The TL:DR, I have multiple VLANs mapped to SSIDs on the WLC, but can only use them and get DHCP for clients if i run a trunk to the AP itself. But, if i do this, i cannot manage the AP's in the WLC. I'm using Virtual WLC, so its flex connect.
- I have a service port, can connect to that just fine.
- I moved management to a dedicated VLAN20. This has no SSID on it, and AP's get IP from here.
- I have 3 x user VLANs and SSID's. VLAN10, 30 and 50. Each with associated range, 192.168.10, .30 and .50 respectively.
- All interfaces go to its relevant gateway on a pfSense box, each VLAN has a DHCP server for its subnet on the firewall.
From what i have read, best practice on a normal WLC is to have APs connect to an access port on the management VLAN (20 in my case), and then it will tunnel to the controller, and break out to each VLAN from there. I'm using virtual controller, so using flexconnect - read in places to use a trunk to AP in this case. Lots of conflicting info on the web.
If i do use access port to AP, clients are getting an IP address from VLAN20 (management VLAN) and even then that only works if i connect to SSID for VLAN10. If i try VLAN 30, it wont get an address at all (which is more odd)
But - if i trunk to the AP, all SSID's work, clients get a DHCP address in the correct VLAN . However I cannot see the AP's on the controller. So i'm going around in circles.... and getting a little frustrated.
Can anyone point out my stupid for me please?
No comments:
Post a Comment