Solved

ISA 550 cannot reach a Wireless controller cisco 2400

Posted on 2014-02-27
8
359 Views
Last Modified: 2014-03-04
Hi experts ,

i have a wireless controller cisco 2400 series with two wifi Profil .
My guest WIFI should be setup ed to permit just an internet connection , My firewall is a cisco ISA 550  , i configured a vlan Guest associated to my port GE7  , and i linked directly to port 2 On wireless controller , port 2 is already attribute to guest profil . i fixed 192.168.100.110/24 for isa 550 and 192.168.100.203/24 for my cisco 2400 .

THE problem, that when i try to ping 110 or 203 from the other device , it doesnt work !!!
two devices are connected directly and the ip add is configure on the same subnet .
like a test , i connect a computer instead of port 2 in cisco 2400 , with active dhcp in isa 550 , everything works .
also i have a snapgear McAfee , with the same configuration on isa550 , everything works !!
i do know why my ISA 550 cannot reach cisco 2400 (even LINK is up )
0
Comment
Question by:swordhitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39892332
Do you have LAG running on the WLC?

Have you configured a VLAN ID on the Guest interface on the WLC?
0
 

Author Comment

by:swordhitech
ID: 39892389
yes my vlanID for guest is 2 . and LAG is disabled by default , and i dont have any option to enable it , sorry this is a 2500 series wireless controller .
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39892426
If you're not using LAG you should set the VLAN ID to 0 for the guest interface.  When you're using LAG you have to trunk everything out of the same ports, but without LAG it's one port (or multiple for failover) for each VLAN.

On the ASA you should be using a dedicated interface if it's connected directly to the WLC, which I'm guessing you are as the PC works when you connect it to the ASA.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:swordhitech
ID: 39892474
AS explain in problem description , Im using port 2 in my WLC for guest interface and to connect directly to my ISA , and when i set vlan id to 0 , VLAN identifier set to untagged , and it doesnt work anymore .
and i dont think it s a WLC configuration , because when using a snapgear instead of ISA550 , with a VLAN ID 20 the ping respond . (WLC configuration still the same )
Thank you
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39892604
yes my vlanID for guest is 2
If your guest VLAN ID is 2 but your snapgear is configured with VLAN ID 20 you won't be able to ping the WLC from the snapgear or vice-versa when connected directly - they're on different VLANs.

The WLC MUST use an untagged VLAN ID to send traffic to a device which doesn't use 802.1Q on its port, so if your ASA doesn't have a VLAN configured on the port you connected to the WLC it won't work when you tag the interface on the WLC.

Please post the config for the ASA.
0
 

Accepted Solution

by:
swordhitech earned 0 total points
ID: 39892605
Probleme resolved when using trunk mode .
0
 

Author Comment

by:swordhitech
ID: 39892622
thanks craigbeck , but it was a VLAN 20 , it was just a write  mistake .
i should but the port GE7 like a trunk mode .
0
 

Author Closing Comment

by:swordhitech
ID: 39902817
When using trunk mode everything works
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question