Re: RLAN configuration for Mobility Express

emanuel32804 · ‎01-11-2025

I'm trying to configure the AUX port to function as a RLAN port to connect a wired client to the AP, which I understand to be pretty straightforward.

I'm using 3802i APs running the newest stable firmware available. In the GUI, I created an RLAN, tagged the right VLAN, added the RLAN to the AP group, and enabled the ports in the AP group with the correct RLAN. When I plug in, I get link lights and I can see some activity but nothing is reachable on the network, including the AP itself. Any thoughts as to where I could be going wrong?

TIA!

Flavio Miranda · ‎01-12-2025

@emanuel32804

Make sure you followed those steps

Step 2

If LAG mode in the AP is enabled, disable LAG mode by entering this command:

config ap lag-mode support disable ap-name

Step 3

Create a remote LAN (RLAN) and enable it by entering these commands:

config remote-lan create rlan-id rlan-name
config remote-lan enable rlan-id

Step 4

Create an AP group for the RLAN that you created by entering this command:

config wlan apgroup add apgroup-name description

Step 5

Add the RLAN and the AP to the AP group by entering these commands:

config wlan apgroup interface-mapping add apgroup-name rlan-id interface-name
config wlan apgroup apgroup-name ap-name

The AP is rebooted after these commands are entered.

Step 6

After the AP is rebooted, assign the RLAN to the LAN port (LAN 1) in the AP group by entering this command:

config wlan apgroup port lan 1 apgroup-name remote-lan rlan-id

Note

In Cisco Aironet 1850, 2800, and 3800 Series APs, only LAN 1 can be used.

Step 7

Enable the LAN port (LAN 1) for a group of APs in the AP group or for an individual AP by entering these commands:

For a group of APs in the AP group:
config wlan apgroup port lan 1 apgroup-name enable
For an individual AP:
1. config ap lan over-ride enable ap-name
2. config ap lan port-id 1 enable

Step 8

Connect a client to the AP through the AUX port.

emanuel32804 · ‎01-12-2025

I'm trying to follow these instructions, but when I get to step 5, I can't add it to the interface. It says interface name doesn't exist no matter what I try, like wired0, wired 0, lan1, 1, 0, etc.

Here's some printouts that may be helpful in troubleshooting:

(Cisco Controller) >show remote-lan summary

Number of Remote LANS............................ 1

RLAN ID  RLAN Profile Name                      Status    Interface Name
-------  -------------------------------------  --------  --------------------
4        Test                                   Enabled   management

(Cisco Controller) >show ap config general AP7872.5DCF.1CF6

Cisco AP Identifier.............................. 1
Cisco AP Name.................................... AP7872.5DCF.1CF6
Country code..................................... US  - United States
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-AB
AP Country code.................................. US - United States
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-B
Switch Port Number .............................. 1
MAC Address...................................... 78:72:5d:cf:1c:f6
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.100.13
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.100.3
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
DHCP Release Override............................ Disabled
Telnet State..................................... Globally Disabled
Ssh State........................................ Specifically Enabled
Serial Console State............................. Enabled
NSI Ports State.................................. Globally Enabled
Virtual IP Address............................... Not Configured
Cisco AP Type.................................... MobilityExpress Capable AP

--More-- or (q)uit
Cisco Internal AP................................ Yes
Cisco AP Location................................ default location
Cisco AP Floor Label............................. 0
Cisco AP Group Name.............................. Main
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... FlexConnect
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Rogue Detection ................................. Enabled
AP Vlan Trunking ................................ Enabled  (Inherited)
AP Native Vlan ID: .............................. 999 (Inherited)
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
KPI not configured ..............................
Logging syslog facility ......................... kern

--More-- or (q)uit
S/W  Version .................................... 8.10.196.0
Boot  Version ................................... 1.1.2.4
Mini IOS Version ................................ 0.0.0.0
Stats Reporting Period .......................... 30
Stats Collection Mode ........................... normal
Radio Core Mode ................................. Normal
Slub Debug Mode ................................. Disabled
Static Ip Failover .............................. Enabled
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Full Power
Number Of Slots.................................. 2
AP Model......................................... AIR-AP3802I-B-K9
AP Image......................................... AP3G3-K9W8-M
IOS Version...................................... 8.10.196.0
Reset Button..................................... Enabled
AP Serial Number................................. FCW2223NAEA
AP Certificate Type.............................. Manufacture Installed
AP LAG Configuration Status ..................... Disabled
LAG Support for AP .............................. Yes
AP multicast mode :.............................. Enabled
Native Vlan Inheritance: ........................ Group

--More-- or (q)uit
FlexConnect Vlan mode :.......................... Enabled
        Native ID :..................................... 999
        WLAN 1 :........................................ 10 (Group-Specific)
        WLAN 2 :........................................ 20 (Group-Specific)
        WLAN 3 :........................................ 30 (Group-Specific)
        WLAN 4 :........................................ 100 (Group-Specific)
FlexConnect VLAN ACL Mappings
FlexConnect Group................................ default-flexgroup
Group VLAN ACL Mappings


Group VLAN Name to Id Mappings

VLAN NAME                         VLAN ID
--------------------------------  -------
 Main                              10
 WPA-PSK                           20
 Event                             30
 v100                              100
AP-Specific FlexConnect Policy ACLs :
L2Acl Configuration ............................. Not Available

FlexConnect Local-Split ACLs :

--More-- or (q)uit
WLAN ID   PROFILE NAME                       ACL                                 TYPE
-------  --------------------------------   ---------------------------------   -------

 Flexconnect Central-Dhcp Values :

WLAN ID   PROFILE NAME                         Central-Dhcp      DNS Override      Nat-Pat     Type
-------  ---------------------------------    --------------    --------------    ---------   ------
  1       xxxxxxxx                                 False             False          False      Wlan
  2       xxxxxxxxxxxxxxxxxxxxxxxxx                False             False          False      Wlan
  3       xxxxx                                    False             False          False      Wlan
  4       Test                                     False             False          False      Wlan

Flex AVC visibility Configurations..............

WlanId  PROFILE NAME                     Inherit-level Visibility       Flex Avc-profile
------- -------------------------------- ------------- ---------- --------------------------------
1          xxxxxxxx                         flexgroup     disable    none       
2          xxxxxxxxxxxxxxxxxxxxxxxxx        flexgroup     disable    none       
3          xxxxx                            flexgroup     disable    none       
4          Test                             flexgroup     disable    none       

FlexConnect Backup Auth Radius Servers :
 Primary Radius Server........................... Disabled

--More-- or (q)uit
 Secondary Radius Server......................... Disabled
FlexConnect Radius/Local Auth Parameters :
 Radius Retransmit Count......................... 3 (default)
 Active Radius Timeout........................... 5 (default)

AP User Mode................................... AUTOMATIC
AP User Name..................................... admin
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
AP Dot1x EAP Method.............................. EAP-FAST
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 00 h 41 m 14 s
AP LWAPP Up Time................................. 0 days, 00 h 30 m 32 s
Join Date and Time............................... Sat May 11 01:31:09 2024
Join Taken Time.................................. 0 days, 00 h 00 m 20 s
Unencrypted Data Keep Alive ..................... Enable
AP broken antenna detection - Status ............ Not Supported
Memory Type...................................... DDR4
Memory Size...................................... 1028096 KBytes
CPU Type.........................................  ARMv7 Processor rev 1 (v7l)

Flash Type....................................... Onboard Flash
Flash Size....................................... 60416 KBytes

--More-- or (q)uit
GPS Present...................................... NO
Ethernet Vlan Tag................................ Disabled
Ethernet Port Duplex............................. Full
Ethernet Port Speed.............................. Auto
Fabric support................................... Yes
AP Link Latency.................................. Disabled
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Enabled
AP TCP MSS Size.................................. 1250
AP CAPWAP Control Port........................... 5256
AP CAPWAP Data Port.............................. 5256
AP WPA3 Capable.................................. Yes
Beacons Tx from All supported Antennas........... Enabled
Hotspot Venue Group.............................. Unspecified
Hotspot Venue Type............................... Unspecified
      DNS server IP ............................. Not Available
Time Zone Config :
 Time Zone State................................. Disabled
 Time Zone Offset Hour........................... 00
 Time Zone Offset Minute......................... 00
NTP server status :
 NTP Enable...................................... Internal AP: No NTP server configured
Encryption SPIs (Unique Identifiers)

--More-- or (q)uit
 Hyperlocation................................... None


ApVapId to Profile Name Mappings:

APVAPID  WLANID  PROFILE NAME                    SLOT-A/B
-------  ------  ------------------------------  --------
1        1       xxxxxxxx                         1/1
2        2       xxxxxxxxxxxxxxxxxxxxxxxxx        1/1
3        3       xxxxx                            1/1
4        4       Test                             0/0

External Module:

USB Module Type.................................. USB Module
USB Module Status................................ Enabled
USB Module Operational State..................... Not Detected

Service                      SubService                   CMX Server
------------             ----------------               ---------------

emanuel32804 · ‎01-12-2025

I tried to post a config but it marked it as spam. I'm at step 5, but it's telling me that the interface name is not correct. I've tried wired0, wired1, lan1, 1, 0, etc. Nothing works.

Flavio Miranda · ‎01-12-2025

@emanuel32804

Try to configure using GUI mode.

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/810/user_guide/b_ME_User_Guide_810/specify_wireless_setgs.html

Step 1	In the Expert view, navigate to Wireless Settings > WLANs. The WLAN/RLAN Configuration window is displayed.
Step 2	Click Add New WLAN/RLAN. To modify the client limit for an existing WLAN, navigate to the desired WLAN in the WLAN/RLAN table and click the edit icon. The Add New WLAN/RLAN page is displayed.
Step 3	Under the Advanced tab, choose or enter the desired value for Maximum Allowed Clients in the corresponding drop-down list.
Step 4	Click Apply to save the changes. The WLAN/RLAN Configuration window is displayed.

emanuel32804 · ‎01-12-2025

Initially, that's how I did configure it, i.e via the GUI. See pictures of my configuration.

Also, the instructions above, when I go into the RLAN I don't have the option for maximum clients.

Rich R · ‎01-13-2025

show ap stats ethernet <ap-name>
will show you the AP interface names.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

emanuel32804 · ‎01-13-2025

The interface name it gave me was LAN1, which I tried to no avail.

Rich R · ‎01-13-2025

Ah well, was worth a try - sorry!

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Rich R · ‎01-12-2025

The guide Flavio quoted is from https://www.der-rechner-stuttgart.de/knowledge-base/converting-cisco-wave-2-ap-aux-port-to-lan-port/
The Cisco instructions for RLAN generally are at:
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/88/user_guide/b_ME_User_Guide_88/specify_wireless_setgs.html#id_69649
If you've followed all the instructions it should work.

What exactly is the client and how does it get IP address?
Have you tried a packet capture on the client?
I'm not sure the AP should be reachable from the client though, although the default gateway on the subnet should be.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

emanuel32804 · ‎01-12-2025

Client for testing is a laptop, getting IP via dhcp on the switch. Works fine if I connect to an access port on VLAN 100, just not through the AP on the same VLAN.

Haven't tried a packet capture yet, but that's a good idea. Will post results when I get them.

MHM Cisco World · ‎01-12-2025

What Authc ypu use in WLC?

MHM

emanuel32804 · ‎01-12-2025

The RLAN it set to Open, I'm using PSK on the other WLANs