Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
27769
Views
20
Helpful
21
Replies

Multiple SSIDs and VLANs on 1832i with Mobility Express

ciscorbs4
Level 1
Level 1

‎10-26-2017 07:50 AM - edited ‎07-05-2021 07:46 AM

Hello all,

I've had a second deployment failure with Cisco AIR-AP-1832i WLC/APs running Mobility Express. The issue is that I can't seem to get off VLAN1, or I suppose it would be more accurate to say the native VLAN.

Scenario is that I have two WLANs as follows:

WLAN1: SSID: Corporate     VLAN: 1

WLAN2: SSID: Corporate-Guest     VLAN: 100

I can connect to either WLAN/SSID successfully with a client. But only the Corporate WLAN gets me to the proper DHCP server and gives me the ability to pass traffic successfully. Connecting to Guest fails to locate a DHCP server, so I get an APIPA address and nothing works. Configuring a static IP on the proper subnet does not allow traffic to pass.

In this deployment, I am using a Cisco Catalyst 2960 switch with the WLC/AP port being a trunk with dot1q. Here's the best part: I replaced a Cisco WAP321 (yeah, small business) AP with the same WLAN/VLAN/SSID configuration that was connected to the very same switch port. The WAP321 handled the two SSIDs and VLANs perfectly. No issues whatsoever connecting, getting IP addresses on either network or passing traffic. I made no changes to the switch configuration.

The previous failed deployment I had was a bit different in symptoms: The VLAN configuration was the same, a corporate network and guest network, corporate was on VLAN1 and Guest was VLAN 10. This time, I could connect to either SSID, but I would always get an IP address from the DHCP server on VLAN 1. It's like the VLAN 10 tag was completely ignored. I had a TAC case on that one that became a nightmare when Cisco could find nothing wrong with my configuration of the WLC/AP, switch, or ASA (DHCP server for VLAN 10). They could offer no explanation, even though I provided a pcap from the WLC's switchport (mirrored to my laptop running Wireshark) to TAC. I opted to RMA the 1832s in that case after TAC failed to resolve the situation. I haven't deployed the new APs (different vendor) yet.

Anyway, my question to anyone familiar with these 1832i series units is, what am I missing, or is there a known problem with these things? I don't have these issues with real Cisco WLCs (2504 for example) or even the small business line, although Cisco's new crop is terrible and I won't buy them.

By the way, these last 1832i's shipped with 8.4.100.

Thanks

7 people had this problem
Labels:
0 Helpful
21 Replies 21

mcotherman
Level 1
Level 1
In response to ciscorbs4

‎06-16-2019 06:33 AM

I had this same issue, and searched high and low...  debug on the 2811 router doing my static DHCP reservations for the additional WLANs  showed nothing, I was converting from NM-WLC to ME, so thought some of that config such as the 'interface wlan-controller0/0.x'was it, carefully developed a cut and paste to change over and back out the changes, and it made no difference... I used the 'connection' and 'event log' at the bottom of the ME client window to see that the DHCP requests seemed to be going out...  I upgraded from the recommended 8.5 to 8.8, and no change...  I sat there for another hour just thinking about how to test, thinking it had to be in the switch, but things like helper addresses were not required, and then BAM...  I realized the VLAN was not defined in the switch that was powering the 1832...    One simple command in the switch and it started working...   even after 20 years, the simple stuff still gets you once in a while..

 

It may not be your issue, but the symptoms are the exact same...  

 

CCIE# 6771

kpham2gogdl
Level 1
Level 1
In response to mcotherman

‎09-19-2019 05:34 PM

I tried all the suggestions in this thread and none worked for me until I looked into the flexconnect configuration.

I checked the flexconnect configuration by running this command "show ap config general AP1234.5678...." and it was disabled.

(Cisco Controller) >show ap config general AP1234.5678....
...
FlexConnect Vlan mode :.......................... Disabled
...

To enable Flexconnect on the AP I ran the following commands:

config ap disable AP1234.5678....

config ap flexconnect vlan enable AP1234.5678....

config ap enable AP1234.5678....

After enabling Flexconnect on the AP successfully and configure the Vlan on the WLAN, I get the following:

(Cisco Controller) >show ap config general AP1234.5678....
...
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 1 :........................................ 55 (Wlan-Specific)
WLAN 2 :........................................ 54 (Group-Specific)
...

Success at last. I hope this helps someone because it was very frustrating for me especially when the Cisco Mobility Express GUI has very limited configuration options.

0 Helpful

nalanguilan
Level 1
Level 1
In response to kpham2gogdl

‎12-04-2019 10:13 PM

When I checked my ap config i got this: FlexConnect Vlan mode :.......................... Enabled Native ID :..................................... 1 WLAN 1 :........................................ 1 (Group-Specific) WLAN 2 :........................................ 3005 (Group-Specific) WLAN 3 :........................................ 3003 (Group-Specific) and it still does not route vlans properly. My config has not been modified via command line. I'm still trying to trace the logic so I'm still trying to figure out where it goes south.
0 Helpful

krzymarkowicz
Level 1
Level 1

‎02-10-2021 10:17 AM

Hello all,

 

   My remedy to this is the following:

 

   Remove any DHCP pools from box itself and rely on an external DHCP for all VLANs including native.

 

  That made all the stuff work

 

Chris

0 Helpful

pascom_cisco
Level 1
Level 1

‎08-24-2021 07:45 AM

Hello, 

is there an solution yet? I run the Version 8-10-162-0.

My Problem: 
MGMT VLAN 233

WLAN 1 VLAN 61

WLAN 2 VLAN 62

My Switchconfig: 
switchport trunk native vlan 233
switchport trunk allowed vlan 61,62
switchport mode trunk

I create WLAN 1 with VLAN 61 an get an DHCP address from VLAN 233. The DHCP-Server is external and not on the AP. 

 

Thanks for Help. 

 

0 Helpful

Yohannes Gizachew Zerihun
Level 1
Level 1

‎03-04-2024 12:22 AM

Configure switchports in trunk where APs are connected.

0 Helpful

Rich R
VIP
VIP
In response to Yohannes Gizachew Zerihun

‎03-05-2024 02:37 AM

No, probably the correct answer to the previous post (if that's what you were referring to) was missing allowed VLAN:
switchport trunk native vlan 233
switchport trunk allowed vlan 61,62 <- missing vlan 233!

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card