03-11-2022 01:00 PM
Solved! Go to Solution.
03-14-2022 11:15 AM
Can you check the vswitch config in your ESXI? Promiscuous mode must be set to accept.
03-11-2022 05:52 PM
Hi
Did you create the SSID in flexconnect mode as well? Which will determine if the traffic will be sending to the WLC or not is the SSID configuration not the AP mode. Of course, if the SSID is flexconnect, then the AP needs to be as well.
Try this:
Configure the SSID as flexconnect in the Advanced tab.
Configure the switch interface for the Access Point as trunk
Configure the vlan in which the Access Point will use to join the wlc as native vlan
Allow all others vlans you intend to use on your SSIDs
On the Access Point Flexconnect tab, map your flexconnect SSID to VLAN id.
This should be enough.
03-12-2022 01:33 AM - edited 03-15-2022 12:22 AM
Hi Flavio thank you so much for you answer.
I answer for every your point:
Configure the SSID as flexconnect in the Advanced tab. -> for this point, flex connect in my opinion it must be blank, I want flex connect mode but central switch
Configure the switch interface for the Access Point as trunk ,the vlan in which the Access Point will use to join the wlc as native vlan -> ok now I set the switch remote site for ap in the trunk port with native port vlan for discover ap by controller, is it correct? for me is influent because the vlan there is not present in remote switch and I think that capwap tunnel carries a new vlan.
Allow all others vlans you intend to use on your SSIDs-> yes, I set in Wlans the group/interface network/vlan I intend use on my ssid
On the Access Point Flexconnect tab, map your flexconnect SSID to VLAN id.-> I tried many option but may be I wrong setting.
03-13-2022 07:26 AM - edited 03-13-2022 07:28 AM
Hi
All the configuration I suggested only apply if you checked the Flexconnect local option on the advanced tab of the SSID. If you didn´t, then, forget about I said.
The Access Point in flexconnect mode but the SSID in Central mode, you are actually in Central mode. Forget about the Access Point, leave the interface in access mode, forget about the flexconnect tab on the AP. All traffic will be send back to the WLC.
I´d like to see two things:
Did you create an AP group or did you left in default group? If you left in default group, how is it configured?
Also, which device is doing the Layer 3 on the network side ? You mentioned Firewall somewhere so let´s say this is a firewall...Where is your DHCP server? Does the firewall know how to handle DHCP request?
Keep in mind that in Central mode, the WLC will be the Client for DHCP request. Usually we need to setup a DHCP help address if DHCP server is not on the same network.
In your scenario, the WLC interface is on .38 network and the DHCP server is on .39 network, which means, they need someone in between and helper address.
According to the screen you sent, all the rest looks good.
03-13-2022 08:39 AM - edited 03-15-2022 12:22 AM
Hi Flavio, thank you so much for your answer.
I answer to you questions with photo in attach:
Did you create an AP group or did you left in default group? If you left in default group, how is it configured?
- I configured a new group for flex connect and new group ap
Also, which device is doing the Layer 3 on the network side ? You mentioned Firewall somewhere so let´s say this is a firewall...Where is your DHCP server? Does the firewall know how to handle DHCP request?
- Yes, in my network is present a firewall but it's all right , we are a policy and routing for reacheble ap.
ap have network 10,31,82,0/24 and reach a network mgmt of vwlc behind DC ( router,firewall, nexus, server, VM and Vwlc) 10,31,255/24 and reach a new network for client user wi fi 10,38,0,0/16 , and ap in the end reach trough routing also dhcp server central 10,39,0,11.
AP 10,31,82,99 vlan 82 reach <-> vwlc 10,31,255,26 and discover and join AP
AP 10,31,82,99 vlan 82 reach <-> network user client 10,38,0,0/16 for ex i reach ip gw fw 10,38,0,1 and .2 setting in the interface on vwlc with ping icmp policy on fw is open
AP 10,31,82,99 vlan 82 reach <-> ip dhcp server 10,39,0,11
Keep in mind that in Central mode, the WLC will be the Client for DHCP request. Usually we need to setup a DHCP help address if DHCP server is not on the same network.
- Yes , dhcp is a stand alone server 10,39,0,11 and this network reach from every point of network.
In attach photo you need.
Thank you so much .
Regards
03-13-2022 08:39 AM - edited 03-15-2022 12:23 AM
other photo config .
thanks all
03-13-2022 08:49 AM
I am not reffering to flex connect group. I meant AP group? Does in your AP group the wlan is properly mapped to the Interface vlan ?
About dhcp, forget about AP. The wlc will ask for DHCP and send it to client. AP does not participate on it as you are not using local switching.
What I asked was, when the WLC send a DHCP request on the Client interface, vlan 1038, does it get to the DHCP server? Do you see the DHCP request on the DHCP server?
03-13-2022 09:45 AM - edited 03-15-2022 12:23 AM
Hi Flavio thank you for answer and support.
The Flex gorup is new but is default mode. I configured name and insert the ap and other are in default. is it correct?
The are many photo for the ap group in and i don't set a vlan mapped . will I do set?
Ok forget ap , and tomorrow i will see in the debug dhcp is arrived request dhcp, maybe I remember yes
Noy in attach photo relative of wlans and wlans gorup on controller.. is it right in your opinion?
03-13-2022 09:51 AM - edited 03-15-2022 12:24 AM
this another photo relative to new flex group.....
Flavio, do you think the vlan mapping should be configured on the wlan group, flex group?
and then later on the ap in the flex tab connect?
03-14-2022 04:34 AM - edited 03-15-2022 12:24 AM
Hi all
Today i done more test and now i have this scenario:
One client pc request a dhcp request and reiceve ip 10.38.255.249 by dhcp server central but i ping only 10.38.0.2 ip of vlan 1038 of vwlc and dont ping anything !! i tried disconnect and reconnect with ipconfig /release and renew and i see on log of dhcp central a regular request of ip with option 82 request discovery offer and ack and pc reiceve same ip but don't work.
I tried enter in fw and in the list of device is present the pc and mac but dont reach with ping .
Other device, i tried access to ssid and don't access in the network...... the log of dhcp server show a request disover offer but dont release a ack and dont leave a ip.......
Acutaly i have two pc connect with ip by dhcp server central and I ping only ip of vwlc and client and client pc and others device(iphone and android) dont enter in ssid network but reiceve a request by dhcp cental
I think something in the configuration of vlwc .....
this are a photos of the situation
03-13-2022 01:58 AM
This guide has example of both central and local switching in flex connect mode, to start with make sure you have all steps correctly configured, also go through limitations of flex connect central switching.
03-13-2022 03:09 AM
Hi ammahend thank you for your answer.
I have tried and follow the guide but when I configure ssid in flex connect mode central switch and same ap don't work.
I wrong but not so what.
Have you seen the photo?
thanks a lot
03-13-2022 04:07 AM - edited 03-13-2022 12:28 PM
Try this.
check dhcp, if dhcp server is also central.
03-13-2022 04:54 AM
Hi ammahend thank you for your answer.
ok , I will try your indications, but i don't know because I check a flexconnect mode local switch when I will use like a central switch.
In addition , if checked vlan based central switch I will activate obligatory aaa override and i don't want this.
Tommorow anyway i will test-
03-13-2022 07:26 AM
You are right ignore what I sent, I will test it out in my lab and reply back in a day. Sorry about that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide