Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1735
Views
0
Helpful
13
Replies

WLC 3504

Ermir Morina
Level 1
Level 1

‎07-12-2021 05:42 AM

Greetings! 

 

I am currently implementing a WLC 3504 with AP 1815i  and I have a problem understanding something and hoped that you guys might help me with it.

 

So the problem is that I have some remote sites connected to the main office via dmvpns and they each sit on different subnets and I want to use the same VLAN on all remote offices for their WiFi networks (Wlans), so basically do a wlan-vlan mapping, and I want to configure flexconnect with local switching, but there is an issue for me with WLC dynamic interfaces because it forces you to set an ip on that dynamic interface.

Do you guys have any suggestions or explanations that you can share with me? 

 

Kind regards,

Ermir.

0 Helpful
13 Replies 13

Rps-Cheers
VIP
VIP

‎07-12-2021 07:51 AM

In general, the VLAN of WLAN forms a mapping relationship based on the interface selected by itself, that is, Wlan-Specific, and the effect is as follows:

FlexConnect Vlan mode :.......................... Enabled
        Native ID :..................................... 192
        WLAN 1 :........................................ 172 (Wlan-Specific)

If you need to redefine the VLAN corresponding to WLAN x, you can define it through AP-Specific or Group-Specific:

FlexConnect Vlan mode :.......................... Enabled
        Native ID :..................................... 192
        WLAN 1 :........................................ 10 (AP-Specific)

FlexConnect Vlan mode :.......................... Enabled
        Native ID :..................................... 192
        WLAN 1 :........................................ 10 (Group-Specific)

In this way, the corresponding VLAN will be mapped to VLAN 10.

So our WLAN associated interface is not important. The important thing is that when configuring FlexConnect, we configure WLAN VLAN mapping through AP alone, or through FLexConnect Group.
It is recommended to configure WLAN VLAN mapping through FlexConnect Group.

 

There is also a deployment guide:
FlexConnect Wireless Branch Controller Deployment Guide

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/FlexConnect_DG.html#pgfId-52398

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Ermir Morina
Level 1
Level 1
In response to Rps-Cheers

‎07-12-2021 12:59 PM

Thank you very much for your reply! 

 

And what about the configuration on the switch side, since I am connecting through VPNs, should I put those VLANs (the ones used for SSID's) on the trunk port connected to the WLC or not? 

0 Helpful

Rps-Cheers
VIP
VIP
In response to Ermir Morina

‎07-12-2021 04:03 PM

For the switch port connected by wlc, it is usually configured as trunk mode.

The switch port connected to the branch AP should also be in trunk mode, especially if you need to broadcast multiple different SSIDs (also in different VLANs), you need to permit multiple VLANs on the trunk mode interface.Thx

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee
In response to Ermir Morina

‎07-12-2021 11:01 PM

If You're looking to configure Flexconnect with local switching, the corresponding VLANs need to be allowed on the AP switchport and hence needs to be a trunk port. VLANs for local switching need to be present at the local site and do not need dynamic interfaces configured on the WLC.

 

Cheers!

0 Helpful

Ermir Morina
Level 1
Level 1
In response to .Jaidev Hattiangadi.

‎07-13-2021 12:20 AM

What about the trunk port on the WLC side? Do I need to configure the same VLANs that I configure on AP Side (even though it's local switching so I don't think we  need that but just to make sure).

Thank you very much for your prompt responses, I highly appreciate it.

0 Helpful

Rps-Cheers
VIP
VIP
In response to Ermir Morina

‎07-13-2021 12:43 AM

You can configure it like this, you can even understand it as a local mode configuration. The allowed VLANs only need to include AP and user VLANs, regardless of whether it is local or centralized forwarding. This is the safest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Wes Schochet
Level 3
Level 3

‎07-13-2021 02:03 PM

I use flex-connect groups and do the VLAN / WLAN mapping there.  In this setup, the VLAN on hte local interface is ignored when both the AP and the WLAN are configured for flex-connect. 

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎07-14-2021 04:20 PM

I usually create a dummy dynamic interface with non-routable IP for flex ssid's.

 

Also for the Flex connect AP's you need to set the native VLAN as AP management VLAN, and allow only the client VLAN's. I also recommend to set spanning-tree portfast trunk under the interface connencting to AP.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Ermir Morina
Level 1
Level 1

‎07-15-2021 12:48 AM

Hello guys! 

 

So I've been trying to find a solution, but I still seem to have problems with implementing it the right way.

So I have this VLAN 5 that I want to use on my remote office for my wireless clients (my AP also gets the IP Address from that one).

What I  did on the switch port connected to the AP on my remote office is: I configured the port as trunk and I made VLAN 5 as native vlan since I need my AP to get the IP address from the DHCP Server I have configured on my ISR4331/with a L2 Module.

Meanwhile on the other side at my central office, the port connected to the WLC is configured as Trunk but it doesn't contain VLAN 5 (i assume it shouldn't).

The AP registers successfully with the WLC.

What I can see is that when I create a TEST Wlan, the wlan is propagated to the AP as I want it to, but I am not able to connect to it from my laptop/phone (I can share screenshots of the configuration I have on my WLC for that).

The setup is a basic one, central auth (MAC FILTERING) with local switching on my flex AP.

0 Helpful

.Jaidev Hattiangadi.
Cisco Employee
Cisco Employee
In response to Ermir Morina

‎07-15-2021 01:36 AM

Get a client debug for a test client and post the output here

 

cheers!

0 Helpful

Ermir Morina
Level 1
Level 1
In response to .Jaidev Hattiangadi.

‎07-15-2021 03:58 AM

(Cisco Controller) debug>client all

'Enabled client all' debug.

(Cisco Controller) debug>
(Cisco Controller) debug>*emWeb: Jul 15 11:51:13.930: [PA]
Debugging session started on Jul 15 11:51:13.930 for WLC AIR-CT3504-K9 Version :8.10.151.0 Hostname MPJWLC01

(Cisco Controller) debug>
(Cisco Controller) debug>*apfMsConnTask_4: Jul 15 11:51:28.063: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.063: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.164: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.164: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.268: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.268: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.366: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0
*apfMsConnTask_4: Jul 15 11:51:28.366: [PA] 48:5f:99:81:92:4f Scheduling deletion of Mobile Station: reasonCode 4 (callerId: 18) in 10 seconds
*apfMsConnTask_4: Jul 15 11:51:28.472: [PA] 48:5f:99:81:92:4f Sending Assoc Response (status: 'unspecified failure') to station on AP AP5C71.0DBA.BCF0 on BSSID 5c:71:0d:e6:42:e1 ApVapId 2 Slot 0, mobility role 0

 

So this is what I get when I try to access the SSID with my laptop.

0 Helpful

marce1000
VIP
VIP
In response to Ermir Morina

‎07-15-2021 06:51 AM

 

 - Have a somewhat longer debug session and have it analyzed with :

               https://cway.cisco.com/tools/WirelessDebugAnalyzer/ 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Ermir Morina
Level 1
Level 1

‎07-21-2021 04:51 AM

So guys I'm now having another problem, after coming back from holidays my Access Point flaps on my switch port from active to down the whole time and I can't seem to find the reason why? 

Do you guys have any suggestion or did you ever come across such problem? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card