WCS and WLC, On the same VLAN ?

Answered Question
May 4th, 2007
User Badges:

Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)


Johann Folkestad

Correct Answer by ericgarnel about 9 years 11 months ago

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.


the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).


Also don't forget to lock down https access to WCS web frontend as well

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (5 ratings)
Loading.
DigitalAirWireless Fri, 05/04/2007 - 05:14
User Badges:

johannf,

im not sure of a "best Practice". I have allways installed the WCS in a server Vlan which is different to the controller VLAN's across our customer's sites. As long as your snmp is working across the VLAN's all will be fine.


Cheers


mark


*pls rate good reply's


Correct Answer
ericgarnel Fri, 05/04/2007 - 05:36
User Badges:
  • Gold, 750 points or more

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.


the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).


Also don't forget to lock down https access to WCS web frontend as well

Actions

This Discussion

 

 

Trending Topics - Security & Network