Solved

2504 Wireless Controller connecting to 1142n Access_Point correct configuration and troubleshooting 3750 switches

Posted on 2014-02-20
16
737 Views
Last Modified: 2014-02-27
I am working on trying to connect a 2504 Wireless_Controller to a 1142n Wireless_Access_Point
with the following configuration on a stack of four 3750 switches.  See my existing Configuration on the switches listed below.

My DHCP is working on 192.168.3.1 for assigning the laptop and address. I can ping out to the DNS Server
at 192.168.2.29 and Gateway 192.168.2.1, but can not get out over the internet from the laptop.

I can not ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6

Do I need to configure some trunk ports on the switches to route VLAN, even though they are all in the same stack?

I need to get the Access_Point IP DHCP bindings working?

switch 1 provision ws-c3750-48ts
switch 2 provision ws-c3750-48ts
switch 3 provision ws-c3750-48ts
switch 4 provision ws-c3750-24p
system mtu routing 1500
vtp domain Jakes
vtp mode transparent
ip routing
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool JH_pool
   network 192.168.3.0 255.255.255.0
   domain-name CISCO-CAPWAP-CONTROLLER.jhwk.local
   dns-server 192.168.2.29
   default-router 192.168.2.1
   option 43 hex f108.c0a8.0305.c0a8.0306
   option 60 ascii APd0d0.fd2e.163d

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 4096
!
vlan internal allocation policy ascending
!
vlan 5
 name JH_Wireless_LAN

interface Vlan1
 ip address dhcp
 no ip mroute-cache
!
interface Vlan5
 ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server
ip http secure-server

interface FastEthernet1/0/48
 description File/DNS Server
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/18
 description Laptop
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/20
 description Wireless_Access_Point
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast

interface FastEthernet4/0/22
 description Wireless_Controller
 switchport access vlan 5
 switchport mode access
 speed 100
 duplex full
 spanning-tree portfast
0
Comment
Question by:Lifeguard223
  • 7
  • 6
  • 3
16 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39874892
I think you have to trunk your Access Point and your wireless controller ports
0
 

Author Comment

by:Lifeguard223
ID: 39875493
After adding the following trunk details to the switches, I still can,t ping back from the DNS Server 192.168.2.29 to anything on 192.168.3.3 laptop
or 192.168.3.5 Controller or Access_Point 192.168.3.6

interface FastEthernet1/0/17
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/18
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
duplex full

interface FastEthernet4/0/17
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet4/0/18
 description trunk VLAN 1,5
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 speed 100
 duplex full
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39877499
can you ping from the switch.
0
 

Author Comment

by:Lifeguard223
ID: 39877640
Yes, I can ping from the switch.  Here are some of the responses from the switch.
JH-Switch-1#ping 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
JH-Switch-1#ping 192.168.3.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
JH-Switch-1#ping 192.168.3.6


Gateway of last resort is 192.168.2.1 to network 0.0.0.0

C    192.168.2.0/24 is directly connected, Vlan1
C    192.168.3.0/24 is directly connected, Vlan5
S*   0.0.0.0/0 [1/0] via 192.168.2.1

JH-Switch-1#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.3.11            1   74d0.2b47.4a10  ARPA   Vlan5
Internet  192.168.3.1             -   0019.e706.8841  ARPA   Vlan5
Internet  192.168.2.1             0   20aa.4b97.38ab  ARPA   Vlan1
Internet  192.168.3.5           179   10f3.11a5.c100  ARPA   Vlan5
Internet  192.168.2.29            0   ac22.0b82.84a3  ARPA   Vlan1
Internet  192.168.2.20            7   78ac.c0ff.1f48  ARPA   Vlan1
Internet  192.168.2.136           0   78ac.c09d.db5d  ARPA   Vlan1
Internet  192.168.2.152           -   0019.e706.8840  ARPA   Vlan1

Routing Protocol is "eigrp 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  Redistributing: eigrp 1
  EIGRP-IPv4 Protocol for AS(1)
    Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
    NSF-aware route hold timer is 240
    Router-ID: 192.168.3.1
    Stub, connected, summary
    Topology : 0 (base)
      Active Timer: 3 min
      Distance: internal 90 external 170
      Maximum path: 4
      Maximum hopcount 100
      Maximum metric variance 1

  Automatic Summarization: disabled
  Maximum path: 4
  Routing for Networks:
    192.168.0.0/16
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: internal 90 external 170
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39877662
what is your gateway on the dns server? and also your other devices
0
 

Author Comment

by:Lifeguard223
ID: 39877707
My DNS Server is: 192.168.2.29 and Wireless Router Gateway 192.168.2.1 for the Internet.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39877723
set your gateway to your switch, your router probably don't know how to route to that Vlan.

Justin
0
 

Author Comment

by:Lifeguard223
ID: 39878285
I already have a static default route to my Router Gateway 192.168.2.1

S*   0.0.0.0/0 [1/0] via 192.168.2.1
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 45

Expert Comment

by:Craig Beck
ID: 39888552
Your APs should be connected to a switchport configured in access mode - not trunk mode (unless you're using FlexConnect).

The VLANs terminate at the WLC, so as long as the WLC ports are configured correctly on the switch and you've configured the dynamic interfaces appropriately you should be able to get an IP address at a client.

You have connected the WLC to a port at 100Mbps - what for?

Where's the IP address on the switch to talk to the gateway??
interface Vlan1
 ip address dhcp
 no ip mroute-cache
!
interface Vlan5
 ip address 192.168.3.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1

Open in new window

0
 

Author Comment

by:Lifeguard223
ID: 39889361
Hello Craigbeck,

I am going to use the WLC and Access Points for guest access only and was wanting to limit the bandwidth used by wireless devices to 100 Mbps.

For the switch it is getting a dynamic IP Address from the Wireless Router using DHCP in the range of 192.168.2.0.  My Wireless Router is using 192.168.2.1 for the Gateway.  I could assign 192.168.2.2 to the switch, it may work better as you have mentioned.

I will make a few more programming changes on the switch to verify everything will work together as you have described.  Thanks for your reply!

Eugene
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39889492
Ah ok I was just wondering :-)

Your router (192.168.2.1) needs a route back to the 192.168.3.0/24 subnet,  This means that using DHCP on the Vlan1 interface isn't such a good idea as you'll need to point that route from the router to the switch's Vlan1 IP.
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 500 total points
ID: 39890125
as I said previously + what craigbeck suggested

add ip (example 192.168.2.254) on vlan1 on the switch, on your dhcp set the gateway to IP 192.168.3.1 (the switch)

so your client will use the switch as the gateway and it will route correctly after then without changing any setting on your router. Your switch will pass the traffic to your router if it doesn't know where to go.

set your 192.168.2.x gateway to 192.168.2.254). let your switch to do the internal traffic
0
 

Author Comment

by:Lifeguard223
ID: 39890252
Justin,

Okay, I will make those changes a little later, so that I do not affect the internet service while it is being used.  I will let you know, if there are any further problems with the way my current configuration was set up.  Thanks!

Eugene
0
 

Author Closing Comment

by:Lifeguard223
ID: 39892302
I knew that my Wireless Guest network needed its own VLAN and IP Address so that it would be seperated from our Staff VLAN.  I did not really understand what was going to be required in getting this accomplished.    Your more detailed answer to my question has helped to resolve my issue.  Thanks!

Eugene
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39892533
you can setup a new vlan on your switch and add the allow vlan list on that Access point port and the WLC port.
setup an interface in WLC, assign that interface with the VLAN created on the switch.

setup a new SSID assign the SSID with that interface.

then setup an ACL under WLC-->security, assign it to the SSID.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39892578
AP port should be access port not a trunk port.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now