Controllerless Networks

Thanks in advance for the help, I'm broadcasting two SSID's. I can connect to each of them and get an IP address but then i cant get to any of the resources on the domain.

ac:a3:1e:c0:5f:2a# show run
version 6.4.0.0-4.1.0
virtual-controller-country US
virtual-controller-key fbae5e0901a27461ca6b12122b5dd9499bf2a5c330300143ee
name instant-C0:5F:2A
terminal-access
telnet-server
clock timezone none 00 00
rf-band all

allow-new-aps
allowed-ap ac:a3:1e:c0:5f:2a

arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning

ip dhcp pool
subnet 10.1.62.0
subnet-mask 255.255.255.0
dns-server 10.1.20.10
domain-name tecu.local
lease-time 43200

syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless

extended-ssid

mgmt-user admin 237877e24f8d38a157c737773101457c

wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit

wlan access-rule wired-instant
index 1
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule Outdoor
index 2
rule any any match any any any permit

wlan access-rule Test
index 3
rule any any match any any any permit

wlan ssid-profile Outdoor
enable
index 0
type employee
essid Outdoor
wpa-passphrase 3572d4a30955935610d93f6553035a61e637151861f47bb2
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 1
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 10000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

wlan ssid-profile Test
enable
index 1
type employee
essid Test
wpa-passphrase b97adbc4930eade35fd5ec0a5865b61e207d8b5f4932aabf
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 200
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

auth-survivability cache-time-out 24

dpi

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https

blacklist-time 3600
auth-failure-blacklist-time 3600

ids
wireless-containment none

ip dhcp 62
server-type Distributed,L2
server-vlan 62
ip-range 10.1.62.220 10.1.62.239
subnet-mask 255.255.255.0
lease-time 60000
default-router 10.1.62.1
dns-server 10.1.20.10
domain-name tecu.local
client-count 4

ip dhcp Test
server-type Local
server-vlan 200
subnet 10.1.200.1
subnet-mask 255.255.255.0
exclude-address 10.1.200.1
lease-time 60000
dns-server 10.1.20.10
domain-name tecu.local

wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x

enet0-port-profile default_wired_port_profile

uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180

airgroup
disable

airgroupservice airplay
disable
description AirPlay

airgroupservice airprint
disable
description AirPrint

HI,

Do you have any IAP VPN with the Controller ?? if so please check the status of the tunnel.

Please free for any further help on this.

This is my first IAP and will probably be the only one. So it is the controller i guess. I dont have any type of VPN setup on it.

Hi,

How do you want to provide IP address to clients ? IAP or through external DHCP ?

In the above config I'm seeing L2 distributed DHCP which is required when you want to have VPN tunnel with the Controller and DHCP in the IAP. please remove that if you do not have any VPN with the controller.

Please comeback with the above asked information, we can fix the issue.

How would i go about doing that? on the switch? or inside the IAP?

It seems that you have your uplink port on trunk. Are you doing that by choice or you need the iAP to do a sourceNAT ?