Wireless Access

I am not able to access the controller on the access ports. I have DHCP server setup on 172.16.0.0/24 network. The controller's IP address is 172.16.0.254 on VLAN1 and the associated ports are F1/0  - F1/8 including the uplink. Though i am able to access the controller on my laptop using the uplink port but not through the access ports and they are all trusted. And I do have layer 2 connectivity on ports.

 

I guess i am missing something basic here. But cant get my head around, what i am doing wrong. 

When you plug the PC into the access port, can you please tell us what IP address/mask/gateway you get?

 

Also, can you paste an output of the access ports running configuration, taken from a partial "show run" output at the CLI? Might be worth posting the uplink port output too.

 

I assume you've got no ACLs on any of the wired ports (including the uplink)?

 

You're right to have checked the "trusted" command, that's usually what is a common cause.

 

When you say you can't access the controller, do you mean SSH/GUI? If you do, can you ping the controller IP? If you can, does a "arp -a" on the PC look correct in terms of the controller MAC-to-IP entry?

 

Thanks.

 

When you plug the PC into the access port, can you please tell us what IP address/mask/gateway you get?

 

I do not get any IP adress from DHCP. I have tried to establish L3 conencitivity by assigning static IP. But it still doesnt work.

 

Also, can you paste an output of the access ports running configuration, taken from a partial "show run" output at the CLI? Might be worth posting the uplink port output too.

 

Please find the config file attached.

 

I assume you've got no ACLs on any of the wired ports (including the uplink)?

 

No ACLs are configured.

 

You're right to have checked the "trusted" command, that's usually what is a common cause.

 

When you say you can't access the controller, do you mean SSH/GUI? If you do, can you ping the controller IP? If you can, does a "arp -a" on the PC look correct in terms of the controller MAC-to-IP entry?

 

Yes, i mean SSH/GUI, though i am not able to ping the controller either.

Your FE ports are on VLAN 2.   Does your controller have an IP on VLAN 2?

 

From your output:

interface fastethernet 1/0
        description "FE1/0"
        trusted
        trusted vlan 1-4094
        switchport access vlan 2

 

Please run the following:

show ip interface brief

show vlan

 

Yes this is quite strange as i have deleted the VLAN2 as shown by in the show vlan output:

 

#show vlan

VLAN CONFIGURATION
------------------
VLAN Description Ports AAA Profile
---- ----------- ----- -----------
1 Default FE1/0-7 GE1/8 Pc0-7 N/A

 

#show ip interface brief

Interface IP Address / IP Netmask Admin Protocol
vlan 1 172.16.0.254 / 255.255.255.0 up up
loopback unassigned / unassigned up up
mgmt unassigned / unassigned down down

 

 

 

Please confirm what the port configuration is for 0-7.    Unless your output from ealier was incorrect, the ports were still configured for VLAN 2.

 

show run | begin "interface fastethernet 1/0"

 

If switchport access vlan 2 is still present, then change it.

 

config t

interface fastethernet 1/0

switchport access vlan 1

 

....repeat for 1/1-1/7

I have configured the ports with VLAN 2 , the updated config is shown below:

 

#show running-config | begin "interface fastethernet 1/0"
Building Configuration...
interface fastethernet 1/0
description "FE1/0"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/1
description "FE1/1"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/2
description "FE1/2"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/3
description "FE1/3"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/4
description "FE1/4"
trusted
trusted vlan 1-4094
speed 100
duplex full
!

interface fastethernet 1/5
description "FE1/5"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/6
description "FE1/6"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/7
description "FE1/7"
trusted
trusted vlan 1-4094
!

 

Unfortunately i am still unable to establish layer 3 conenctivity on access ports.  Please suggest!

Plug a PC into port fast-ethernet 0/1, leave it 1 minute, then get the following outputs from the console port...

 

show port status

show vlan

show ip int brief

show arp

show ip dhcp bind

show port stats

 

Post the outputs on here please.

 

Here is the output:

 

show port status

Port Status
-----------
Slot-Port  PortType  adminstate  operstate  poe      Trusted  SpanningTree  PortMode
---------  --------  ----------  ---------  ---      -------  ------------  --------
1/0        FE        Enabled     Up         Enabled  Yes      Disabled      Access
1/1        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/2        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/3        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/4        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/5        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/6        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/7        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/8        GE        Enabled     Down       N/A      Yes      Disabled      Access





#show vlan

VLAN CONFIGURATION
------------------
VLAN  Description  Ports                 AAA Profile
----  -----------  -----                 -----------
1     Default      FE1/0-7 GE1/8 Pc0-7   N/A



#show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.254 / 255.255.255.0     up      up
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down


#show arp

Nothing!



#show ip dhcp bind

Nothing!



#show port stats

Port Statistics
---------------
Port    PacketsIn  PacketsOut  BytesIn  BytesOut  InputErrorBytes  OutputErrorBytes  CRCErrors
----    ---------  ----------  -------  --------  ---------------  ----------------  ---------
FE 1/0  908        0           91078    0         0                0                 0
FE 1/1  0          0           0        0         0                0                 0
FE 1/2  0          0           0        0         0                0                 0
FE 1/3  0          0           0        0         0                0                 0
FE 1/4  0          0           0        0         0                0                 0
FE 1/5  0          0           0        0         0                0                 0
FE 1/6  0          0           0        0         0                0                 0
FE 1/7  0          0           0        0         0                0                 0
GE 1/8  0          0           0        0         0                0                 0




show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
C    172.16.0.0/24 is directly connected, VLAN1

 

 

 

 

Have you tried more than 1 PC?

Have you tried rebooting the controller?

If yes to both, log a TAC case. If no, do whatever you haven't.

You've got no route off the box; no default gateway.

 

The way you've got things setup, there is only VLAN 1; the controller is on an isolated island.   Do you plan on uplinking this to your existing network and giving it an IP on that network?    Do you know what your LAN configurations look like?    We can't help you in setting up the controller to be on your LAN without additional information.

If you plug a PC in, does it get an IP on 172.16.0.0/24 per your DHCP pool on the controller?    Is .254 the gateway?   I also notice that you are NAT'ing VLAN 1.   This will NAT all user traffic to the controller IP (in your case 172.16.0.254).   

 

By looking at the config portion you shared, it looks like there is no L3 connectivity to your network.    How does the controller talk to any networks outside of itself?    It has only VLAN 1 defined (172.16.0.0/24).   The controller (and any connecting clients) have no knowledge of how to route outside of the controller.

 

What does show ip route show for routes?