WLC Design Question

Answered Question
Apr 19th, 2010

Hello NetPros,

I really need some one to clarify few things regarding ssid/interfaces/vlans!

I want to implement a wlc to a central site and have the lwapps installed to the remote sites.

There is layer 3 connectivity between the central site and the remote sites.

Let's suppose that the management interface of the WLC is under vlan 10 on the HQ site.Then i have 2 Wlans under vlans 20 and 30.I have created the interfaces in WLC under separate subnets and associated them to the SSIDS.

My consern is the following: Vlans 10,20 and 30 are created on the L3 switch that is directly connected to the WLC via trunk port. Do i need to create vlans 20,30 on the remote switches as well in order for the clients to be able to connect to Wlans?

To be more precise, what configuration is needed on the switches side (HQ-remote site) in order to set this up?

Thank you people!

I have this problem too.
0 votes
Correct Answer by Lucas Phelps about 6 years 6 months ago

If you want *ALL* of your wireless traffic at your remote sites to come back through your WLC at your HQ then yes this is correct, you will not need to build every VLAN out to every switch at the remote sites.  The wireless traffic will be placed in a secure LWAPP/CAPWAP tunnel and will travel over your Layer 3 backbone to your HQ and terminate at the WLC.  The WLC will then pass the traffic out its local ports to your HQ switches.

However, if you are setting up H-REAP access points at your remote offices, then the configuration will need to be different.  H-REAP will switch the traffic at the remote office onto the the remote office's switch instead of tunneling it all back to the controller before it gets passed off to the network.  This is local switching vs centralized switching. Maybe the remote users will need access to their remote wired network from the remote wireless network (perhaps they have a local storage device in the office and want to be able to connect to it wirelessly without having to have ALL of that data travel back and forth to the HQ office to be routed).  In this scenario, you'd have to create all of the VLANs at the remote sites like you first mentioned.

See the attached picture which shows how H-REAP works.  If you have two WLANs broadcasting from your AP, one can be a locally switched H-REAP WLAN and the other can be centrally switched at the WLC (perhaps for Guests that don't need local access)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Kayle Miller Mon, 04/19/2010 - 07:51

Generally speaking how I configure this scenario is as follows:

Assumptions for this example:

VLAN 10 - 10.10.1.0/24

WLC Management Interface - 10.10.1.10

WLC AP-Manager Interface - 10.10.1.11

10.10.1.0/24 route to 10.100.10.0/24 (and vice-versa)

10.11.1.0/24 route to 10.100.10.0/24 (and vice-versa)

DHCP Server - 10.11.1.20

VLAN 20 & 30 are configured on the HQ core switch

The WLC switch ports should be configured as trunks, similar to the following:

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk vlan native 10

switchport trunk vlan allowed 10-30

Remote Site:

Create another VLAN and DHCP Scope for the Access Points (let's say VLAN 100 & 10.100.10.0/24)

Configure the switch ports for the access points as Access Ports:

switchport mode access

switchport access vlan 100

interface vlan 100

description Access_Point_VLAN

ip address 10.100.10.2 255.255.255.0

ip helper-address 10.11.1.20

This configuration should get you up and running, keeping in mind that the clients at the remote site will drop out on the wired network at the WLC @ HQ.

Hope this helps.. Please feel free to rate this.

panayiotiscy Tue, 04/20/2010 - 04:31

Hi Kayle,

Thanks for your reply.

Actually, the main point that i was looking for is this one :

"This configuration should get you up and running, keeping in mind that  the clients at the remote site will drop out on the wired network at the  WLC @ HQ."

This helped understand the big idea around my question.

Thank you.

Correct Answer
Lucas Phelps Tue, 05/18/2010 - 07:29

If you want *ALL* of your wireless traffic at your remote sites to come back through your WLC at your HQ then yes this is correct, you will not need to build every VLAN out to every switch at the remote sites.  The wireless traffic will be placed in a secure LWAPP/CAPWAP tunnel and will travel over your Layer 3 backbone to your HQ and terminate at the WLC.  The WLC will then pass the traffic out its local ports to your HQ switches.

However, if you are setting up H-REAP access points at your remote offices, then the configuration will need to be different.  H-REAP will switch the traffic at the remote office onto the the remote office's switch instead of tunneling it all back to the controller before it gets passed off to the network.  This is local switching vs centralized switching. Maybe the remote users will need access to their remote wired network from the remote wireless network (perhaps they have a local storage device in the office and want to be able to connect to it wirelessly without having to have ALL of that data travel back and forth to the HQ office to be routed).  In this scenario, you'd have to create all of the VLANs at the remote sites like you first mentioned.

See the attached picture which shows how H-REAP works.  If you have two WLANs broadcasting from your AP, one can be a locally switched H-REAP WLAN and the other can be centrally switched at the WLC (perhaps for Guests that don't need local access)

Attachment: 

Actions

This Discussion