Hi, I have a particular wireless design that requires one WLC 5508 to be connected to two seperate swithces. Port 1 of WLC is connected trunk to Switch A and Port 2 of WLC is connected to Switch B. Each switch has its own local VLANS. When I connect 1130s LAPs they need to find the management interface initially and then use only AP management interfaces. since there is only one management interface, if I assign management interface on a vlan that is configured on switch A then APs on switch A join fine but those on switch B keep asking for management interface and from capwap debug on WLC it says that join request was received on wrong ineterface ....
the only work around to this was to make routing between switch A and switch B for the two vlans on which APs reside... but for security purposes - client would like to avoid this
any help much appreciated ..
unfortunately, the initial discovery has to happen to the mgmt interface. once that has happened the AP should know about the second AP-manager that is on the guest subnet, that's why they are able to stay up. but if the AP rebooted, it would need to discover again, and would fail.
what is the customers concern with having all the AP routable to the mgmt network? the guest users can't see anything there.
IMO, leave the AP able to connect to mgmt subnet, but then put a L3 ACL up, to block the guest subnet from reaching anything in the internal network.