I cannot get the interface configs for the WLC for a few days, I had to go out of town. I will try removing the Native Vlan statement from the port channel and 2 interfaces.

Yes, Management is the AP-MGR, not management plus 2 AP-MGRs

Mike Fleck

Datanamics, Inc

cell 702-985-5420

I remoted into the switch and removed the Native Vlan and now everything is fine, Thanks "weterry"

Fantastic. Very common problem (typically manifests as "I can't manage the WLC").  If you wanted to leave the switch as native vlan 101, then you'd want to set "0" as the vlan on the interface (so the wlc doesn't tag it, and switch knows to put it in 101).

The issue with this latter approach is that I don't think you can trust COS for untagged traffic, so QOS would be a problem to get working.

Hello. I think that is a well-known problem. You cannot set the native vlan on the wlc. It's alway vlan 1. After removing the setting "switchport trunk native vlan 101" the native vlan change to default which is vlan number 1.

I am using software version 6.0.199.4, too.

thats not true. You can tag all the interfaces on the WLC, so long as you remember it's a dot1q trunk. So you would want the native VLAN on the switch to be something other than what any interface on the WLC is. Otherwise the switch will drop the traffic that is tagged on the native VLAN.

So in the above scenario setting the switch poet native VLAN to 999 would work so long as VLAN 999 is not used on the WLC.

Make sense!

Steve

Sent from Cisco Technical Support iPhone App

Im going to offer my 2cents?

First. why are you using a native VLAN on the WLC for management ? It is in your best interest to TAG all your VLANs. The Cisco manuals have noted for years to native the management, but Cisco folks will tell you this is not ideal. In fact, you will lose all QoS trust if you use mls qos trust on the WLC / switch port. Since your management is native, your capwap tunnels qos will not be trusted.

I would tagg everything .. Dont use native

In 7.x config guide it finally was changed and it states to tag your management traffic.

@George

I'm aware that in the switching world - native vlan is not recommended for the mgmt vlan (vlan double tagging/..)

Tagging of management traffic - losing QoS tag --> is it possible then to tag management traffic on the WLC (thus not by a switch)?

Hey Davy,

No, you need to tag both sides (WLC and Switch) or the WLC management interface will not connect. But does it make sense WHY you need to tag it ... Your AP manager is on the management vlan or if you use 5508 it is the management interface, (no ap manager).

If you trust CoS, which you should for trunks your native vlans arent tagged so it doesnt get trusted. Your CAPWAP will lose its tagging ..

Make sense?

I was not clear in my previous post. I was wondering in my previous post if the wlc is capable of  'cos marking' mgmt traffic. I'm not aware of such mechanism? If the WLC is not able to cos mark mgmt interface traffic (CAPWAPP/interWLC traffic). The cos argue has no sense.

Although I understand it's better to 'vlan tag'  all interfaces. - Before I did mgmt interface the native vlan way

I appreciate when we dive deep on questions like this because it makes you think. Bill Cox said once, "Once I thought I knew QoS on a wireless lan controller I would get a question of the audience and it would make me think, do I really know QoS on the WLC"

For the record you can mark up or down WLAN traffic on a WLAN. This can be found under the QoS profile / 802.3p.

As for the CAPWAP. Lets walk this through ..

AP -- We trust DSCP becuase this is not a trunk link. The AP has 2 paths, control and data. The control path is always sent at 7, the AP does this and is a factory setting. The data path is marked by the supplicant and translated in the capwap packet.

Since both are marked (control and data), the frames will arrive at the switch the WLC is connected to. if you dont trust there the control frame loses its QoS setting. If that link becomes loaded your control frames are at risk.

Coming from the WLC, the WLC sends the control frames out at 7 as well (just like the AP) ... See the mobile design guide for a better description. But look at this, note the LWAPP control frames. These are marked by the AP and the WLC.

Does this help ?

Really good explanation... i am just in a process of placing trust on the wireless lan controller ports and AP ports.

For queuing my thought is that since its a lwwap capwap tunnel, doing queuing on this interface can limit the bandwidth for class cs7 and cs6. should these interfaces be left without queuing, means everything goes into queue 1 which gets 100% of the buffer.  

EDIT:  George went and posted a book while I was typing this response so he likely clarifies this much better than myself [I have not read his response yet above, I just know it exists]

Hopefully this clarifies the concern.

Any inteface on a WLC can be configured with vlan 0.  Marking vlan 0 means "untagged", which is that traffic that would be in the "Switchport Native Vlan X" vlan on the trunk.  COS does not function with "untagged" traffic.

So the expectation, and proper design is that no interface on the WLC should be marked with vlan 0.  Which means you should TAG your Management Interface, which means your Management Interface must not be the Native Vlan on the trunk.

The only exception to this rule is that fancy switch IOS command that goes something like "tag-native-vlan" which means that Native Vlan on the Switch is actually setting a TAG, which means a "0" on the WLC wouldnt function at all.

Bottom line, setup your native vlan on the trunk to be some vlan that is not used by the WLC and then TAG all interfaces (including Management).....