Solved

2504 Wireless Controller connecting to 1142n Access_Point correct configuration and troubleshooting 3750 switches

Posted on 2014-02-20
16
733 Views
Last Modified: 2014-02-27
I am working on trying to connect a 2504 Wireless_Controller to a 1142n Wireless_Access_Point
with the following configuration on a stack of four 3750 switches.  See my existing Configuration on the switches listed below.

My DHCP is working on 192.168.3.1 for assigning the laptop and address. I can ping out to the DNS Server
at 192.168.2.29 and Gateway 192.168.2.1, but can not get out over the internet from the laptop.

I can not ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6

Do I need to configure some trunk ports on the switches to route VLAN, even though they are all in the same stack?

I need to get the Access_Point IP DHCP bindings working?

switch 1 provision ws-c3750-48ts
switch 2 provision ws-c3750-48ts
switch 3 provision ws-c3750-48ts
switch 4 provision ws-c3750-24p
system mtu routing 1500
vtp domain Jakes
vtp mode transparent
ip routing
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool JH_pool
   network 192.168.3.0 255.255.255.0
   domain-name CISCO-CAPWAP-CONTROLLER.jhwk.local
   dns-server 192.168.2.29
   default-router 192.168.2.1
   option 43 hex f108.c0a8.0305.c0a8.0306
   option 60 ascii APd0d0.fd2e.163d

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
!
vlan internal allocation policy ascending
!
vlan 5
 name JH_Wireless_LAN

interface Vlan1
 ip address dhcp
 no ip mroute-cache
!
interface Vlan5
 ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server
ip http secure-server

interface FastEthernet1/0/48
 description File/DNS Server
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/18
 description Laptop
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/20
 description Wireless_Access_Point
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/22
 description Wireless_Controller
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast
0
Comment
Question by:Lifeguard223
  • 7
  • 6
  • 3
16 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
Comment Utility
I think you have to trunk your Access Point and your wireless controller ports
0
 

Author Comment

by:Lifeguard223
Comment Utility
After adding the following trunk details to the switches, I still can,t ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6

interface FastEthernet1/0/17
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/18
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
duplex full

interface FastEthernet4/0/17
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet4/0/18
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
0
 
LVL 14

Expert Comment

by:Justin Yeung
Comment Utility
can you ping from the switch.
0
 

Author Comment

by:Lifeguard223
Comment Utility
Yes, I can ping from the switch.  Here are some of the responses from the switch.
JH-Switch-1#ping 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
JH-Switch-1#ping 192.168.3.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
JH-Switch-1#ping 192.168.3.6


Gateway of last resort is 192.168.2.1 to network 0.0.0.0

C    192.168.2.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan5
S*   0.0.0.0/0 [1/0] via 192.168.2.1

JH-Switch-1#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.3.11            1   74d0.2b47.4a10  ARPA   Vlan5
Internet  192.168.3.1             -   0019.e706.8841  ARPA   Vlan5
Internet  192.168.2.1             0   20aa.4b97.38ab  ARPA   Vlan1
Internet  192.168.3.5           179   10f3.11a5.c100  ARPA   Vlan5
Internet  192.168.2.29            0   ac22.0b82.84a3  ARPA   Vlan1
Internet  192.168.2.20            7   78ac.c0ff.1f48  ARPA   Vlan1
Internet  192.168.2.136           0   78ac.c09d.db5d  ARPA   Vlan1
Internet  192.168.2.152           -   0019.e706.8840  ARPA   Vlan1

Routing Protocol is "eigrp 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  Redistributing: eigrp 1
  EIGRP-IPv4 Protocol for AS(1)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
    NSF-aware route hold timer is 240
    Router-ID: 192.168.3.1
    Stub, connected, summary
    Topology : 0 (base)
      Active Timer: 3 min
      Distance: internal 90 external 170
      Maximum path: 4
      Maximum hopcount 100
      Maximum metric variance 1

  Automatic Summarization: disabled
  Maximum path: 4
  Routing for Networks:
    192.168.0.0/16
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: internal 90 external 170
0
 
LVL 14

Expert Comment

by:Justin Yeung
Comment Utility
what is your gateway on the dns server? and also your other devices
0
 

Author Comment

by:Lifeguard223
Comment Utility
My DNS Server is: 192.168.2.29 and Wireless Router Gateway 192.168.2.1 for the Internet.
0
 
LVL 14

Expert Comment

by:Justin Yeung
Comment Utility
set your gateway to your switch, your router probably don't know how to route to that Vlan.

Justin
0
 

Author Comment

by:Lifeguard223
Comment Utility
I already have a static default route to my Router Gateway 192.168.2.1

S*   0.0.0.0/0 [1/0] via 192.168.2.1
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Your APs should be connected to a switchport configured in access mode - not trunk mode (unless you're using FlexConnect).

The VLANs terminate at the WLC, so as long as the WLC ports are configured correctly on the switch and you've configured the dynamic interfaces appropriately you should be able to get an IP address at a client.

You have connected the WLC to a port at 100Mbps - what for?

Where's the IP address on the switch to talk to the gateway??
interface Vlan1
 ip address dhcp
 no ip mroute-cache
!
interface Vlan5
 ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1

Open in new window

0
 

Author Comment

by:Lifeguard223
Comment Utility
Hello Craigbeck,

I am going to use the WLC and Access Points for guest access only and was wanting to limit the bandwidth used by wireless devices to 100 Mbps.

For the switch it is getting a dynamic IP Address from the Wireless Router using DHCP in the range of 192.168.2.0.  My Wireless Router is using 192.168.2.1 for the Gateway.  I could assign 192.168.2.2 to the switch, it may work better as you have mentioned.

I will make a few more programming changes on the switch to verify everything will work together as you have described.  Thanks for your reply!

Eugene
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Ah ok I was just wondering :-)

Your router (192.168.2.1) needs a route back to the 192.168.3.0/24 subnet,  This means that using DHCP on the Vlan1 interface isn't such a good idea as you'll need to point that route from the router to the switch's Vlan1 IP.
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 500 total points
Comment Utility
as I said previously + what craigbeck suggested

add ip (example 192.168.2.254) on vlan1 on the switch, on your dhcp set the gateway to IP 192.168.3.1 (the switch)

so your client will use the switch as the gateway and it will route correctly after then without changing any setting on your router. Your switch will pass the traffic to your router if it doesn't know where to go.

set your 192.168.2.x gateway to 192.168.2.254). let your switch to do the internal traffic
0
 

Author Comment

by:Lifeguard223
Comment Utility
Justin,

Okay, I will make those changes a little later, so that I do not affect the internet service while it is being used.  I will let you know, if there are any further problems with the way my current configuration was set up.  Thanks!

Eugene
0
 

Author Closing Comment

by:Lifeguard223
Comment Utility
I knew that my Wireless Guest network needed its own VLAN and IP Address so that it would be seperated from our Staff VLAN.  I did not really understand what was going to be required in getting this accomplished.    Your more detailed answer to my question has helped to resolve my issue.  Thanks!

Eugene
0
 
LVL 14

Expert Comment

by:Justin Yeung
Comment Utility
you can setup a new vlan on your switch and add the allow vlan list on that Access point port and the WLC port.
setup an interface in WLC, assign that interface with the VLAN created on the switch.

setup a new SSID assign the SSID with that interface.

then setup an ACL under WLC-->security, assign it to the SSID.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
AP port should be access port not a trunk port.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now