Unsolved
This post is more than 5 years old
23 Posts
0
62243
December 18th, 2012 10:00
Cisco WLC
I am trying to connect a Cisco 2500 WLC to a 6224 Power Connect and I cannot ping the WLC from within the Power Connect CLI. The WLC requires a trunk connection to the switch and I have tried configuring access, general, and trunk with no luck, Both the switch and WLC are on the same subnet. I'm rather new to Dell switches, so can someone be of any help? I can provide config shots if needed.
No Events found!


bluskies58
23 Posts
0
December 18th, 2012 13:00
PowerConnect 6224#show run
!Current Configuration:
!System Description "Powerconnect 6224, 3.2.0.7, VxWorks 6.5"
!System Software Version 3.2.0.7
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5-6,100,200,300
vlan routing 5 1
vlan routing 6 2
exit
sntp unicast client enable
clock timezone -5 minutes 0
stack
member 1 1
exit
ip address 192.168.31.20 255.255.255.0
ip default-gateway 192.168.31.1
ip domain-name DellPowerConnect6224
ip name-server 192.168.31.190
ip name-server 192.168.31.22
ip name-server 192.168.1.2
bootpdhcprelay maxhopcount 6
router rip
auto-summary
default-information originate
exit
interface vlan 5
name "External WLAN"
routing
ip address 10.1.1.100 255.255.255.0
exit
interface vlan 6
name "Internal WLAN"
routing
ip address 10.1.2.100 255.255.255.0
exit
aaa authentication login "defaultList" line
aaa authentication login "networkList" line
aaa authentication enable "enableList" line
aaa authentication enable "networkList" line
exit
!
spanning-tree portfast
switchport mode general
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 100
exit
!
interface ethernet 1/g22
spanning-tree portfast
switchport mode general
switchport general pvid 5
switchport general allowed vlan add 5-6
exit
!
interface ethernet 1/g23
spanning-tree portfast
switchport mode general
exit
!
interface ethernet 1/g24
spanning-tree portfast
exit
interface port-channel 22
switchport access vlan 6
Here is a truncated version of the running-config (w/sensitive and unneeeded parts deleted). Port 23 is the port connecting to the Cisco WLC, and port 22 is a test port.
What we are trying to do: we have a new WLC and we are trying to configure 2 VLANs (5 & 6) for client access to the WLAN. These 2 VLANs are in the 10.1.1.x (VLAN 5) and 10.1.2.x (VLAN 6) subnets. According to Cisco, we need to ensure that wired clients can access these 2 subnets, and if so, then so can wireless clients.
The issue: when I ping the WLC (192.168.31.4) from the 6224 switch (192.168.31.20), it fails. I'm not sure where my settings on the switch are incorrect.
Let me know if you need more info and I will gladly supply - thanks in advance for your help.
bluskies58
23 Posts
0
December 21st, 2012 09:00
Thanks so much for the info. Your recommended settings have been applied, but I am still running into some roadblocks. Cannot access the internet on VLAN 5 with a wired client connected to port 1/g22. Set as static IP in this range (10.1.1.101-10.1.1.200) - client shows connected, but no outside access. Here's the interface detail for 1/g23 and the iproute - see anything I still need to do?
PowerConnect 6224#show interfaces detail ethernet 1/g23
Port Type Duplex Speed Neg Admin Link
State State
----- ------------------------------ ------ ------- ---- ----- -----
1/g23 Gigabit - Level Full 1000 Auto Up Up
Port Description
---- --------------------------------------------------------------------------
1/g23
Flow Control:Enabled
Port: 1/g23
VLAN Membership mode:General Mode
Operating parameters:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Admit All
Default Priority: 0
GVRP status:Disabled
Protected:Disabled
--More-- or (q)uit
Port 1/g23 is member in:
VLAN Name Egress rule Type
---- --------------------------------- ----------- --------
1 Default Untagged Default
5 External WLAN Untagged Static
6 Internal WLAN Untagged Static
Static configuration:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Admit All
Port 1/g23 is statically configured to:
VLAN Name Egress rule
---- --------------------------------- -----------
5 External WLAN Untagged
6 Internal WLAN Untagged
Forbidden VLANS:
VLAN Name
---- ---------------------------------
--More-- or (q)uit
Port 1/g23 Enabled
State: Forwarding Role: Designated
Port id: 128.23 Port Cost: 20000
Port Fast: No (Configured: no ) Root Protection: No
Designated bridge Priority: 32768 Address: 80:00:5C:26:0A:CD:17:7
1
Designated port id: 128.23 Designated path cost: 20000
CST Regional Root: 80:00:5C:26:0A:CD:17:71 CST Port Cost: 0
BPDU: sent 169830, received 1
PowerConnect 6224#show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
C 10.1.1.0/24 [0/1] directly connected, vlan 5
C 10.1.2.0/24 [0/1] directly connected, vlan 6
PowerConnect 6224#
bluskies58
23 Posts
0
December 21st, 2012 10:00
VLANs 5 & 6 are the only VLANs configured on the switch.
Just one client - we are following Cisco's suggestion that if a wired client can connect with either VLAN 5 or 6, then so will wireless clients. Our test wireless client can initially connect to VLAN 5 (10.1.1.x), but drops the connection with errors after about 2 minutes.
Yes, DNS is set up and is shown in the ip name-server entires shown in the first config posted. Perhaps this is incorrect?
Client cannot ping the internet gateway. The client does not automatically grab an IP in the 10.1.1.x subnet, and I had to assign statically.
bluskies58
23 Posts
0
December 21st, 2012 11:00
The wired client in VLAN 5 cannot ping anything (VLAN 5, next hop, DC, neighboring switches, etc...). VLAN 6 exists in name-only at this point. We want to get VLAN 5 up and going and then mirror settings for this in VLAN 6.
I wondered about static routing, especially since the VLAN 5 client will not automatically pick up an address in that subnet (10.1.1.x). I had to configure static IP on that machine to see if it would connect to anything.
bluskies58
23 Posts
0
December 21st, 2012 12:00
Yes, I am now able to ping VLAN 5 (10.1.1.100).
b/t/w, thanks for sticking with me through this...your help is invaluable.
bluskies58
23 Posts
0
December 21st, 2012 12:00
unfortunately, this ping (to 192.168.31.20 - the 6224) times out.
bluskies58
23 Posts
0
December 21st, 2012 12:00
yes to all.
bluskies58
23 Posts
0
December 26th, 2012 07:00
I currently don't have access to the client on VLAN 5 (blizzard, working from home), but I can ping VLAN 6 from the switch.
bluskies58
23 Posts
0
December 26th, 2012 08:00
I have remote access to the switch, but not the client in VLAN 5. GIven that, let me know if there's anything we can do on that end until I get back into the office
bluskies58
23 Posts
0
December 26th, 2012 10:00
Here is the latest config:
PowerConnect 6224#show run
!Current Configuration:
!System Description "Powerconnect 6224, 3.2.0.7, VxWorks 6.5"
!System Software Version 3.2.0.7
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5-6,100,200,300
vlan routing 5 1
vlan routing 6 2
exit
hostname "PowerConnect 6224"
sntp unicast client enable
clock timezone -5 minutes 0
stack
member 1 1
exit
ip address 192.168.31.20 255.255.255.0
ip default-gateway 192.168.31.1
ip domain-name DellPowerConnect6224
ip name-server 192.168.31.190
ip name-server 192.168.31.22
ip name-server 192.168.1.2
ip routing
bootpdhcprelay maxhopcount 6
router rip
auto-summary
default-information originate
exit
interface vlan 5
name "External WLAN"
routing
ip address 10.1.1.100 255.255.255.0
exit
interface vlan 6
name "Internal WLAN"
routing
ip address 10.1.2.100 255.255.255.0
exit
aaa authentication login "networkList" line
aaa authentication enable "enableList" line
aaa authentication enable "networkList" line
line console
interface ethernet 1/g22
switchport access vlan 5
exit
!
interface ethernet 1/g23
switchport mode general
switchport general allowed vlan add 5-6
exit
!
interface port-channel 22
switchport access vlan 6
exit
exit
PowerConnect 6224#
bluskies58
23 Posts
0
December 27th, 2012 08:00
Setting has been applied, and here's the current config on port 1/g23:
PowerConnect 6224#show interfaces detail ethernet 1/g23
Port Type Duplex Speed Neg Admin Link
State State
----- ------------------------------ ------ ------- ---- ----- -----
1/g23 Gigabit - Level Full 1000 Auto Up Up
Port Description
---- --------------------------------------------------------------------------
1/g23
Flow Control:Enabled
Port: 1/g23
VLAN Membership mode:General Mode
Operating parameters:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Admit All
Default Priority: 0
GVRP status:Disabled
Protected:Disabled
--More-- or (q)uit
Port 1/g23 is member in:
VLAN Name Egress rule Type
---- --------------------------------- ----------- --------
1 Default Untagged Default
5 External WLAN Tagged Static
6 Internal WLAN Tagged Static
Static configuration:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: Admit All
Port 1/g23 is statically configured to:
VLAN Name Egress rule
---- --------------------------------- -----------
5 External WLAN Tagged
6 Internal WLAN Tagged
Forbidden VLANS:
VLAN Name
---- ---------------------------------
--More-- or (q)uit
Port 1/g23 Enabled
State: Forwarding Role: Designated
Port id: 128.23 Port Cost: 20000
Port Fast: No (Configured: no ) Root Protection: No
Designated bridge Priority: 32768 Address: 80:00:5C:26:0A:CD:17:7
1
Designated port id: 128.23 Designated path cost: 20000
CST Regional Root: 80:00:5C:26:0A:CD:17:71 CST Port Cost: 0
BPDU: sent 428921, received 1
PowerConnect 6224#
From the client currently configured in VLAN 5, I can reach VLAN 5 (10.1.1.100) and VLAN 6 (10.1.2.100). The next hop is the default gateway (192.168.31.1), and I'm receiving 'destination net unreachable' replies.
bluskies58
23 Posts
0
December 27th, 2012 09:00
A couple of questions (not a lot of experience in this particular area):
Is the ip route configured globally or on a particular interface? I want to ensure that other devices connected to the switch are not affected.
I should also clarify (sorry) that the next hop (192.168.31.1) is an interface on our firewall. Does that change anything, or do we need to configure a static route within the firewall as well? Or, do we also need to add access to VLANs 5 & 6 within the firewall?
bluskies58
23 Posts
0
December 27th, 2012 10:00
The topology you show is correct. The wireless device would be the WLC.
On the ip route command, do you see any negative effect on other devices connected to this switch if we apply globally?
Since the 6224 is doing the routing (for VLANs 5 & 6), I'd like to avoid tampering with the firewall config if at all possible, especially since this unit is being replaced as soon as we resolve this issue and whatever we do is likely to change on the new f/w.
bluskies58
23 Posts
0
December 27th, 2012 10:00
Sounds good, but I'm running into an issue: when I enter the IP address command as shown (using .31.7 since .31.2 is already in use), it's showing 'incomplete command'. When I try to append the subnet mask (255.255.255.0), I receive this:
"Subnet conflict between specified IP address and current configuration. All routing interfaces, service ports, and network ports must be configured on different subnets."
What am I missing?
bluskies58
23 Posts
0
December 27th, 2012 12:00
To remove the 'ip address' and 'ip default-gateway' entries, what command is used? (sorry, I've done this on CIsco, but not Dell).