Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Wireless and HP Procurve configuration

Posted on 2013-01-21
4
Medium Priority
?
756 Views
Last Modified: 2016-07-19
For a couple of months i've been playing around trying to get our Cisco WLC2504 and Cisco 3500 series LAPs to work correctly over multiple sites.  I have come up against a bit of an issue, which the tech support people for Cisco don't know how to fix, and say it's probably down to the configuration on our HP Procurves!

To put it simply, we have 3 sites; the main site has the WLC and 2 access points, the second site has 2 access points, and 3rd has just one access point.
I have configured the system so there are two SSIDs available across all the sites - a Staff SSID and a Guest SSID.  The Staff SSID picks up an address from the internal network (Native VLAN 1), whilst the Guest WLAN is tagged VLAN 500, and picks up an IP address from the DHCP server on our firewall, which we have created a new port with VLAN 500 tag just for this traffic.  This is configured the same at all sites (we have local internet breakouts with firewalls at each office).
the wireless hardware is configured to run on a separate VLAN of 200 and a different subnet to the main network. The issue we have is the LAPs fail to use the static IP addresses on VLAN 200 and fail back to the main network IP addresses.  This still allows clients to authenticate for both staff and guest - but isn't what we wanted to happen!  I have untagged the ports that the LAPs connect to for VLAN 200 and they now use the correct IP addresses.  However, whilst the Guest WLAN successfully works, the Staff network fails to pick up an IP address or connect to the native VLAN at all.

The only way I have managed to get them to work is to create another VLAN 300 with a new IP range and a new DHCP Scope on the server for this VLAN and setup the WLAN for staff to tag this traffic VLAN 300.

Ideally, I wanted to make the staff wireless clients have an internal IP address to simplify things, but i can't works out if/how to do this!  Anyone give me a clue?
0
Comment
Question by:Amaze_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Expert Comment

by:avcontrol
ID: 38801948
Usually to connect different VLAN's, you would need configure "router on the stick", and manage IP address, you should use ACL for it.
It is not really clear what business rules you trying implement, maybe diagram with IP addresses and intention to use would help better understand.
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 2000 total points
ID: 38801968
What mode are you running in? Normally in a small network situation I have all the APs tunnel the traffic back to the WLC.  Therefore there is only 1 location where the traffic really leaves the wireless and goes wired, which means you only need to worry about all the vlans at one location.

So I typically set up a wireless mgmt vlan, like it sound like you did for vlan 200.  Now of course you have 3 sites, so the IP network is different at each location for vlan 200.  The WLC has a static address on this management network and this is the interface on the WLC that manages the APs.  I then set up a small DHCP scope for vlan 200 for each location so the APs can get a dynamic address and once that happens I change them to a static in the appropriate vlan.  Now having said that, in this mode, each AP will need to simply connect to an access port on the HP switch that is in access vlan 200.  That is it.

The SSIDs are connected to vlan 1 and vlan 500 at the HQ site.  Now if you are running in hybrid mode then you would need to connect the APs to an HP port that is a trunk with a native vlan of 200.  This means that on that HP trunk port vlan 200 would be untagged and vlan 1 and 500 would be tagged.

Having said all that - I prefer for my corporate wireless users to be on their own subnet.  This way it makes it easy to nail down where someone is. In other words if I troubleshooting an issue with a given IP address - I know immediately whether it is a wired client or a wireless client.
0
 

Author Closing Comment

by:Amaze_IT
ID: 38834613
This is exactly how i have had it working - but now want to do as you prefer - ie have the wireless staff on a separate vlan/subnet andthe guest on another vlan/subnet.  I have got the system configured for flexconnect as i want the sites wireless to continue working even if they lose connection to the WLC at the HQ, hence I have configured vlan 200 for management at each site, vlan 300 for wireless staff subnet with a dhcp scope "helped" from our main server, with vlan 500 to guest wifi using a separate port on the firewall, which also supplies the DHCP scope for those clients as well as being their default gateway.  On the switch I have not assigned an IP for vlan 500 to prevent users being able to connect to it from the guest network.  Just seems a little erratic when connecting at times!
0
 

Expert Comment

by:techlinden
ID: 41719481
no flex acl map configuration file to load
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question