Cisco vlan controller configuration

Posted on 2011-10-27
Last Modified: 2012-05-12
Hello i have a little problem regarding my guest access on a Cisco 2504 WLAN controller.

So i have a cisco 3560 In front and in this scenario a non configurable router after 3560

My mgmt net is on with 3560 on and mgmt net on and a dhcp on

The other net is on with the non configurable router on And i have a dynamic interface on my wlan controller on and a dhcp on

So the net is working like a charm although i cannot get the net to work. First of all i cannot ping the interface of the vlan controller from my switch, although if i place a laptop in the same subnet i can ping it from the switch. Internet also works from the laptop. When i try the wlan on the interface i doesn´t get an ip and i cannot ping the dhcp server or router from the controller on which of course is why i do not get an ip.

the 3560 got an default route of

i also wonder if it is possible to be able o ping from without first going to the router which in this case is non configurable.

Question by:ptopservicedesk
    LVL 15

    Expert Comment

    I take it the WLAN controller is plugged into the 3560? If it is then the port needs to be configured as a trunk and allowed to pass the VLAN used by the network. The controller dynamic interface also needs to have the VLAN ID the same number of the switch VLAN if the traffic is tagged.

    When you say non configurable router do you mean you don't have access to it? To ping betwen the two networks you need something to route between them and it's not clear what is doing this. I assume the router is the gateway for the network ( but what is the gateway for the network?

    You say the 3560 is configured for; if it is not configured for ip routing then you need a default gateway entry otherwise a route of last resort, either way the address needs to be 172.17.29.* and not

    Author Comment

    Hi, yes it looks like this.
    WLAN Controller ( mgmt interface) ( dynamic interface)
       C3560 Ip addresses ( default gateway for (
        ISP Router on (Internet)

    So The WLAN Controller is connected to the C3560, Switch ports are trunk with dot1q encap. Vlan tagging is 20 on wlan controller and switch for mgmt interface and 1 on dynamic interface on controller and switchport. Both are able to reach internet in the current config.

    SO the router is gateway for the network and the c3560 is router for the network. I really would like the c3560 to be the router for all networks but traffic has to go through ISP router which is non configurable.

    C3560 is configured for ip routing but my only route is so networks are able to reach internet. What routes needs to be there?

    As you might notice I am not a network technician but I am trying my best ;)

    LVL 15

    Accepted Solution

    A Cisco trunk has what is called the native VLAN and this traffic is untagged. If showing a port configuration doesn't list this then it is using the default VLAN 1. If you have entered 1 for the VLAN ID on the WLAN controller dynamic interface then you have configured the traffic to be tagged and so have a mismatch. You'll fix this problem by simply removing the VLAN ID on the dynamic interface configuration for this VLAN.

    You've made the routing more clear but I can't see how the has successful internet access unless your ISP has configured their router to also NAT this range and has a static routing entry for this network to or you're running a routing protocol to advertise this network, or, the 3560 NATs to a 172.17.27 address.
    It's possible to have the 3560 route directly between your two networks but your ISP will also have make configuration changes to their router.

    Author Comment

    Frabble, you have saved my Day. thanks alot.. when i untagged my vlan 1 in the controller everything worked.

    Of course not the connection between VLAN:s but that was more of curiosity. If the 3560 was able to do that on it´s own which it wasn´t.

    Both nets work perfectly towards internet. net has the Switch as it´s default gateway and also switch as dhcp. after that the default route of tells how it will reach the gateway towards internet. or does it seem strange to you? I could post my config if you would like. Otherwise a big thanks to you!!!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now