Please help me to understand one thing here. When using WLC on router, all AP's are communicating with it using encrypted tunnel via LWAPP protocol. Now, according to documentation, for every SSID you configure separate VLAN to keep traffic isolated. My question is , why do you do that ? This traffic is in a the tunnel already, cannot be read by anyone else, and WLC could recognize where is comes from just by checking SSID, so what is the real benefit of VLAN's here ?
Correct. But you dont need to and it may not be recommended to put the APs on the AP MANAGER vlan. So long as the AP can route to the controller managment address it will build an end point connection with the AP manager.
Please rate helpful post ...