04-03-2018 05:21 PM - edited 07-05-2021 08:28 AM
Hi All,
I'm having trouble with my current WLC 3504 with the latest firmware from Cisco (8.5.120). It's going to be long story but i'll try to make it less boring as possible.
i have 2 unit of WLC 3504 with are in the same firmware which are now in SSO mode (as all you may know in order to join SSO / HA for both of this unit need to be in the same VLAN id)
Now here is the real problem, before i even start to create both device to join SSO / HA, With a Single 3504 the management interface when i apply Vlan ID in CLI mode immediately my laptop connection to this mention WLC 3504 (Which is correct because my laptop does not carry VLAN id). So i made use of a L3 switch configure 2 ports (port 1 and port 2) both access with the same vlan id. While in this switch i can ping itself and ping to my laptop ip but when i ping to the WLC 3504 it have no respond and no web gui access. (Simple right because i cannot ping to WLC 3504 how am i suppose to have access). At this moment i can only access this WLC 3504 via console or thru its service port.
Appreciate if any one can help on this issue. here i also attach together with the WLC 3504 log file hope this can help
Solved! Go to Solution.
04-04-2018 07:05 AM
04-03-2018 08:24 PM
Hi
My advise is put those two ports in a channel mode "on" on switch side and on the wlc enable lag.
-If I helped you somehow, please, rate it as useful.-
04-03-2018 08:46 PM
04-04-2018 02:52 AM
Got it. I thought you had two link between wlc and switch.
If you create a dynamic interfave on the wlc, assign to it the same vlan and the same network/mask ?
Can you try this way?
-If I helped you somehow, please, rate it as useful.-
04-04-2018 03:25 AM
If your 3504 is connected to an access port, then you should not define the vlan id on the WLC. It should stay at “0” untagged. Not if you configure the switchport as a trunk and you specify the native vlan as a bogus vlan id, then you would specify the vlan id on the WLC. Now if you configure a trunk port and you specify the native vlan for the vlan the 3504 management is on, then you leave the WLC vlan id as “0” untagged.
04-04-2018 04:21 AM
Hi Nooban,
The ideal way to go for is like this: (I will use VLAN 8 as an example)
>> The Switchport connected to the WLC : should be configured as a trunk port where native VLAN can be "default" but VLAN 8 need to be allowed.
>> On the WLC : Assign an IP address of VLAN 8 to the management interface and tag with VLAN ID 8.
>> On the switchport where the laptop is connected: should be configured as an access port assigned to VLAN 8.
In this case, you should be able to ping the WLC from your laptop.
Hope this helps.
Manish
04-04-2018 05:49 AM
Hi,
I have the same issue for this, below is the example i configure.
WLC i configure LAG on
Management interface with ip 10.10.185.22 255.255.255.0 10.10.185.1
default vlan 0
switch side
=========
interface GigabitEthernet4/0/48
switchport trunk native vlan 185
switchport mode trunk
channel-group 2 mode on
end
interface GigabitEthernet5/0/48
switchport trunk native vlan 185
switchport mode trunk
channel-group 2 mode on
end
interface Port-channel4
switchport trunk native vlan 185
switchport trunk allowed vlan all
switchport mode trunk
end
==============================
When the vlan is 0 on wlc, able to ping the ip 10.10.185.22, but when i configure the vlan id on wlc to 185, WLC is not reachable on the management interface. And in the WLC side previously able to ping the gateway 10.10.185.1, but after define the vlan ID is not reachable. Anyone counter this issue before?
It force you to define the vlan id when you need to enable the SSO to do the HA.
04-04-2018 07:05 AM
04-04-2018 09:25 AM
Hi Scott,
Thanks for your answer. It works.
04-04-2018 08:02 PM
Hi All,
Thank to everyone contribution and suggestion, Found out in this WLC management interface once i configure it to VLAN 8 and on my switchport in trunk mode i must include native vlan X where X cannot be the same as vlan 8. Not sure why cannot do this but so far manage to solve my issue i think im good.
Again i need to thanks everyone who contributed on this issue.
04-04-2018 08:41 PM
The reason being is that when you set a vlan on the WLC, the WLC expects a tagged frame. When you specify a native vlan, that frame is not tagged. So basically WLC set to “0” is not tagged and native vlan on trunk port is not tagged.
01-19-2019 11:32 AM
@Scott Fella wrote:The reason being is that when you set a vlan on the WLC, the WLC expects a tagged frame. When you specify a native vlan, that frame is not tagged. So basically WLC set to “0” is not tagged and native vlan on trunk port is not tagged.
Hi Scott,
Have the same problem.
My question: Is it recommended or necessary to change the WLC's management interface VLAN ID or would it be less trouble if you just leave it to "0"?
Below are the things I tried in lab:
This setup will work.
PC, with IP add 192.168.1.2/24, is connected to a VLAN 1 access switchport. WLC, with IP add 192.168.1.250/24 and VLAN ID 1, is connected to a trunk switchport setup with native VLAN 1.
This setup will NOT work.
PC, with IP add 192.168.1.2/24, is connected to a VLAN 2 access switchport. WLC, with IP add 192.168.1.250/24 and VLAN ID 2, is connected to a trunk switchport setup with native VLAN 2 or even when I set it with bogus native VLAN #, with all VLANs allowed on trunk.
Hope you can help.
01-19-2019 11:40 AM
02-23-2021 08:19 PM - edited 02-23-2021 08:22 PM
Hi Guys
I have WLC 3504 and after changing the VLAN Identifier on management interface on the controller, I can't ping the IP Address anymore. VLAN Identifier was 0 before showing untagged
Switch details
interface GigabitEthernet1/0/45
description To WLC
switchport trunk encapsulation dot1q
switchport trunk native vlan 79
switchport trunk allowed vlan 54,79,220
switchport mode trunk
no logging event power-inline-status
channel-group 10 mode on
end
what can I do to access the WLC back?
I don't have console access, but have switch access
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: