Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1103
Views
5
Helpful
8
Replies

Interface group in WLC 5508 didn't work

Go to solution
giangle
Level 1
Level 1

‎02-11-2022 09:35 PM

Hi all,

I have an issue with WLC 5508 as below:

Diargram:

WLC 5508 ----- Cisco 9300 ------- Cisco APs (Trunking vs natvie vlan 155 for management)

WLC and APs is using OS 8.5.135.0

 

We have 3 vlan: 155.0/24 (management) to configure IP management for WLC and APs

vlan 141.0/24 is using for ssid 'staff' with Interface 141.x. When User conect ssid 'staff', they can receive IP from DHCP server.

vlan 157.0/24 is using for ssid 'tablet' with Interface 157.x. When tablet conect ssid 'tablet', it can receive IP from DHCP server.

 

Issue is:

Because vlan 141 (with ssid 'staff') is using for over 250 devices so it is out of IP address. I extended ssid 'staff' to vlan 157 and reconfigure 'staff' with Interface Group (with 2 Interface 141 and Interface 157).

 

When User connect ssid 'staff', they only receive IP from vlan 141 and cannot receive IP from vlan 157. 

Attachment are my configuration. Please help me to fix it. Thanks

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich R
VIP
VIP

‎02-13-2022 04:49 AM

You must have configured it initially surely?

Do these help?

https://community.cisco.com/t5/security-documents/ise-radius-network-access-attributes/ta-p/3616253

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/91392-airespace-vsa-msias-config.html

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-11-2022 10:42 PM

@giangle wrote:

When User connect ssid 'staff', they only receive IP from vlan 141 and cannot receive IP from vlan 157. 

Maybe the SSID or the AP Group is still pointing to the VLAN interface.

0 Helpful

Go to solution
giangle
Level 1
Level 1
In response to Leo Laohoo

‎02-12-2022 06:24 AM

Hi @Leo Laohoo 

 

How can I verify SSID or AP group is still pointing to VLAN Interface instead of Inteface Group. Attachment is in Interface Group. It's configured to Interface Group.

 

Please help me. Thanks

 

Preview file
68 KB
0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to giangle

‎02-12-2022 03:39 PM

@giangle wrote:

How can I verify SSID or AP group is still pointing to VLAN Interface instead of Inteface Group. Attachment is in Interface Group. It's configured to Interface Group.

Look at the settings of the SSID. 

For the AP group, look at the tabs.  

0 Helpful

Go to solution
giangle
Level 1
Level 1
In response to Leo Laohoo

‎02-12-2022 06:17 PM

Hi @Leo Laohoo 

I checked for SSID and Interface, Interface group. It's OK. But if Cisco have command to check. Please guide me.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to giangle

‎02-12-2022 08:10 PM

@giangle wrote:

But if Cisco have command to check. Please guide me.

Does the controller have AP-Group specified configuration(s) or not?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to giangle

‎02-12-2022 07:34 PM

The WLAN vlan mapping is overridden by the AP Group.  So in your screen shot, if the ap is part of that ap group, then the interface group is being used.  Create a test SSID and map that to one vlan at a time and validate that it is working.  If you are using radius and AAA override, that could be the reason it's not working as you need to use an airespace attribute to define the interface group.

-Scott
*** Please rate helpful posts ***

Go to solution
giangle
Level 1
Level 1
In response to Scott Fella

‎02-12-2022 08:02 PM

Hi @Scott Fella 

For this SSID, we are using AAA overriden and RADIUS to authenticate to RADIUS server in 2016. Can you guide me to fix it ? Thanks!

 

For 'you need to use an airespace attribute to define the interface group.' --> how can I configure ?

0 Helpful

Go to solution
Rich R
VIP
VIP

‎02-13-2022 04:49 AM

You must have configured it initially surely?

Do these help?

https://community.cisco.com/t5/security-documents/ise-radius-network-access-attributes/ta-p/3616253

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/91392-airespace-vsa-msias-config.html

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card