this another photo relative to new flex group.....

Flavio, do you think the vlan mapping should be configured on the wlan group, flex group?

and then later on the ap in the flex tab connect?

Alexius85 · ‎03-14-2022

Hi all

Today i done more test and now i have this scenario:

One client pc request a dhcp request and reiceve ip 10.38.255.249 by dhcp server central but i ping only 10.38.0.2 ip of vlan 1038 of vwlc and dont ping anything !! i tried disconnect and reconnect with ipconfig /release and renew and i see on log of dhcp central a regular request of ip with option 82 request discovery offer and ack and pc reiceve same ip but don't work.

I tried enter in fw and in the list of device is present the pc and mac but dont reach with ping .

Other device, i tried access to ssid and don't access in the network...... the log of dhcp server show a request disover offer but dont release a ack and dont leave a ip.......

Acutaly i have two pc connect with ip by dhcp server central and I ping only ip of vwlc and client and client pc and others device(iphone and android) dont enter in ssid network but reiceve a request by dhcp cental

I think something in the configuration of vlwc .....

this are a photos of the situation

ammahend · ‎03-13-2022

This guide has example of both central and local switching in flex connect mode, to start with make sure you have all steps correctly configured, also go through limitations of flex connect central switching.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/flexconnect.html#flexconnect-switching-modes

-hope this helps-

Alexius85 · ‎03-13-2022

Hi ammahend thank you for your answer.

I have tried and follow the guide but when I configure ssid in flex connect mode central switch and same ap don't work.

I wrong but not so what.

Have you seen the photo?

thanks a lot

ammahend · ‎03-13-2022

Try this.

check dhcp, if dhcp server is also central.

-hope this helps-

Alexius85 · ‎03-13-2022

Hi ammahend thank you for your answer.

ok , I will try your indications, but i don't know because I check a flexconnect mode local switch when I will use like a central switch.

In addition , if checked vlan based central switch I will activate obligatory aaa override and i don't want this.

Tommorow anyway i will test-

ammahend · ‎03-13-2022

You are right ignore what I sent, I will test it out in my lab and reply back in a day. Sorry about that.

-hope this helps-