Cisco vlan controller configuration

Hello i have a little problem regarding my guest access on a Cisco 2504 WLAN controller.

So i have a cisco 3560 In front and in this scenario a non configurable router after 3560

My mgmt net is on 172.17.29.0/24 with 3560 on 172.17.29.2 and mgmt net on 172.17.29.3 and a dhcp on 172.17.29.2

The other net is on 172.17.27.0/24 with the non configurable router on 172.17.27.2. And i have a dynamic interface on my wlan controller on 172.17.27.3 and a dhcp on 172.17.27.2

So the 172.17.29.0/24 net is working like a charm although i cannot get the 172.17.27.0 net to work. First of all i cannot ping the interface of the vlan controller from my switch, although if i place a laptop in the same subnet i can ping it from the switch. Internet also works from the laptop. When i try the wlan on the interface i doesn´t get an ip and i cannot ping the dhcp server or router from the controller on 172.17.27.2. which of course is why i do not get an ip.

the 3560 got an default route of 0.0.0.0 0.0.0.0 172.17.27.2.

i also wonder if it is possible to be able o ping 172.17.27.0 from 172.17.29.0 without first going to the router which in this case is non configurable.

ptopservicedeskAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FrabbleCommented:
I take it the WLAN controller is plugged into the 3560? If it is then the port needs to be configured as a trunk and allowed to pass the VLAN used by the 172.17.27.0/24 network. The controller dynamic interface also needs to have the VLAN ID the same number of the switch VLAN if the traffic is tagged.

When you say non configurable router do you mean you don't have access to it? To ping betwen the two networks you need something to route between them and it's not clear what is doing this. I assume the router is the gateway for the 172.17.27.0 network (172.17.27.2) but what is the gateway for the 172.17.29.0 network?

You say the 3560 is configured for 172.17.29.2; if it is not configured for ip routing then you need a default gateway entry otherwise a route of last resort, either way the address needs to be 172.17.29.* and not 172.17.27.2
0
ptopservicedeskAuthor Commented:
Hi, yes it looks like this.
WLAN Controller (172.17.29.3 mgmt interface) (172.17.27.3 dynamic interface)
        |
   C3560 Ip addresses (172.17.29.2 default gateway for 172.17.29.0/24) (172.27.27.253)
        |
    ISP Router on 172.17.27.2 (Internet)

So The WLAN Controller is connected to the C3560, Switch ports are trunk with dot1q encap. Vlan tagging is 20 on wlan controller and switch for mgmt interface and 1 on dynamic interface on controller and switchport. Both are able to reach internet in the current config.

SO the router is gateway for the 172.17.27.0 network and the c3560 is router for the 172.17.29.0 network. I really would like the c3560 to be the router for all networks but traffic has to go through ISP router which is non configurable.

C3560 is configured for ip routing but my only route is 0.0.0.0 0.0.0.0 172.17.27.2 so networks are able to reach internet. What routes needs to be there?

As you might notice I am not a network technician but I am trying my best ;)

0
FrabbleCommented:
A Cisco trunk has what is called the native VLAN and this traffic is untagged. If showing a port configuration doesn't list this then it is using the default VLAN 1. If you have entered 1 for the VLAN ID on the WLAN controller dynamic interface then you have configured the traffic to be tagged and so have a mismatch. You'll fix this problem by simply removing the VLAN ID on the dynamic interface configuration for this VLAN.

You've made the routing more clear but I can't see how the 172.17.29.0/24 has successful internet access unless your ISP has configured their router to also NAT this range and has a static routing entry for this network to 172.17.27.253 or you're running a routing protocol to advertise this network, or, the 3560 NATs to a 172.17.27 address.
It's possible to have the 3560 route directly between your two networks but your ISP will also have make configuration changes to their router.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ptopservicedeskAuthor Commented:
Frabble, you have saved my Day. thanks alot.. when i untagged my vlan 1 in the controller everything worked.

Of course not the connection between VLAN:s but that was more of curiosity. If the 3560 was able to do that on it´s own which it wasn´t.

Both nets work perfectly towards internet. 172.17.29.0/24 net has the Switch as it´s default gateway and also switch as dhcp. after that the default route of 0.0.0.0 0.0.0.0 172.17.27.2 tells how it will reach the gateway towards internet. or does it seem strange to you? I could post my config if you would like. Otherwise a big thanks to you!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.