Controllerless Networks

Hi I was wondering if anyone can help, I have been trying to setup an Instant AP (using AP 535's) but I keep running in to a routing issue.

The attached picture describes the setup, I have set the Virtual Controller IP to 10.81.65.250 (VLAN 65), this is in a different VLAn to the connected E0 port (VLAN 67 - 10.81.67.23 (Via DHCP))

I have read that if the VCI is not in the same subnet then I would have to set (virtual-controller-vlan <vcvlan> <vcmask> <vcgw>)

But for the value VCGW I have tried:

the GW of the VCI VLAN (10.81.65.1)
the IP of the VCI ( 10.81.65.250)
the GW of E0 VLAN (10.81.67.1)
and the IP of E0 (10.81.67.26)

At no point an I able to ping the VCI (10.81.65.250 from the Server in VLAN 16 (10.81.16.10)

Am I looking at the right aera or could this be a switch issue or is this not active because there are no clients connected to the SSID at present (The Switch states Vlan 65 is up).

Edit: had another thought, do I need to edit the E0 port in anyway? 

Thanks Simon

Hi I was wondering if anyone can help, I have been trying to setup an Instant AP (using AP 535's) but I keep running in to a routing issue.

The attached picture describes the setup, I have set the Virtual Controller IP to 10.81.65.250 (VLAN 65), this is in a different VLAn to the connected E0 port (VLAN 67 - 10.81.67.23 (Via DHCP))

I have read that if the VCI is not in the same subnet then I would have to set (virtual-controller-vlan <vcvlan> <vcmask> <vcgw>)

But for the value VCGW I have tried:

the GW of the VCI VLAN (10.81.65.1)
the IP of the VCI ( 10.81.65.250)
the GW of E0 VLAN (10.81.67.1)
and the IP of E0 (10.81.67.26)

At no point an I able to ping the VCI (10.81.65.250 from the Server in VLAN 16 (10.81.16.10)

Am I looking at the right aera or could this be a switch issue or is this not active because there are no clients connected to the SSID at present (The Switch states Vlan 65 is up).

Edit: had another thought, do I need to edit the E0 port in anyway? 

Thanks Simon

Hi Herman, Thanks for your response, I will attempt to explain what I'm up to, this is my first time creating a network from scratch, I have alway worked on already built fully functional Cisco networks so here goes, for a remote site I have been asked to see if I can get a Layer 3 Switch (2930M) and a cluster of AP in Instant AP Mode (x4 AP-535) with a DC, Storage,  webfilter and VPN back to main site.

WIred not a problem I have the everything working and talking to each other, clients are picking up IPs from the DC in there respective VLAN all is good.   However in my world of wireless I cannot get the connected clients to talk back the switch or anything else on the network, nor can anything ping the connected clients, the clients do connected and obtain a IP from the assigned VLAN.

It worth saying that there is no router in this setup we are relying on the switch for doing the routing if that is even possible (seems to be) , I think the issue is either at the AP or to the AP but I could be wrong, if it will make it easier I can supply configs and simple diagram.

My networking knowledge is very Monkey see, Monkey do, I can normally work most things out but I would not rule out me missing a simple thing.

I appreciate any help you could offer

P.S. I have been following your Aruba Instant series on youtube, they have helped. 

UPDATE: As suggested I set the VCI to VLAN 67, I'm am unable to ping Smoothwall Filter (10.81.16.5) Final route in switch, However I can ping the VLAN GW (10.81.16.1) and the DC (10.81.16.10), the AP can also ping other active GW and a client in VLAN 53 (10.81.53.26)

If I traceroute the GW
traceroute to 10.81.16.1 (10.81.16.1), 30 hops max, 38 byte packets
1 10.81.67.1 0.697 ms 0.473 ms 0.510 ms

If I traceroute the Smoothwall 
traceroute to 10.81.16.5 (10.81.16.5), 30 hops max, 38 byte packets
1 10.81.67.1 0.513 ms 0.451 ms 0.334 ms
2 * * *  And so on until the 30 count

if I ping/traceroute from the Switch it is active
WBTC-Core# ping 10.81.16.5
10.81.16.5 is alive, time = 1 ms
WBTC-Core# traceroute 10.81.16.5
traceroute to 10.81.16.5 ,
1 hop min, 30 hops max, 5 sec. timeout, 3 probes
1 10.81.16.5 6 ms 0 ms 1 ms
WBTC-Core#

just not sure where the disconnect is ???,  I could be wrong but it seems as if the issue is at the AP end??

UPDATE 2: I'm having one of them IT weeks, on testing a connected client on Guest this morning it functions it can ping the final route (10.81.16.5) and is getting internet access, I still have to lock it down, set the proxy, and authenticate from AD.

So now it's all working, just a simple question:  Why !!  (Why can the connected client ping the final route (10.81.16.5) when the console of the AP cannot).

Simon

Hi I was wondering if anyone can help, I have been trying to setup an Instant AP (using AP 535's) but I keep running in to a routing issue.

The attached picture describes the setup, I have set the Virtual Controller IP to 10.81.65.250 (VLAN 65), this is in a different VLAn to the connected E0 port (VLAN 67 - 10.81.67.23 (Via DHCP))

I have read that if the VCI is not in the same subnet then I would have to set (virtual-controller-vlan <vcvlan> <vcmask> <vcgw>)

But for the value VCGW I have tried:

the GW of the VCI VLAN (10.81.65.1)
the IP of the VCI ( 10.81.65.250)
the GW of E0 VLAN (10.81.67.1)
and the IP of E0 (10.81.67.26)

At no point an I able to ping the VCI (10.81.65.250 from the Server in VLAN 16 (10.81.16.10)

Am I looking at the right aera or could this be a switch issue or is this not active because there are no clients connected to the SSID at present (The Switch states Vlan 65 is up).

Edit: had another thought, do I need to edit the E0 port in anyway? 

Thanks Simon

Hi Herman, Thanks for your response, I will attempt to explain what I'm up to, this is my first time creating a network from scratch, I have alway worked on already built fully functional Cisco networks so here goes, for a remote site I have been asked to see if I can get a Layer 3 Switch (2930M) and a cluster of AP in Instant AP Mode (x4 AP-535) with a DC, Storage,  webfilter and VPN back to main site.

WIred not a problem I have the everything working and talking to each other, clients are picking up IPs from the DC in there respective VLAN all is good.   However in my world of wireless I cannot get the connected clients to talk back the switch or anything else on the network, nor can anything ping the connected clients, the clients do connected and obtain a IP from the assigned VLAN.

It worth saying that there is no router in this setup we are relying on the switch for doing the routing if that is even possible (seems to be) , I think the issue is either at the AP or to the AP but I could be wrong, if it will make it easier I can supply configs and simple diagram.

My networking knowledge is very Monkey see, Monkey do, I can normally work most things out but I would not rule out me missing a simple thing.

I appreciate any help you could offer

P.S. I have been following your Aruba Instant series on youtube, they have helped. 

UPDATE: As suggested I set the VCI to VLAN 67, I'm am unable to ping Smoothwall Filter (10.81.16.5) Final route in switch, However I can ping the VLAN GW (10.81.16.1) and the DC (10.81.16.10), the AP can also ping other active GW and a client in VLAN 53 (10.81.53.26)

If I traceroute the GW
traceroute to 10.81.16.1 (10.81.16.1), 30 hops max, 38 byte packets
1 10.81.67.1 0.697 ms 0.473 ms 0.510 ms

If I traceroute the Smoothwall 
traceroute to 10.81.16.5 (10.81.16.5), 30 hops max, 38 byte packets
1 10.81.67.1 0.513 ms 0.451 ms 0.334 ms
2 * * *  And so on until the 30 count

if I ping/traceroute from the Switch it is active
WBTC-Core# ping 10.81.16.5
10.81.16.5 is alive, time = 1 ms
WBTC-Core# traceroute 10.81.16.5
traceroute to 10.81.16.5 ,
1 hop min, 30 hops max, 5 sec. timeout, 3 probes
1 10.81.16.5 6 ms 0 ms 1 ms
WBTC-Core#

just not sure where the disconnect is ???,  I could be wrong but it seems as if the issue is at the AP end??

UPDATE 2: I'm having one of them IT weeks, on testing a connected client on Guest this morning it functions it can ping the final route (10.81.16.5) and is getting internet access, I still have to lock it down, set the proxy, and authenticate from AD.

So now it's all working, just a simple question:  Why !!  (Why can the connected client ping the final route (10.81.16.5) when the console of the AP cannot).

Simon

Hi I was wondering if anyone can help, I have been trying to setup an Instant AP (using AP 535's) but I keep running in to a routing issue.

The attached picture describes the setup, I have set the Virtual Controller IP to 10.81.65.250 (VLAN 65), this is in a different VLAn to the connected E0 port (VLAN 67 - 10.81.67.23 (Via DHCP))

I have read that if the VCI is not in the same subnet then I would have to set (virtual-controller-vlan <vcvlan> <vcmask> <vcgw>)

But for the value VCGW I have tried:

the GW of the VCI VLAN (10.81.65.1)
the IP of the VCI ( 10.81.65.250)
the GW of E0 VLAN (10.81.67.1)
and the IP of E0 (10.81.67.26)

At no point an I able to ping the VCI (10.81.65.250 from the Server in VLAN 16 (10.81.16.10)

Am I looking at the right aera or could this be a switch issue or is this not active because there are no clients connected to the SSID at present (The Switch states Vlan 65 is up).

Edit: had another thought, do I need to edit the E0 port in anyway? 

Thanks Simon