Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3773
Views
0
Helpful
36
Replies

Wireless LAN Controller

nickh2022
Level 1
Level 1

‎02-25-2009 12:40 PM - edited ‎07-03-2021 05:14 PM

Hello Everybody,

I have a WLC 4402 plugged into a Catalyst 4507R. My problem is I am unable to ping the WLC from a different VLAN. While reading the document about best practices, it mentions that the fiber port should be configured using dot1q encapsulation but when I try to configure that, I do not get encapsulation as an option. The wierd thing is, other ethernet ports on the switch do have encapsulation configured. Please advise!

1 person had this problem
Labels:
0 Helpful
36 Replies 36

tekjansen101
Level 1
Level 1
In response to nickh2022

‎05-07-2009 02:55 AM

Hi

Lets do this OSI Style !!!

Layer 1 ? Does the port come up ? Can you see port status up both on the Cisco switch and the controller ? If not there might be something wrong with:

a) cable type

b) SFP module (make sure you are using Fiber SFP and not Ethernet SFP because these are not supported by the controller)

regards...

0 Helpful

CFayNTAdmin83
Level 1
Level 1
In response to nickh2022

‎05-07-2009 09:28 AM

Hi Everyone. I just thought I'd add my 2 cents here. I'm have my WLC connected to a 4500 switch chassis. The port config definitely should work if it has the following defined.

switchport mode trunk

switchport trunk encapsulation dot1q

The only other thing I have on the port is a description...

I have every interface on my WLC tagged with a vlan identifier for dot1q; well the ones that let you define an identifer. All interfaces work fine. I have about 9 other controllers running like this. You should be able to ping the mgmt interface ip, but not the ap manager interface. Your dynamic interfaces should also be pingable, at least at the switch the controller's on. I agree with the dot1q command statement. Some switches have the dot1q turned on automatically. If you have it defined on other ports on the same switch, I'd make sure it is in the config. I'd also take the native vlan entry out of your trunk port config. I'd only trunk on the native if I was using some kind of autonomous AP or bridge with multiple vlans, or if you wanted to add another command to prune the vlans. The simple "switchport mode trunk" should definitely work, and does not cause adverse effects, unless you have an ungodly amount of vlans. Are you running a VTP client server domain or are your switches in transparent mode?

0 Helpful

c.jolliffe
Level 1
Level 1
In response to CFayNTAdmin83

‎05-07-2009 10:59 AM

Can you ping the service port from other subnets? I have had some strange issues with pinging the management interface from other subnets and after I cleared the IP off of the service port it responds with no problems.

0 Helpful

CFayNTAdmin83
Level 1
Level 1
In response to c.jolliffe

‎05-07-2009 11:11 AM

The service port should be pingable. However, I would not connect it to the production network. That's what the MGMT interface is for. I used the service port before but only for troubleshooting / service. For example, I had one of the fiber cables get pinched in between racks, which of course killed my MGMT / https interface to check out the controller. I remembered that I configured the service port address, so I used Cat5e and a static IP on my laptop to gain access to the controller. I wanted to make sure that the controller didn't get hosed. It turned out to be the kink in the fiber cable though. You should be able to give it a unique address and still be able to ping the original MGMT ip if the fiber connection / trunk port is working correctly. Maybe the address you gave the service port was in use (assuming it was plugged in too)? Also, the code version I'm on is 4.1....

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to CFayNTAdmin83

‎05-07-2009 03:18 PM

Service Port, used for OOBM, should NOT ping-able from anywhere in your network unless you've created a static route for it.

If you plug your host directly to the service port, this is possible.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎05-07-2009 03:19 PM

Hi Nick,

I'd recommend take your WLC offline and/OR off the 4507 switch and connect it to another switch model.

0 Helpful

tekjansen101
Level 1
Level 1

‎05-10-2009 08:04 PM

Ok I kinda have the same issues as Nick over here...however whats weird is I can telnet into the controller ... but cannot ping it !!

In my scenario the wlc4402 is sitting in a DMZ behind a (pix) firewall that connects to our corporate network. This controller is supposed to be our guest anchor in the DMZ (mobility anchor setup).

I have performed the following steps:

1. Management and apmanager interfaces are on untagged vlan in WLC

2. Switch X (that connects controller to firewall in DMZ) - port going to the the WLC is trunk.

3. Switch X access port going to firewall is on native vlan (default 1)

4. The wlc can ping its gateway (firewall in this case)

5. Ports UDP 16666 opened, TCP 23, TCP 80/443 and Protocol 1 and 97.

6. Telnet, HTTP, ping all work fine from a workstation ip configured in the ACL to allow tcp and icmp.

7. Ping fails from the corporate controller into the DMZ controller.

8. Ping is successful from the corporate controller into the Firewall hosting the DMZ and the F/W counters indicate the ping packets are going through to the DMZ controller ... but the DMZ controller seems to be dropping the echo packets.

9. Tested routes exist b/w F/W and corporate controller.

Any ideas ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card