cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4393
Views
20
Helpful
12
Replies
Highlighted
Beginner

WLC 3504 cannot access after apply management VLAN

Hi All,

 

I'm having trouble with my current WLC 3504 with the latest firmware from Cisco (8.5.120). It's going to be long story but i'll try to make it less boring as possible.

 

i have 2 unit of WLC 3504 with are in the same firmware which are now in SSO mode (as all you may know in order to join SSO / HA for both of this unit need to be in the same VLAN id)

 

Now here is the real problem, before i even start to create both device to join SSO / HA, With a Single 3504 the management interface when i apply Vlan ID in CLI mode immediately my laptop connection to this mention WLC 3504 (Which is correct because my laptop does not carry VLAN id). So i made use of a L3 switch configure 2 ports (port 1 and port 2) both access with the same vlan id. While in this switch i can ping itself and ping to my laptop ip but when i ping to the WLC 3504 it have no respond and no web gui access. (Simple right because i cannot ping to WLC 3504 how am i suppose to have access). At this moment i can only access this WLC 3504 via console or thru its service port.

 

Appreciate if any one can help on this issue.  here i also attach together with the WLC 3504 log file hope this can help

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

With SSO yes you need to define a vlan id. So do this:

Controller switchport(s)
switchport trunk native vlan 666

You can use any bogus vlan id as native. Then it will work.
-Scott
*** Please rate helpful posts ***

View solution in original post

12 REPLIES 12
Highlighted

Hi

 My advise is put those two ports in a channel mode "on" on switch side and on the wlc enable lag. 

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

 

Highlighted

Hi @Flavio Miranda
Appreciate the advice but not to be confuse, Lets put it this way, My single 3504 unit is connected to a 24 port switch (WLC3504 yellow port 1 to switch port number2) and my laptop is connected also on the 24 port switch but on port number 1. Now on the switch port 1 and 2 are configure to access port carry no vlan id. In this test i can ping laptop to WLC and wlc to laptop. Then when i apply vlan id on WLC management port. My laptop cannot ping to the WLC. Now i configure on the switch to carry vlan and configure port 1 and 2 to carry the same vlan id, after configure my laptop can ping to the switch vlad id but not to the WLC. Understand what im saying?
Highlighted

Got it. I thought you had two link between wlc and switch.

 If you create a dynamic interfave on the wlc, assign to it the same vlan and the same network/mask ? 

 Can you try this way? 

 

 

-If I helped you somehow, please, rate it as useful.-

Highlighted

If your 3504 is connected to an access port, then you should not define the vlan id on the WLC. It should stay at “0” untagged. Not if you configure the switchport as a trunk and you specify the native vlan as a bogus vlan id, then you would specify the vlan id on the WLC.  Now if you configure a trunk port and you specify the native vlan for the vlan the 3504 management is on, then you leave the WLC vlan id as “0” untagged. 

-Scott
*** Please rate helpful posts ***
Highlighted

Hi Nooban,

The ideal way to go for is like this: (I will use VLAN 8 as an example)

>> The Switchport connected to the WLC : should be configured as a trunk port where native VLAN can be "default" but VLAN 8 need to be allowed.

>> On the WLC : Assign an IP address of VLAN 8 to the management interface and tag with VLAN ID 8.

>> On the switchport where the laptop is connected: should be configured as an access port assigned to VLAN 8.

 

In this case, you should be able to ping the WLC from your laptop.

Hope this helps.

 

Manish

Highlighted

Hi,

 

I have the same issue for this, below is the example i configure.

 

WLC i configure LAG on

Management interface with ip 10.10.185.22 255.255.255.0 10.10.185.1

default vlan 0

 

switch side

=========

interface GigabitEthernet4/0/48

switchport trunk native vlan 185

switchport mode trunk

channel-group 2 mode on

end

 

interface GigabitEthernet5/0/48

switchport trunk native vlan 185

switchport mode trunk

channel-group 2 mode on

end

 

interface Port-channel4

switchport trunk native vlan 185

switchport trunk allowed vlan all

switchport mode trunk

end

 

==============================

When the vlan is 0 on wlc, able to ping the ip 10.10.185.22, but when i configure the vlan id on wlc to 185, WLC is not reachable on the management interface. And in the WLC side previously able to ping the gateway 10.10.185.1, but after define the vlan ID is not reachable. Anyone counter this issue before?

 

It force you to define the vlan id when you need to enable the SSO to do the HA. 

Highlighted
Hall of Fame Master

With SSO yes you need to define a vlan id. So do this:

Controller switchport(s)
switchport trunk native vlan 666

You can use any bogus vlan id as native. Then it will work.
-Scott
*** Please rate helpful posts ***

View solution in original post

Highlighted

Hi Scott,

 

Thanks for your answer. It works.

Highlighted

Hi All, 

 

Thank to everyone contribution and suggestion, Found out in this WLC management interface once i configure it to VLAN 8 and on my switchport in trunk mode i must include native vlan X where X cannot be the same as vlan 8. Not sure why cannot do this but so far manage to solve my issue i think im good.

 

Again i need to thanks everyone who contributed on this issue.

Highlighted

The reason being is that when you set a vlan on the WLC, the WLC expects a tagged frame. When you specify a native vlan, that frame is not tagged. So basically WLC set to “0” is not tagged and native vlan on trunk port is not tagged. 

-Scott
*** Please rate helpful posts ***
Highlighted


@Scott Fella wrote:

The reason being is that when you set a vlan on the WLC, the WLC expects a tagged frame. When you specify a native vlan, that frame is not tagged. So basically WLC set to “0” is not tagged and native vlan on trunk port is not tagged. 


Hi Scott,

 

Have the same problem.

 

My question: Is it recommended or necessary to change the WLC's management interface VLAN ID or would it be less trouble if you just leave it to "0"?

 

Below are the things I tried in lab:

 

This setup will work.

PC, with IP add 192.168.1.2/24, is connected to a VLAN 1 access switchport. WLC, with IP add 192.168.1.250/24 and VLAN ID 1, is connected to a trunk switchport setup with native VLAN 1. 

 

This setup will NOT work.

PC, with IP add 192.168.1.2/24, is connected to a VLAN 2 access switchport. WLC, with IP add 192.168.1.250/24 and VLAN ID 2, is connected to a trunk switchport setup with native VLAN 2 or even when I set it with bogus native VLAN #, with all VLANs allowed on trunk.

 

Hope you can help.

 

 

Highlighted
Hall of Fame Master

When you tag the vlan for anything other than vlan 1, don’t use the native vlan command. So for vlan 2 defined on the wlc, don’t define vlan 2 as native vlan.
-Scott
*** Please rate helpful posts ***