09-12-2013 07:28 AM - edited 07-04-2021 12:49 AM
Hi All,
I have WLC and AP with mode Flexconnect with followin VLAN mappings:
At layer 3 switch I have two VLANs:
Vlan427 (used for wirlles scanner ) Vlan499 (native vlan)
At layer 2 switch wich is connected to L3 the port where AP is connected has following config:
interface GigabitEthernet2/0/46
description **** FMO WLAN ****
switchport trunk native vlan 499
switchport trunk allowed vlan 427,499
I am wondering if a config Vlan mappings is corret and if there should not be VLAN 427 which is used for scanners... main problems is that scanners connect but did not get IP address
Thank you for help
09-12-2013 01:03 PM
Where is the DHCP pool defined for Vlan 427 ? Does AP get an IP from vlan 499, When you mapping vlans, you need to specify vlan 499 as native vlan.
Also you need to map vlan 427 for the wlan 12 (scannernet) in here. Provide the following output to see what's missing
"show wlan 12" & "show interface detail
HTH
Rasika
09-16-2013 01:12 AM
Hi Rasika,
Here are commands.. I am confused litlle bit... For DHCP we use external DHCP server (QIP). Each VLAN has deffined scope from which AP clients should get IP address..
(Cisco Controller) >show wlan 12
WLAN Identifier.................................. 12
Profile Name..................................... Scannernet-Valora
Network Name (SSID).............................. scannernet
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 2
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
--More-- or (q)uit
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
--More-- or (q)uit
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
--More-- or (q)uit
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
--More-- or (q)uit
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
--More-- or (q)uit
(Cisco Controller) >?
debug Manages system debug options.
help Help
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
show Display switch options and settings.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... cc:ef:48:0c:f1:ef
IP Address....................................... 10.32.13.8
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.32.13.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 413
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (13)
Primary Physical Port............................ LAG (13)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.51.7.253
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
.
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
------- ------------------------------------- -------- --------------------
10 Corporate-Valora-Muttenz / valora Enabled dummy-if
11 Guest-Valora-Muttenz / valora-guest Enabled dummy-if
12 Scannernet-Valora / scannernet Enabled management
42 SiteSurvey / valora-survey Disabled dummy-if
(Cisco Controller) >
09-16-2013 12:21 PM
Hi Jozef,
Thanks for the output, It helps to understand your config. As per the "show wlan 12" output you correctly configure the local switching. So you can ignore my previous commennt talking about wlan 12 need to map vlan 427 (only relevant to central switching- if this is the confusion you can ignore my previous comment on this point)
FlexConnect Local Switching................... Enabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Now I suspect, vlan mapping is not accurate & may be a reason why you are not getting the IP for these devices in local switching mode. Can you do a "show ap config general
Here is an example for similar output in one of my FlexConnect (in 7.5 code, so you may be see little different in your one). I would expect your output to be similar to indicate vlan 499 as native & 427 for wlan 12 (in my case vlan 20 is native & 130 for wlan 5).
(WLC) >show ap config general OE-AP005-RASIKA
Cisco AP Identifier.............................. 148
Cisco AP Name.................................... OE-AP005-RASIKA
Country code..................................... AU - Australia
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-NZ
AP Country code.................................. AU - Australia
AP Regulatory Domain............................. 802.11bg:-A 802.11a:-N
Switch Port Number .............................. 13
MAC Address...................................... 00:26:0b:63:ca:f4
IP Address Configuration......................... Static IP assigned
IP Address....................................... 192.168.20.201
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.20.254
Domain...........................................
Primary Cisco Switch Name........................ WLC
Primary Cisco Switch IP Address.................. x.x.x.35
.
.
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... FlexConnect
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... errors
Logging syslog facility ......................... local7
S/W Version .................................... 7.5.102.0
.
.
AP Model......................................... AIR-LAP1131AG-N-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(25e)JAN1$
Reset Button..................................... Enabled
AP Serial Number................................. FCW1349V0GP
AP Certificate Type.............................. Manufacture Installed
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 20
WLAN 5 :........................................ 130 (AP-Specific)
HTH
Rasika
09-17-2013 01:03 AM
Hi Rasika,
Thank you for helping ,, I added command you requested according the output . the mapping is not good
what do you think?
(Cisco Controller) >show ap config genera vluluksap0001
Cisco AP Identifier.............................. 426
Cisco AP Name.................................... vluluksap0001
Country code..................................... CH - Switzerland
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code.................................. CH - Switzerland
AP Regulatory Domain............................. 802.11bg:-E 802.11a:-E
Switch Port Number .............................. 13
MAC Address...................................... 10:f3:11:9c:ef:8b
IP Address Configuration......................... DHCP
IP Address....................................... 10.88.99.24
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.88.99.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ Kopfstation Luxemburg
Cisco AP Group Name.............................. KS-LUX-ALL
Primary Cisco Switch Name........................ ch-val-mut-wc0001
Primary Cisco Switch IP Address.................. 10.32.13.8
Secondary Cisco Switch Name...................... ch-val-mut-wc0000
--More-- or (q)uit
Secondary Cisco Switch IP Address................ 10.32.12.8
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... FlexConnect
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.2.110.0
Boot Version ................................... 12.4.25.1
Mini IOS Version ................................ 0.0.0.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-CAP2602I-E-K9
AP Image......................................... C2600-K9W8-M
--More-- or (q)uit
IOS Version...................................... 12.4(25e)JA1$
Reset Button..................................... Enabled
AP Serial Number................................. FGL1710S91S
AP Certificate Type.............................. Manufacture Installed
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 12 :....................................... 400
FlexConnect VLAN ACL Mappings
Vlan :........................................... 400
Ingress ACL :................................... None
Egress ACL :.................................... None
FlexConnect Group................................ Not a member of any group
Group VLAN ACL Mappings
FlexConnect Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
--More-- or (q)uit
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 53 days, 08 h 03 m 30 s
AP LWAPP Up Time................................. 4 days, 02 h 38 m 55 s
Join Date and Time............................... Fri Sep 13 07:19:09 2013
Join Taken Time.................................. 0 days, 00 h 00 m 11 s
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
AP Link Latency.................................. Disabled
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Disabled
Venue Name....................................... Not configured
Venue Group...................................... Unspecified
Venue Type....................................... Unspecified
Language Code.................................... Not configured
09-17-2013 02:11 AM
Hi Jozef,
As you figure out, vlan mapping is not correct. You can do this via either GUI or CLI. Here is the CLI commands to run on WLC to enable vlan mapping for the given AP
config ap disable vluluksap0001
config ap flexconnect vlan enable vluluksap0001
config ap flexconnect vlan native 499 vluluksap0001
config ap flexconnect vlan wlan 12 427 vluluksap0001
config ap enable vluluksap0001
As long as vlan427 interface configured with correct helper address to pointing to your DHCP your scanner device should get IP
Refer this config guide for GUI steps (it include CLI as well)
Hope this will work for you. If not let us know
Please rate the response if it is useful to you
Regards
Rasika
09-17-2013 05:52 AM
Hi Rasika,
It makes sence thank you ... Just one more question I have another location with simmilar setup which is working. Vlan for scanners is ok but I do not unerstand how native VLAN can work in this case..
DHCP server ---- >router-- > switch -- AP
AP settings:
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 12 :....................................... 400
FlexConnect VLAN ACL Mappings
Vlan :........................................... 400
Switch port where AP is connected:
interface FastEthernet0/46
description **** FMO TEST-AP ****
switchport trunk native vlan 444
switchport trunk allowed vlan 400,444
switchport mode trunk
switchport nonegotiate
switch: ch-vla-ksmutt-as-01#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/46 on 802.1q trunking 444
Router:
Vlan400 10.54.38.2 YES manual up up
Vlan444 10.54.39.2 YES manual up up
How it is possible that i do not see any errors even on AP config Flex connect Native VLAN ID is 1
Thanks for explenation
09-17-2013 12:22 PM
In this case, what is the IP obtained by AP (show cdp nei detail fa0/46 should tells you). In this case you have mapped vlan 400 to WLAN 12 & does client get an IP from vlan 400 ?
In the first scenario you want client to get an IP from vlan 427 & vlan mapping is not reflecting that. It was mapped to vlan 400.
Does this clear ?
Rasika
09-18-2013 02:38 AM
Hi Rasika,
It is clear about vlan 427 and this needs to be mapped to WLAN 12... This should be fixed..
if I do show cdp nei detal i see that AP have ip address from native vlan 499
Only think which is now confusing me is that AP has Native VLAN ID 1 but switch has native vlan 499 and AP gets IP address from vlan 499... Does nativ VLAN setting on AP do something?
09-18-2013 03:01 AM
In this situation can you ping the AP from your network ? theoratically this will result switch to sent vlan 499 traffic un-tagged (ie traffic goes to AP) & AP will send the return-traffic tagged (since native vlan is 1, vlan 499 traffic shoud be tagged).
"show derived-config" on your AP console should give you the configuration pushed by WLC. You can find out the differences it make in that way as well. In my AP I would see something like this (20 native vlan, 130 tagged vlan)
interface FastEthernet0.1
encapsulation dot1Q 20 native
bridge-group 1
!
interface FastEthernet0.2
encapsulation dot1Q 130
bridge-group 2
If you do a wireshark capture of AP connected switch port (using 802.1q capable NIC/OS PC) you can see exactly what's happening.
Pls rate the response if it is useful
HTH
Rasika
09-15-2013 01:05 AM
What is the switch port configuration? Bear in mind that when you're using the AP as flexconnect the port needs to be configured as a trunk port, after that the WLC will see the avaliable VLANS.
Sent from Cisco Technical Support Android App
09-17-2013 03:07 AM
Connect a client with a static IP in the vlan 427, and see if that can pass traffic,
10-08-2013 05:53 PM
To enable flex connect configuration kindly find on the page 435.
http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75.pdf
11-20-2014 04:32 AM
Hi,
please check flex connect configuration on below link
http://www.cisco.com/c/en/us/td/docs/wireless/ncs/1-1/configuration/guide/NCS11cg/hreap.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide