Controllerless Networks

I have a several 7024 Series controller at 2 different office locations. Both controllers are running the same OS version(6.4.4.16 w/ AP225) and configured identically.

 

At site A, when I run show ap essid, I get the appropriate vlan assignment for each ESSID. When I run the same command at site B, on 2 of the ESSID, there are two VLANs present. I checked the standard L2 IP info, user roles, VAP configurations for a possible misconfiguration. No luck.

 

The configurations on Site A controller is consistent with Site B.

 

ESSID Summary Site A
-------------
ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ----------
CORP_WLAN 25 20 100 WPA2 8021X AES
BYOD_WLAN 25 10 200 WPA2 8021X AES
GUEST_WLAN 25 5 300 Open

 

ESSID Summary Site B
-------------
ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ----------
CORP_WLAN 25 20 100,300 WPA2 8021X AES
BYOD_WLAN 25 10 200,300 WPA2 8021X AES
GUEST_WLAN 25 5 300 Open

Login in in the CLI of both controllers and run an show run. Save both in an txt file and compare together. You will find the difference.

I think it could be a different ‘named vlan pool’.

Login in in the CLI of both controllers and run an show run. Save both in an txt file and compare together. You will find the difference.

I think it could be a different ‘named vlan pool’.

Thanks for the reply/suggestion MKK. I pulled the configurations of both controllers and compared them in a text editor application. I did find two variations in the configuration. There was a misconfiguration in user-role login where the vlan was set.

 

Even though, I cleared/unassigned the VLAN from the user-role, there is no change in the vlans listed under the ESSID.

 

---

@anthony_l_brice wrote:

Thanks for the reply/suggestion MKK. I pulled the configurations of both controllers and compared them in a text editor application. I did find two variations in the configuration. There was a misconfiguration in user-role login where the vlan was set.

 

Even though, I cleared/unassigned the VLAN from the user-role, there is no change in the vlans listed under the ESSID.

---

The configuration is one way that clients could get a different VLAN.  Other things, like radius attributes that are returned, do not show up in the configuration.

 

I would type "show ap vlan-usage" to see if you have any users at all in different VLANS.

Under the CORP_WLAN SSID, the valid VLAN is 100. When I do a show user-table ESSID CORP_WLAN, I see several valid authenticated users on VLAN 100, which is what I expect to see. There are no users in the user-table under the ESSID CORP_WLAN on VLAN 300(GUEST_WLAN ),

 

My concern is that the dual VLANs assigned to ESSID CORP_WLAN and BYOD_WLAN are causing potential delays in wireless client radius authentication and/or delay in obaining an ip address, maybe as a result of the client flapping between the incorrect correct VLAN 300 and the correct VLAN 100.

 

I extracted copies of the configuration from both controllers and compared in Solarwinds,Airwave and Subline. Under the user-role logon, I did find that vlan 300 was assigned to the role. I corrected the configuration and removed the vlan from the user-role. 

 

The only other configuration variation I located was the ip access-list session. The ip access-list session  ap-uplink-acl had an additional line added.

Hi,

 

. I corrected the configuration and removed the vlan from the user-role. 

 

That should solve it.

 

 

Hi Frank,

 

Sorry about the delayed response. I upgraded the controller to the 6.5.4.8 and rebooted. After reboot, the second VLAN disappeared. Not sure if the controller reboot corrected the problem or the 6.5.4.8 upgrade. 

 

Thanks again for your suggestions! 

Hi,

 

Without more info (configuration) it is harder to answer your question.

Please send a PM with both configs so i can assist.