Lifeguard223
asked on
2504 Wireless Controller connecting to 1142n Access_Point correct configuration and troubleshooting 3750 switches
I am working on trying to connect a 2504 Wireless_Controller to a 1142n Wireless_Access_Point
with the following configuration on a stack of four 3750 switches. See my existing Configuration on the switches listed below.
My DHCP is working on 192.168.3.1 for assigning the laptop and address. I can ping out to the DNS Server
at 192.168.2.29 and Gateway 192.168.2.1, but can not get out over the internet from the laptop.
I can not ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6
Do I need to configure some trunk ports on the switches to route VLAN, even though they are all in the same stack?
I need to get the Access_Point IP DHCP bindings working?
switch 1 provision ws-c3750-48ts
switch 2 provision ws-c3750-48ts
switch 3 provision ws-c3750-48ts
switch 4 provision ws-c3750-24p
system mtu routing 1500
vtp domain Jakes
vtp mode transparent
ip routing
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool JH_pool
network 192.168.3.0 255.255.255.0
domain-name CISCO-CAPWAP-CONTROLLER.jh
dns-server 192.168.2.29
default-router 192.168.2.1
option 43 hex f108.c0a8.0305.c0a8.0306
option 60 ascii APd0d0.fd2e.163d
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
!
vlan internal allocation policy ascending
!
vlan 5
name JH_Wireless_LAN
interface Vlan1
ip address dhcp
no ip mroute-cache
!
interface Vlan5
ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server
ip http secure-server
interface FastEthernet1/0/48
description File/DNS Server
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/18
description Laptop
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/20
description Wireless_Access_Point
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/22
description Wireless_Controller
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
with the following configuration on a stack of four 3750 switches. See my existing Configuration on the switches listed below.
My DHCP is working on 192.168.3.1 for assigning the laptop and address. I can ping out to the DNS Server
at 192.168.2.29 and Gateway 192.168.2.1, but can not get out over the internet from the laptop.
I can not ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6
Do I need to configure some trunk ports on the switches to route VLAN, even though they are all in the same stack?
I need to get the Access_Point IP DHCP bindings working?
switch 1 provision ws-c3750-48ts
switch 2 provision ws-c3750-48ts
switch 3 provision ws-c3750-48ts
switch 4 provision ws-c3750-24p
system mtu routing 1500
vtp domain Jakes
vtp mode transparent
ip routing
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool JH_pool
network 192.168.3.0 255.255.255.0
domain-name CISCO-CAPWAP-CONTROLLER.jh
dns-server 192.168.2.29
default-router 192.168.2.1
option 43 hex f108.c0a8.0305.c0a8.0306
option 60 ascii APd0d0.fd2e.163d
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
!
vlan internal allocation policy ascending
!
vlan 5
name JH_Wireless_LAN
interface Vlan1
ip address dhcp
no ip mroute-cache
!
interface Vlan5
ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server
ip http secure-server
interface FastEthernet1/0/48
description File/DNS Server
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/18
description Laptop
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/20
description Wireless_Access_Point
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
interface FastEthernet4/0/22
description Wireless_Controller
switchport access vlan 5
switchport mode access
speed 100
duplex full
spanning-tree portfast
Justin Yeung
I think you have to trunk your Access Point and your wireless controller ports
ASKER
After adding the following trunk details to the switches, I still can,t ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6
interface FastEthernet1/0/17
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet1/0/18
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
interface FastEthernet4/0/17
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet4/0/18
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
or 192.168.3.5 Controller or Access_Point 192.168.3.6
interface FastEthernet1/0/17
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet1/0/18
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
interface FastEthernet4/0/17
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet4/0/18
description trunk VLAN 1,5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,5
switchport mode trunk
speed 100
duplex full
can you ping from the switch.
ASKER
Yes, I can ping from the switch. Here are some of the responses from the switch.
JH-Switch-1#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
JH-Switch-1#ping 192.168.3.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
JH-Switch-1#ping 192.168.3.6
Gateway of last resort is 192.168.2.1 to network 0.0.0.0
C 192.168.2.0/24 is directly connected, Vlan1
C 192.168.3.0/24 is directly connected, Vlan5
S* 0.0.0.0/0 [1/0] via 192.168.2.1
JH-Switch-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.3.11 1 74d0.2b47.4a10 ARPA Vlan5
Internet 192.168.3.1 - 0019.e706.8841 ARPA Vlan5
Internet 192.168.2.1 0 20aa.4b97.38ab ARPA Vlan1
Internet 192.168.3.5 179 10f3.11a5.c100 ARPA Vlan5
Internet 192.168.2.29 0 ac22.0b82.84a3 ARPA Vlan1
Internet 192.168.2.20 7 78ac.c0ff.1f48 ARPA Vlan1
Internet 192.168.2.136 0 78ac.c09d.db5d ARPA Vlan1
Internet 192.168.2.152 - 0019.e706.8840 ARPA Vlan1
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: eigrp 1
EIGRP-IPv4 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 192.168.3.1
Stub, connected, summary
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
192.168.0.0/16
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
JH-Switch-1#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
JH-Switch-1#ping 192.168.3.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
JH-Switch-1#ping 192.168.3.6
Gateway of last resort is 192.168.2.1 to network 0.0.0.0
C 192.168.2.0/24 is directly connected, Vlan1
C 192.168.3.0/24 is directly connected, Vlan5
S* 0.0.0.0/0 [1/0] via 192.168.2.1
JH-Switch-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.3.11 1 74d0.2b47.4a10 ARPA Vlan5
Internet 192.168.3.1 - 0019.e706.8841 ARPA Vlan5
Internet 192.168.2.1 0 20aa.4b97.38ab ARPA Vlan1
Internet 192.168.3.5 179 10f3.11a5.c100 ARPA Vlan5
Internet 192.168.2.29 0 ac22.0b82.84a3 ARPA Vlan1
Internet 192.168.2.20 7 78ac.c0ff.1f48 ARPA Vlan1
Internet 192.168.2.136 0 78ac.c09d.db5d ARPA Vlan1
Internet 192.168.2.152 - 0019.e706.8840 ARPA Vlan1
Routing Protocol is "eigrp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
Redistributing: eigrp 1
EIGRP-IPv4 Protocol for AS(1)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 192.168.3.1
Stub, connected, summary
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
192.168.0.0/16
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
what is your gateway on the dns server? and also your other devices
ASKER
My DNS Server is: 192.168.2.29 and Wireless Router Gateway 192.168.2.1 for the Internet.
set your gateway to your switch, your router probably don't know how to route to that Vlan.
Justin
Justin
ASKER
I already have a static default route to my Router Gateway 192.168.2.1
S* 0.0.0.0/0 [1/0] via 192.168.2.1
S* 0.0.0.0/0 [1/0] via 192.168.2.1
Your APs should be connected to a switchport configured in access mode - not trunk mode (unless you're using FlexConnect).
The VLANs terminate at the WLC, so as long as the WLC ports are configured correctly on the switch and you've configured the dynamic interfaces appropriately you should be able to get an IP address at a client.
You have connected the WLC to a port at 100Mbps - what for?
Where's the IP address on the switch to talk to the gateway??
The VLANs terminate at the WLC, so as long as the WLC ports are configured correctly on the switch and you've configured the dynamic interfaces appropriately you should be able to get an IP address at a client.
You have connected the WLC to a port at 100Mbps - what for?
Where's the IP address on the switch to talk to the gateway??
interface Vlan1
ip address dhcp
no ip mroute-cache
!
interface Vlan5
ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1ASKER
Hello Craigbeck,
I am going to use the WLC and Access Points for guest access only and was wanting to limit the bandwidth used by wireless devices to 100 Mbps.
For the switch it is getting a dynamic IP Address from the Wireless Router using DHCP in the range of 192.168.2.0. My Wireless Router is using 192.168.2.1 for the Gateway. I could assign 192.168.2.2 to the switch, it may work better as you have mentioned.
I will make a few more programming changes on the switch to verify everything will work together as you have described. Thanks for your reply!
Eugene
I am going to use the WLC and Access Points for guest access only and was wanting to limit the bandwidth used by wireless devices to 100 Mbps.
For the switch it is getting a dynamic IP Address from the Wireless Router using DHCP in the range of 192.168.2.0. My Wireless Router is using 192.168.2.1 for the Gateway. I could assign 192.168.2.2 to the switch, it may work better as you have mentioned.
I will make a few more programming changes on the switch to verify everything will work together as you have described. Thanks for your reply!
Eugene
Ah ok I was just wondering :-)
Your router (192.168.2.1) needs a route back to the 192.168.3.0/24 subnet, This means that using DHCP on the Vlan1 interface isn't such a good idea as you'll need to point that route from the router to the switch's Vlan1 IP.
Your router (192.168.2.1) needs a route back to the 192.168.3.0/24 subnet, This means that using DHCP on the Vlan1 interface isn't such a good idea as you'll need to point that route from the router to the switch's Vlan1 IP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Justin,
Okay, I will make those changes a little later, so that I do not affect the internet service while it is being used. I will let you know, if there are any further problems with the way my current configuration was set up. Thanks!
Eugene
Okay, I will make those changes a little later, so that I do not affect the internet service while it is being used. I will let you know, if there are any further problems with the way my current configuration was set up. Thanks!
Eugene
ASKER
I knew that my Wireless Guest network needed its own VLAN and IP Address so that it would be seperated from our Staff VLAN. I did not really understand what was going to be required in getting this accomplished. Your more detailed answer to my question has helped to resolve my issue. Thanks!
Eugene
Eugene
you can setup a new vlan on your switch and add the allow vlan list on that Access point port and the WLC port.
setup an interface in WLC, assign that interface with the VLAN created on the switch.
setup a new SSID assign the SSID with that interface.
then setup an ACL under WLC-->security, assign it to the SSID.
setup an interface in WLC, assign that interface with the VLAN created on the switch.
setup a new SSID assign the SSID with that interface.
then setup an ACL under WLC-->security, assign it to the SSID.
AP port should be access port not a trunk port.