07-12-2021 05:42 AM
Greetings!
I am currently implementing a WLC 3504 with AP 1815i and I have a problem understanding something and hoped that you guys might help me with it.
So the problem is that I have some remote sites connected to the main office via dmvpns and they each sit on different subnets and I want to use the same VLAN on all remote offices for their WiFi networks (Wlans), so basically do a wlan-vlan mapping, and I want to configure flexconnect with local switching, but there is an issue for me with WLC dynamic interfaces because it forces you to set an ip on that dynamic interface.
Do you guys have any suggestions or explanations that you can share with me?
Kind regards,
Ermir.
07-12-2021 07:51 AM
In general, the VLAN of WLAN forms a mapping relationship based on the interface selected by itself, that is, Wlan-Specific, and the effect is as follows:
FlexConnect Vlan mode :.......................... Enabled Native ID :..................................... 192 WLAN 1 :........................................ 172 (Wlan-Specific)
If you need to redefine the VLAN corresponding to WLAN x, you can define it through AP-Specific or Group-Specific:
FlexConnect Vlan mode :.......................... Enabled Native ID :..................................... 192 WLAN 1 :........................................ 10 (AP-Specific) FlexConnect Vlan mode :.......................... Enabled Native ID :..................................... 192 WLAN 1 :........................................ 10 (Group-Specific)
In this way, the corresponding VLAN will be mapped to VLAN 10.
So our WLAN associated interface is not important. The important thing is that when configuring FlexConnect, we configure WLAN VLAN mapping through AP alone, or through FLexConnect Group.
It is recommended to configure WLAN VLAN mapping through FlexConnect Group.
There is also a deployment guide:
FlexConnect Wireless Branch Controller Deployment Guide
07-12-2021 12:59 PM
Thank you very much for your reply!
And what about the configuration on the switch side, since I am connecting through VPNs, should I put those VLANs (the ones used for SSID's) on the trunk port connected to the WLC or not?
07-12-2021 04:03 PM
For the switch port connected by wlc, it is usually configured as trunk mode.
The switch port connected to the branch AP should also be in trunk mode, especially if you need to broadcast multiple different SSIDs (also in different VLANs), you need to permit multiple VLANs on the trunk mode interface.Thx
07-12-2021 11:01 PM
If You're looking to configure Flexconnect with local switching, the corresponding VLANs need to be allowed on the AP switchport and hence needs to be a trunk port. VLANs for local switching need to be present at the local site and do not need dynamic interfaces configured on the WLC.
Cheers!
07-13-2021 12:20 AM
What about the trunk port on the WLC side? Do I need to configure the same VLANs that I configure on AP Side (even though it's local switching so I don't think we need that but just to make sure).
Thank you very much for your prompt responses, I highly appreciate it.
07-13-2021 12:43 AM
You can configure it like this, you can even understand it as a local mode configuration. The allowed VLANs only need to include AP and user VLANs, regardless of whether it is local or centralized forwarding. This is the safest.
07-13-2021 02:03 PM
I use flex-connect groups and do the VLAN / WLAN mapping there. In this setup, the VLAN on hte local interface is ignored when both the AP and the WLAN are configured for flex-connect.
07-14-2021 04:20 PM
I usually create a dummy dynamic interface with non-routable IP for flex ssid's.
Also for the Flex connect AP's you need to set the native VLAN as AP management VLAN, and allow only the client VLAN's. I also recommend to set spanning-tree portfast trunk under the interface connencting to AP.
07-15-2021 12:48 AM
Hello guys!
So I've been trying to find a solution, but I still seem to have problems with implementing it the right way.
So I have this VLAN 5 that I want to use on my remote office for my wireless clients (my AP also gets the IP Address from that one).
What I did on the switch port connected to the AP on my remote office is: I configured the port as trunk and I made VLAN 5 as native vlan since I need my AP to get the IP address from the DHCP Server I have configured on my ISR4331/with a L2 Module.
Meanwhile on the other side at my central office, the port connected to the WLC is configured as Trunk but it doesn't contain VLAN 5 (i assume it shouldn't).
The AP registers successfully with the WLC.
What I can see is that when I create a TEST Wlan, the wlan is propagated to the AP as I want it to, but I am not able to connect to it from my laptop/phone (I can share screenshots of the configuration I have on my WLC for that).
The setup is a basic one, central auth (MAC FILTERING) with local switching on my flex AP.
07-15-2021 01:36 AM
Get a client debug for a test client and post the output here
cheers!
07-15-2021 03:58 AM
(Cisco Controller) debug>client all
'Enabled client all' debug.
(Cisco Controller) debug>
(Cisco Controller) debug>*emWeb: Jul 15 11:51:13.930: [PA]
Debugging session started on Jul 15 11:51:13.930 for WLC AIR-CT3504-K9 Version :8.10.151.0 Hostname MPJWLC01
(Cisco Controller) debug>
(Cisco Controller) debug>*apfMsConnTask_4: Jul 15 11:51:28.063: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.063: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.164: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.164: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.268: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.268: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.366: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.366: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.472: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
So this is what I get when I try to access the SSID with my laptop.
07-15-2021 06:51 AM
- Have a somewhat longer debug session and have it analyzed with :
https://cway.cisco.com/tools/WirelessDebugAnalyzer/
M.
07-21-2021 04:51 AM
So guys I'm now having another problem, after coming back from holidays my Access Point flaps on my switch port from active to down the whole time and I can't seem to find the reason why?
Do you guys have any suggestion or did you ever come across such problem?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide