Well right now I have :
- VLAN 100 for management - 172.16.100.0
- VLAN 101 for AP's - 172.16.101.0
- VLAN 102 for corporate clients - 172.16.102.0
- VLAN 103 for guest clients - 172.16.103.0
The WLC is connected to a cisco switch, in the moment I am trying to make it very simple.
Here is the config of my trunk on the WLC :
interface gigabitethernet 0/0/0
description "***Uplink-to-Switch***"
trusted
trusted vlan 100-103
switchport mode trunk
switchport trunk allowed vlan 100-103
I also have these interfaces configured :
interface vlan 100
ip address 172.16.100.1 255.255.255.0
!
interface vlan 101
ip address 172.16.101.1 255.255.255.0
!
interface vlan 102
ip address 172.16.102.1 255.255.255.0
!
interface vlan 103
ip address 172.16.103.1 255.255.255.0
Here is the config on the trunk port on the switch :
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 100,101,102,103
DHCP scopes are configured on the switch.
Does it look ok.. ?
I have 3 problems...
- when I directly plugg an AP on a switchport (in access vlan 101) It gets an IP on the range 172.16.101.0 but it never joins the WLC... I don't get it... I tried to configure option 43 on the DHCP scope but It didn't help.
- If I plugg my laptop on a switchport (in access vlan 101), I get an IP in the range 172.16.101.0 and I can access the WLC on his Interface vlsn 101. But the goal is to only allow the management subnet 172.16.100.0 to access the WLC, is there a way to block the access from the VLANs 101, 102 and 103 ?
- Do I need to configure a native VLAN on the trunks ?
AL