I am only testing..So I can post my config. Here it is.

Cisco Controller) >show running-config

802.11a cac voice tspec-inactivity-timeout ignore

802.11a cac voice stream-size 84000 max-streams 2

802.11b cac voice tspec-inactivity-timeout ignore

802.11b cac voice stream-size 84000 max-streams 2

aaa auth mgmt local radius

Location Summary

Algorithm used: Average

Client

RSSI expiry timeout: 5 sec

Half life: 0 sec

Notify Threshold: 0 db

Calibrating Client

RSSI expiry timeout: 5 sec

Half life: 0 sec

Rogue AP

RSSI expiry timeout: 5 sec--More-- or (q)uit

Half life: 0 sec

Notify Threshold: 0 db

RFID Tag

RSSI expiry timeout: 5 sec

Half life: 0 sec

Notify Threshold: 0 db

location rssi-half-life tags 0

location rssi-half-life client 0

location rssi-half-life rogue-aps 0

location expiry tags 5

location expiry client 5

location expiry calibrating-client 5

location expiry rogue-aps 5

ap syslog host global 255.255.255.255

--More-- or (q)uit

auth-list add lbs-ssc 00:1b:24:df:f2:5c cbd944156e8248baf99fac0356770099d9dadf5

5

cdp advertise-v2 enable

dhcp create-scope Test

dhcp address-pool Test 10.1.220.50 10.1.220.60

dhcp default-router Test 10.1.220.237

dhcp enable Test

dhcp dns-servers Test 66.109.229.5 66.109.229.6

dhcp network Test 10.1.220.0 255.255.255.0

local-auth method fast server-key *****

interface create data 220

interface address ap-manager 10.1.120.251 255.255.255.0 10.1.120.237

interface address dynamic-interface data 10.1.220.237 255.255.255.0 10.1.220.237

interface address management 10.1.120.250 255.255.255.0 10.1.120.237

--More-- or (q)uit

interface address service-port 10.1.5.212 255.255.255.0

interface address virtual 1.1.1.1

interface dhcp ap-manager primary 10.1.5.45

interface dhcp dynamic-interface data primary 10.1.5.45

interface dhcp management primary 10.1.5.45

interface dhcp service-port disable

interface vlan data 220

interface port ap-manager 29

interface port data 29

interface port management 29

lag enable

load-balancing window 5

--More-- or (q)uit

memory monitor error disable

memory monitor leak thresholds 10000 30000

mesh security eap

mgmtuser add administrator **** read-write

mobility group domain MVE-WLAN

network telnet enable

network mgmt-via-wireless enable

network otap-mode disable

network rf-network-name MVE-WLAN

sessions timeout 160

snmp version v2c enable

--More-- or (q)uit

snmp version v3 enable

spanningtree port mode off 1

spanningtree port mode off 2

sysname MVE-WLC

time ntp interval 3600

time ntp server 1 192.168.1.253

wlan create 1 MVE MVE

wlan broadcast-ssid disable 1

wlan radio 1 802.11g

wlan session-timeout 1 1800

wlan wmm allow 1

wlan security static-wep-key encryption 1 104

--More-- or (q)uit

wlan security wpa akm 802.1x disable 1

wlan security wpa akm psk enable 1

wlan security wpa wpa1 enable 1

wlan security wpa wpa1 ciphers tkip enable 1

wlan dhcp_server 1 0.0.0.0 required required

(Cisco Controller) >

My switchport config is

interface GigabitEthernet6/15

description ***Wirless Controller***

switchport trunk native vlan 20

switchport trunk allowed vlan 2,20

switchport mode trunk

Hmmm...you should have a "switchport trunk encapsulation dot1q" on your switch config. Your switch should support dot1q trunking. If that doesn't work, try upgrading the IOS on the switch.

That's kind of my issue. For whatever reason when I go to setup Encapulation on that port, it is not an option. However, other ethernet ports and other fiber ports have it enabled. So I know that my IOS supports it. I have tried other fiber ports, but encapsulation is not an option on those other ports either.

Try another switch that you know supports dot1q trunking.

The IOS does support it. Plus other ports are configured with it.

Do a "show run-config" and compare it to below:

witch Configuration

802.3x Flow Control Mode......................... Disable

Current LWAPP Transport Mode..................... Layer 3

LWAPP Transport Mode after next switch reboot.... Layer 3

FIPS prerequisite features....................... Disabled

Secret obfuscation............................... Enabled

This is what I have

Switch Configuration

802.3x Flow Control Mode........ Disable

Current LWAPP Transport Mode..... Layer 3

LWAPP Transport Mode after next switch reboot.... Layer 3

FIPS prerequisite features.... Disabled

Secret obfuscation............. Enabled

Well, I'm all out of ideas other than taking the controller out of lag mode and configuring the switchport as a host, just to see if the controller's hardware, including gbics and cable is ok. The controller should respond at layer3 if there are no hardware issues. We have about 80 controllers in offices across the country and I have yet to see a problem at layer3 with these.

Well..I really appreciate you trying..I currently do have LAG enabled but am not taking advanatge of it...I only have 1 gbic installed. So, I do not have port-channeling enabled on the switch either. Could that be a problem?

Well, I think you just thought through your entire problem. You need to setup a port channel for lag mode. It will take you all of about 10 seconds! heheheh

Even if Im not technically using it because Im only using 1 distribution port on the 4402?

Yes, you need the port channel to use LAG. You can just disable LAG, and reboot your controller to check for layer3.

http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1062211')">http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1062211')">http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1062211')">http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1062211

I disabled LAG, still can not ping the WLC outside its own VLAN

Start from scratch, erase config on WLC and rebuild without using LAG.