Wireless Access

Hi everyone.

I have to controller 7210 with master-standby configuration. Sync is working fine, and everything looks like is working fine. I use controllers to give internet access to customers in a hotel. Customer use wired, and wireless access.

In order to apply aaa profile to wired clientes, i make clients VLAN untrusted in master active controller. My problem is that if i make that same VLAN untrusted in standby controller, some wired clients appear in standby controller, and those clients don't have internet access.

Anyone knows how can i fix this problem??.

Thank you in advance.

I forget to add some information:

I have VRRP working in VLAN 1 for client access.

Regards, 

Do you have broadcast enabled under the wired ap profile?

Hi, it was enable.

I disabled it and tested again but it didn't work.

Regards,

What is the default gateway for your clients?  A standby or backup master controller cannot serve clients, so you need to make sure that the default gateway for your clients is on a layer3 switch beyond both controllers or on a VRRP that the current master has priority for.  You don't want traffic to end up on the standby when it is in standby mode.

Hi, thanks for your response.

Default gateway for clients is shared VRRP IP address between the two controllers. VRRP is working fine.

Just in the moment I make VLAN untrusted in standby controller, wired access clients starts appearing in the controller user-table. Only wired access clients appear in standby controller.

Regards,

Okay, clients will always appear in the user table of a controller when any traffic is seen by them on the untrusted interface.  Here is what we need to do:

We need to change the ip cp-redirect address on both controllers to the ip address of the VRRP.  We can only do this on the commandline:

Type "show ip cp-redirect-adress" on the commandline of both the master and the backup master.  They should both point to interfaces that are local to each controller.  That parameter determines what ip address clients that use captive portal should be redirected to.  I am guessing that the standby or backup controller is answering with it's own local address.  Change this address on both controllers, via the commandline:

config t

ip cp-redirect-address <ip address of vrrp>

See if that helps.

Hi, 

i checked and ech controller has different cp-redirect address. I'll make changes to config tomorrow and I'll let you know.

Thanks for your help.

Regards,

Hi,

I did the changes you recommend me but no luck so far... :P

Regards

What provides DHCP for that VLAN with the wired users?

Hi again...

Never maind.., it just appear to be a normal behaviour that clients appear in both controller. It's strange (same clients even appear with different role in each controller), but all is working fine.

So, problem is not a problem..sorry...

However, i think that your advise about configuring cp-redirect in both controller to same VRRP IP was helpfull :P

Thanks for your help again