Remote APs with multiple vlan / dhcp

On one of our 5508 controllers we have approx 40 APs, about 20 local and 20 flexiconnect. Until now we have only had one vlan on the flexiconnect APs, but our local APs have several SSIDs connecting to different Vlans and assigned different dhcp addresses correctly.
We now have the need to have multiple SSIDs on some sites being assigned different IPs.
I have created the interfaces, with the correct ip and dhcp server, linked with the correct AP group. The SSID is shown and can be connected, but the original ip is being assigned and not the new range.
I have not yet created any security policies so the new range has full access to the entire network and the controller can ping the new remote vlans.
If i hard connect to the switch on the new vlan, I am assigned the correct new IP range, so this is working.
I cannot see why devices connected to the new SSID are not being assigned the correct IP range.

You need to review the FlexConnect configuration guide. You need to trunk the ap port if more than one vlan is required, you also need to enable FlexConnect local switching in the WLAN, you need to also define the WLAN to vlan mapping on each FlexConnect AP.
It varies depending if you want to place traffic locally at the site or tunnel it back.
https://supportforums.cisco.com/docs/DOC-24082
Sent from Cisco Technical Support iPhone App

Similar Messages

  • Onplus with multiple VLAN

    Hi,
    i am trying to set the network agent N100 on a trunk port on a switch (2960) without success regarding dhcp???
    The problem is that the agent is not getting any ip address from a dhcp pool from a Cisco 1841 router acting as DHCP server. The topology is like this:
    Router---------------------------------------------------------------------Switch--------------------------------------------------------------------On100
             fa0/0
             fa0/0.10
             fa0/0.20
    The router is on the stick with subinterfaces. Ports connecting the router and On100 on the switch are 802.1q trunk ports. I also made a simulation of this topology on the GNS3 and with wireshark i can see  that dhcp discover are comming inbound fa0/0 but when i type the command:
    R#show ip dhcp server statistics there are no received dhcp discover packets???It's very strange.
    Did any one have experience with multiple vlan topology?
    Thanks

    Delo,
    Take a look at the document link below.  Beginning on page 3 contains a sample configuration.  I would recommend reading the entire document to get your arms around the VLAN discovery functionality.  I can appreciate that when reading some of the documentation it can be confusing and lead you to believe that it can discover additional networks using Layer 3 routing.  That said, the one thing to keep in consideration is that OnPlus/ON100, other than the Network Scanning functionality, will not traverse Layer 3 boundaries to do additional discovery/monitoring.  You can manually add devices that are only accessible via Layer 3 and select to do some monitoring on those devices however they must be added manually and it will not attempt to access those devices via SSH/Telnet or SNMP.  As such, it won't do functions like backing up configurations.
    OnPlus autodiscovery will only use Layer 2 and that is why you would need the VLAN Trunking with DHCP in each VLAN or to SPAN a switch port.  With VLAN trunking the ON100 will have an IP in the other VLAN and be able to discover devices on that now "local LAN".  With port spanning, the ON100 would discover based on packets it receives.  It can appear a little confusing but as long as  you keep in mind that the ON100 won't discover over a Layer 3, that will help to clarify some of the confusion.
    http://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdfhttp://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdf

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • ARD 3.1 on a Cisco network with multiple VLANs

    I really hope someone can help me with this one because it's giving me all sorts of headaches.
    I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
    Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

    I really hope someone can help me with this one because it's giving me all sorts of headaches.
    I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
    Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

  • Remote Application with multiple computers multiple rooms

    I am planing a whole-house music system and have played around with the Remote application. Seems to work fine in my setup with a MacBook Pro. Have several AiportExpress that I can see through REMOTE but they are not linked to speakers.
    Here what I would like to do.
    1) Control each room separately, so each could have its own music playing or multiple rooms playing having the same song. I think currently one would need to build more than one loop of AirportExpress's linked to the same speakers. With two loops one could access two different libraries on two computers and so have two different songs playing in 2 zones.
    2) Control the loudness in each room. This could be a big problem. There is one master volume, but if one room is larger or has more speakers it could be much louder than the other rooms. So one would constantly play around with the volume when moving from room to room.
    3) Use more than one iPod Touch or iPhone in one set up, so that all people in the house can control the music. I only have one iPhone so I have not had a chance to check this one out. Is it possible to have more than one controlling iPhone or iPod Touch?
    Nice to haves
    1) An alarm function with the time and song selected and with zero volume slowly increasing to a set value over a set time.
    2) Cover flow on the iPhone or iPod Touch
    3) Remote launching of iTunes from the iPhone or iPod Touch
    Any suggestions or answers are welcome. Thanks for your help.

    There are no post activities available in ConfigMgr. Either use dependencies (so that the post activities application/DT has a dependency to the application itself - which is not the best way to solve it imho) or use a wrapper (cmd, ps1, vbs etc) that
    installs the application first and performs additional things afterwards.
    Torsten Meringer | http://www.mssccmfaq.de

  • SG300 with WAP551 VLAN DHCP confusion

    Cisco Small Business Pros,
    I need a hand.  I am trying to configure 2 seperate vlans for a WAP551 in unique broadcast address spaces.  I have been able to configure the WAP551 and was planning on letting a SG300 handle the DHCP.  On the SG300 I have configured two different DHCP pools but there does not seem to be a way to specify an associated VLAN.  Am I thinking about this wrong?  How do I get VLAN1 to pull from 192.168.1.2/24 and VLAN2 to pull from 192.168.2.2/24?
    Sincerely,
    Dennison

    Hi,
    Unfortunately there is a change and this behavior will be corrected in the next release. In the meantime you may try the following workarounds:
    1.
    1) Disable Voice VLAN on port
    2) Toggle port status (link down and then up)
    3) Enable Voice VLAN on port once again
    2. or use 1.3.5 firmware
    Please feel free to open ticket with Small Business Team if you would like to get some information or share some comments.
    Regards,
    Aleksandra

  • Help with Multiple VLANS and IP Phone Setup.

    Although i have a 3com, I have a cisco IP Phone. I have the IP Phone connected to the 3com swithport using a hybrid port. It's a tagged member of vlan3 (voice net) and an untagged member of vlan1(native data)
    The ip phone gets the right DHCP address for vlan3 ( 10.x.x.x ) but the laptop connected to the ip phone gets the IP for vlan 3 as well.
    I want the laptop to get the IP of the native vlan ( 192.168.x.x)
    what would the port setup need to be ? does it need to be a trunk ? i have the PVID of the port set to vlan3, this allows the IP phone to get its vlan3 DHCP address.
    any help would be greatly appreciated.
    The 3com OS is very similar to the latest of CISCO IOS'.
    so explain wtih syntax and i'm sure the 3com can relate.

    Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
    With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport voice vlan 100
    This results in the same configuration as:
    interface FastEthernet0/1
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport trunk allowed vlan 100
    With the exception of CDP packets being sent advertising the Voice VLAN.
    With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
    Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
    I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
    HTH
    Andy

  • Bridging problem with multiple vlans

    Hello Everyone, I am using two 1310 bridges in a root / non-root setup. The switches on both sides of the wireless bridge were setup to trunk native vlan 253. Each wireless bridge also had vlan 253 setup as a Radio and Ethernet Interface. In this config, the wireless bridges could associate and ping each other, but the switches on each side could not ping each other?s management vlan interface (Vlan 25). The only way to get traffic to pass to the corresponding switches on each side of the wireless bridge was to use vlan 253 for everything. We also see this problem with some of our other 1310 bridge connections at other plants. Has anyone seen this problem or a similar problem before?

    Hi Craig,
    Er, dunno if you have any insight on my issue. I'm trying to get 2 AP1231s (12.3-8) in bridge mode (root/non-root, antennas transmit/receive right) that have 4 VLANs going across the airwaves. Now, the bridges are associated, they can see each other's IP address, but will they ping? Absolutely not! VLAN20 is the native assigned to bridge-group 1, I've tried IP addresses on the BVI1, dot11Radio 0.20 and fa0.20 interfaces with no luck. There's no other fancy configuration options applied, just 4 VLANs going across two associated bridges. Any ideas? Appreciate any assistance you can offer.
    I'd already found the document that Rob recommended beforehand and that proved useful in getting the units to associate. Now I just need a ping! A PC connected to the non-root bridge's Ethernet port via a Xover cable is able to ping the non-root bridge but that's as far as it goes.
    Root bridge config attached. No IP assigned on this copy but as advised, tried a few scenarios!
    Thanks, Paul

  • Complex NAT and ACL issue with multiple VLANS

    Hello Forum. 
    We have about 12 different VLANS behind an ASA 5515-x. One of those vlans contains a webserver and a DNS server (different machines, different IP addresses). ASDM 7.1.3
    From outside the firewall, people need to be able to get to the webserver via http, https and a custom  port (3390). From outside the firewall, no one needs DNS access.
    From INSIDE the firewall, things are much more complicated. They need access to the DNS server from all VLANS and they need access to Webserver from all VLANS
    The VLANS themselves are defined on the core switches, not the ASA The Vlan labels and network subnets increment by 5 (except in the first 5 numbers) and the VLAN subnets are equal to the vlan name. So for example VLAN 10 is on the 10.10.10.x subnet, vlan 20 is on the 10.10.20.x subnet, and so on. Each subnet is 24 bits
    WHAT WORKS:
    Outside_in: http, RDP work fine. Pretty sure I will be able to get https myself, so not looking for help there
    Inside_in: traffic from vlan 10 to vlan 5 works fine, but I think that is in part to the any any allow rule on the vlan 10 interface. Apart from that, all vlans can get out to the web, but they cannot get proper DNS resoliution or access the webserver across vlans
    I have looked at the access lists, I have looked at NATting the DNS, but it is not working, and I am not sure why. Any assistance would be appreciated

    Tried that, no joy. It said that the problem was a NAT issue, but I cannot figure it out. The NAT rule looks right, but is not because it doesn't work

  • Multiple Vlans on a single port.

    hi,
    Can i configure single port with multiple vlans on L2 2950 switch, if yes then what are the commands.
    Thanks,
    Vishal D.

    Paresh,
    i think i have not quoted the question properly.
    see by doing 'switchport mode trunk' it will flow the traffic of all vlan right.
    but if i want to give access of selected vlans then what to do,
    i have tried the command 'switchport trunk allowed vlan 1,2,3'
    do i have to give encapsulation on that port, but on 2950 encap cannot be configured.
    now can u tell me wht is possible to do.
    Thanks for ur reply.
    Vishal.

  • DHCP Setup across multiple VLANs on RV325 - DHCP Server only working on VLAN 1

    I have multiple VLAN subnets defined on my RV325 - when I try and utilize a DHCP Server on each VLAN, it only seems to be issuing IP Addresses to clients on VLAN ID 1.  When I first set this up months ago, I thought I had tested it providing IP Addresses via the other subnets.  Now that I am trying to do so, it isn't working "as expected".  Example - I am using VLAN 25 as the GuestWireless subnet utilizing a separate 802.11n WAP that is set to Bridge connections to the IP Address of the VLAN interface.  Devices are able to connect to the WAP, but end up with a self-assigned IP Address 169.x.x.x address.  There has to be an easy fix to this, but I seem to be "stuck" figuring out what it is…pointers/redirects appreciated.  Thanks!

    Thanks - I've already reviewed that information before I posted.  I've been working with DHCP since the mid-90's, so I'm comfortable with the settings/configuration I need to leverage to make this work via other means using various Network-based OSes.
    I'm wondering if there are other options in configuring this device that can impact the ability to dynamically serve IP addresses on a VLAN/subnet-by-VLAN/subnet basis.
    As I did more testing, I discovered when I reserved an IP Address via the IP & MAC Binding option within the DHCP Settings, those devices would receive their static reservations and work as expected, so the problem seems to be leveraging the DHCP Pool for devices connecting to VLANs other that VLAN 1.
    Any ideas as to why the DHCP Pool's are "non-functioning" for the other VLANs is greatly appreciated...
    Each VLAN is setup with a separate DHCP Server configuration as shown below:
    VLAN ID = 1 (Default, Inter VLAN Routing = Enabled, LAN1-6 = Untagged, LAN7=Tagged, LAN8=Excluded, LAN9-14 Untagged)
    Device IP Address = 172.16.xxx.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 172.16.xxx.100
    Range End = 172.16.xxx.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    Correctly serving IP Addresses via DHCP (both static and dynamic) to Wired devices & Wireless devices connecting through WAP (set to Bridge)
    VLAN ID = 25 (GuestWireless, Inter VLAN Routing = Disabled, LAN1-LAN7 = Excluded, LAN8 = Untagged, LAN9-14 = Excluded)
    Device IP Address = 172.16.yyy.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 172.16.yyy.100
    Range End = 172.16.yyy.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP (set to Bridge)
    Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.
    VLAN ID = 100 (Voice, Inter VLAN Routing = Disabled, LAN1-6 Excluded, LAN7 = Untagged, LAN8-14 = Excluded)
    Device IP Address = 192.168.zzz.1
    Subnet Mask = 255.255.255.0
    DHCP Mode = DHCP Server
    Remote DHCP Server = 0.0.0.0
    Client Lease Time = 1440 min
    Range Start = 192.168.zzz.100
    Range End = 192.168.zzz.199
    DNS Server = Use DNS as Below
    Static DNS 1 = 208.67.222.222
    Static DNS 2 = 208.67.220.220
    WINS Server = 0.0.0.0
    NOT serving dynamic IP Addresses via DHCP to Wired devices & Wireless devices connecting through WAP set to Bridge
    Static DHCP Reservations setup via IP & MAC Binding settings DO WORK in terms of providing the assigned static IP Address to the client.  Inbound/Outbound traffic to Internet works for devices with Static DHCP Reservations.

  • Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

    Hi,
    I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
    Router (RV016 10/100 16-Port VPN Router) as gateway mode:
    IP : 172.16.0.1/24
    DHCP Server :
    IP : 172.16.0.2/24 GW: 172.16.0.1
    2 subnets :
    172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
    172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
    Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
    IP 172.16.0.254 (vlan 8 default)
    Vlan 1 : 172.16.1.1
    Vlan 2 : 172.16.2.1
    1 device connected on each vlan
    a workstation on the vlan 1
    a laptop on the vlan 2
    In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
    But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
    I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
    I hope the explanations are clear enough and my English too
    Any help will be highly appreciated,
    Zoubeir

    Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
    A couple things I notice in your description-
    48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
    The connection between the switches, is it 1u, 2t?
    The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
    We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
    The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
    We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
    Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
    -Tom
    Please rate helpful posts

  • Multiple VLANs per SSID with local switch

    Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
    If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
    Thanks!

    dont think its possible...
    I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
    Example:
    AP1 -- ssid 1 --- vlan 10
    AP2 -- said 1 --- vlan 11 and so forth..
    Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
    Sent from Cisco Technical Support iPhone App

  • Bridge with clients & multiple VLANs on 1242 AP

    Hi,
    I am trying to set up a test as per the attached diagram. I am looking to use 2x 1242 access points to bridge to a remote part of the network.
    I currently have 2 VLANs on the network, all network devices are on VLAN 1 for management and client access is on VLAN 2.
    What I am trying to achieve is to bridge between the two access points and also have clients connect to VLAN 2 on each access point.
    Firstly, are the 1242's capable of this or would I need to look at a 1300 Bridge?
    I have attached a copy of the base config I have on both AP's, the only difference between them is the root or non-root role.
    My bridge link currently works and I can ping across it on VLAN 1 but I cannot get a client to connect to the SSID on VLAN2. Although the SSID is set to guest mode I cannot see it being broadcast and if I manually try and connect nothing happens.
    Is there anything basic I am missing here or can anyone offer advice on bridging multiple VLANs with 1242 AP's?
    Thanks,
    Paul

    Ooops....forgot to add the attachments first time.
    Thanks,
    Paul.

  • Register APs at remote site with WLCs at the core via Metro E.

    All,
    I have problem with register APs at the remote site with WLCs at the core.
    All of my WLCs are on main site; and the majority of APs are on same subnet and same site with the WLCs. This works just fine.
    However I have a remote site with connected to the core via metro E. And I am unable to make the APs at this site register to the controllers at the core.
    On remote site APs and PCs are on subnet. And PCs are work just fine. I have the DHCP scope options 43 set for the ip address of the WLCs.
    Metro E interfaces are on 192.168.0.0 /24.
    Clients (PCs and APs) at remote are on 192.168.56.0 /24
    I have the configuration on the Metro E and and remote site on the attachment.
    Thank in advantage.

    To get APs registered, make sure AP is getting an ip address and can ping WLC
    Once this is verified, run the following debugs on WLC CLI and attach it to the thread:
    - debug mac addr
    - debug capwap OR lwapp events enable
    - debug capwap OR lwapp errors enable
    - debug pm pki enable
    To stop debug
    - debug  disable-all
    In case you have 'console' access to remote site AP, capture AP boot up and then run "debug ip udp" on AP CLI
    To stop this debug
    AP# undebug all

Maybe you are looking for