M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSN 760 and AP point 422

 
SOLVED
Go to solution
Highlighted
Occasional Advisor

MSN 760 and AP point 422

In MSM 760 Lan port should be tagged port or untagged port also the access point should be in tagged mode or untagged mode, we have 3 VLAN to be broadcast in WLAN.

Myself facing the following issuse in MSM760, in wireless conection from laptop I am able to reach untill wireless controller, but I am not able to ping default gateway of switch.

From wireless controller I am able to ping switch default gateway.

Any suggestion for routing realted issuse in MSM760
16 REPLIES 16
Highlighted
Respected Contributor

Re: MSN 760 and AP point 422

For the vlans, the default vlan where the controller lan port and the AP are connected should be untagged, for other vlans they should be tagged but depends on the impelemtaion you are using, are they access controlled.

And for th eother issue on the VSC uncheck "wireless security filter" option then save and sync the AP it should work normaly and you will be able to access the network with no issues (i think)
Highlighted
Trusted Contributor

Re: MSN 760 and AP point 422

For your AP to MSM controller communication you have a choice. Either you can go VLAN all the way or you can have a mix of VLAN and untagged traffic for the management part. It is really up to you and how you want to architect your network. Personally when I do VLANs, I usually want to have ALL my network segmented with VLANs and I don't use untagged traffic in that case. But that's a matter of personal preference.

Something that you must know is that when using the AP in Plug and Play/automatic mode (this is the default AP behavior and it means without explicitely provisioning the AP to seek the MSM controller), the AP will choose any path available to seek the MSM controller. Meaning that there is an automatic discovery procedure that will first seek the MSM controller untagged then move to the VLANs discovered in the network. What this means is that if the AP can find an untagged path to the MSM controller it will most likely use it, but if the untagged path is not available, the AP will try the VLANs, and it may use ANY of your configured VLANs to reach the MSM controller. All this is automatic and you cannot really predict which path the AP will take (in plug and play/automatic mode, it does not matter which path is taken for as long as the AP can communicate with the MSM controller).

If you want to control in a more deterministic way how the AP will discover the controller (untagged or on a particular VLAN), you should use the provisioning pages of the AP to specify the connectivity that you want the AP to use to seek the MSM controller (untagged/tagged, etc).

Now, for your second question, Shadow13 is right, one thing to check is the wireless security filters, but again, we would need to know more about your VSC configuration to cast a definitive answer. Meaning are you access controlled, or not? And based on the answer, are you authenticated or not, etc...
Highlighted
Occasional Advisor

Re: MSN 760 and AP point 422

Access point are able to get associated with wireless controller.

Wireless NIC card are able to get DHCP IP address from Acess point, but not able to ping switch gateway, I have un check wireless security filter, but I am not able to ping the switch gateway, screen shoot attached for MSM760, please give me suggestion for further troubleshoot.
Highlighted
Respected Contributor

Re: MSN 760 and AP point 422

the internet vlan (11) you should make it in the internet port not the lan port, please change that and make sure to define it as egress vlan on the VSC. if this is your requirement to use the internet port.

Is this what you want ?


Can you tell us what scenario exaclty are you planning to implement ?
Highlighted
Trusted Contributor

Re: MSN 760 and AP point 422

From your screen captures, I can see that you are 1) Access Controlled 2) That you want to use HTML authentication

I second Shadow13 for the fact that the way you created VLAN 11 on the same subnet as the Internet port and assigned it to the LAN port is wrong.

The MSM controller is primarily a router, this is why there is a signification between the LAN and the Internet port. Traffic gets routed between the 2 ports. If you create an interface on the LAN port that has the same subnet as the Internet port, the MSM controller will not be able to properly route the traffic. This is most likely why you can't reach the 10.73.186.x segment gateway.
Highlighted
Occasional Advisor

Re: MSN 760 and AP point 422

We need two SSID vlan - 11, vlan -12. Vlan 11 for Internet access; Vlan 12 for Internal server file access.

vlan 11 - 10.73.186.0/24
vlan 12 - 10.73.187.0/24
vlan 80 - 10.73.188.0/24 [ only for management purpose ].

WLC management ip address - 10.73.188.5,

Create two LAN ports on WLC:
vlan 11; 10.73.186.5
vlan 12; 10.73.187.5

Create two VSC vlan-11 & vlan-12 with default setting [uncheck "wireless security filter"] then bind the VSC with default accesss point. Now my SSID is advertise, I am able to get DHCP IP from WLC.

NOw my issuse I am able to reach upto wireless controller, but I am not able to ping default gateway. From Wireless controller I am able to ping my switch.


Please suggest
to troubleshoot, since it is veru urgent, expecting immediate help, if it possible could you please take online session on Saturday.
Highlighted
Trusted Contributor

Re: MSN 760 and AP point 422

Now, it is a bit clearer, but I believe we will need some more details:

1) Can you provide a screen capture of the DHCP server page (I'm assuming you are using the MSM controller's DHCP server for your guests, is that right?)

2) Again you need to consider that anything you put on the LAN port MUST NOT be on the same subnet as the Internet port. So I believe there is a fundamental flaw in how you want this to work. I think the VLAN 11 on the LAN port must be on a private subnet and the Internet port will do the NATing

3) Where is your gateway located? I'm assuming it is on the Internet port side of the controller, right? And please provide the IP address of the gateway.

4) Is the other SSID (the one mapped to VLAN 12) access controlled or not?

With all this information I can try to picture and scan what the setup should look like
Highlighted
Respected Contributor

Re: MSN 760 and AP point 422

Also to add to Fred, from where do the clients for the 2 VSCs get the IP addresses ?

When you say the clients get IP addresses, from which subnet exactly ?

Where is the internet port connected ?

Do you want to use the internet port for the internet VSC ?

For the internal server VSC, do you want it to be access controller or this is Employees VSC and the core will control it ?

For now either way i think you need to use egress vlans on both VSCs regardless of where the VLAN is created (LAN OR INTERNET PORT, but lets see what exactly you want to confirm how to configure the VLANs and to which port should be assigned.



Highlighted
Occasional Advisor

Re: MSN 760 and AP point 422

I am using only LAN ports [ using physical port number -2 on WLC, I am able to see the LAN port in GUI as green ] and create
VLAN under Network page for VLAN-11 & 12.

VLAN 11; Static IP Address - 10.73.186.10 /24
and vlan 12; static ip address - 10.73.187.10/24

DHCP for management VALN in under Network 10.73.188.0 /24, address alocation page
VLAN11 & VALN 12 DHCP configured in bottom of the VSC page, in laptop I am able to get vlan11 IP DHCP scope & VLAN12 DHCP scope
from SSID VALN11 & VLAN 12.

In Default group VSC biniding I have enable particular VALN 11 & 12.

All the access point and and WLC are connected in 2910 48 ports switch, default gateway in the 2910 switch as follows VLAN 80 - 10.73.188.1, VALN 11 - 10.73.186.1
VALN 12 - 10.73.187.1




Note - I am not using Internet port, it is down now.