still confuse about LAG and non-LAG

Answered Question
Aug 17th, 2012
User Badges:

I'm using 5500 WLC. Using 2 distribution ports (port 1 and port 2). Each port connect to different switch.

Port 1 connect to port gi0/1 3750 switch.

Port 2 connect to port gi1/0/1 2960 switch.


According to this design, I should turn off the LAG right?

If I turn of the LAG, I should configure how many dynamic AP managers according to this design?


Thanks mate for helping me step by step.

Correct Answer by Scott Fella about 4 years 10 months ago

Well one thing you need to know if you decide to split the management and ap managers on a 5508... You need to make sure the ap manager has connectivity back to the management interface or else your APs will not join.


All user traffic is tunneled back to the management interface and then placed in the specified interface on the wlc. So why not use LAG... you still have no real redundancy. If the switch dies that is connected to port 1, local APs will fail to join. If switch 2 that connects to your WLAN I terrace dies, user traffic dies too. I never implement the way you are trying to do, even with one WLC. You want redundancy, get two WLC's. Just best practice and no workarounds.


Sent from Cisco Technical Support iPhone App

Correct Answer by Stephen Rodriguez about 4 years 10 months ago

First, if you are splitting your ports between different switches the yes you would need ti disable LAG.


As for the ap-manager it would depend on how many AP you have. Each ap-manager can handle 48 AP. so if you are below that the default management u terrace will be fine.


Steve


Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (11 ratings)
Loading.
Correct Answer
Stephen Rodriguez Fri, 08/17/2012 - 04:54
User Badges:
  • Purple, 4500 points or more

First, if you are splitting your ports between different switches the yes you would need ti disable LAG.


As for the ap-manager it would depend on how many AP you have. Each ap-manager can handle 48 AP. so if you are below that the default management u terrace will be fine.


Steve


Sent from Cisco Technical Support iPhone App

Totardo Tobing Fri, 08/17/2012 - 06:23
User Badges:

Thank you Stephen for your reply.


I forget to mention that we have 50 LAPs.

Ok. So it looks like this right?

~ port 1 would be attached to 48 LAPs, and

~ port 2 would be attached to 2 LAPs

And, addtional steps, I should create another dynamic-AP manager in port 2? Do dynamic AP-Manager should be in 1 IP segment with interface management or not?

Stephen Rodriguez Fri, 08/17/2012 - 06:47
User Badges:
  • Purple, 4500 points or more

Yes you would need to add a second ap-manager on the second port. And I would keep it in the same VLAN as the first


That being said you would probably be better served by connecting the WLC to one switch and going with LAG vs splitting the ports. Just my opinion


Steve


Sent from Cisco Technical Support iPad App

George Stefanick Fri, 08/17/2012 - 10:38
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Just to add to Steves great post.


With a 5508 you cant not break out the ports with LAG, meaning all the connections should come down to a single controller.


However, I would disgree with Steve on the number of access points per AP manager. If you were using a 4400 then yes I would agree. But for a 5508, no AP managers are needed UNLESS you want to do segmentation. but even then how are you going to direct which AP to what AP manager ?


Steve am I off on these comments?

Stephen Rodriguez Fri, 08/17/2012 - 10:50
User Badges:
  • Purple, 4500 points or more

I believe that you still have the 48 AP per AP-manager limitation, if you are not doing LAG.


The only difference there, is with the Gen2 stuff you don't 'need' the ap-manager as the management can take care of both roles.



HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

Totardo Tobing Sun, 08/19/2012 - 12:51
User Badges:

Thank for your help


So, port 1 will be connect to switch 1 and port 2 to switch 2.

Port 1 and port 2 are trunks

Interface management is in port 1

Dynamic Inteface-AP manager is in port 2.


Both, Interface management & Dynamic AP-manager Interface would be at same segment. Since switch 2 is a layer 2 switch, the access points attached to it should lies in the same segment with them both.


And, access points that attached to switch 1 (multi layer switch) allowed to lies in different subnet than both of interface and dynamic ap-manager.


Thank you guys for correcting me out.


Cheers

Scott Fella Sun, 08/19/2012 - 20:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The access points don't need to reside on the same vlan as the management interface if you don't want to. The thing you need to also understand is that when you do not use lag, you can specify a primary and backup port. So in your example, management can be primary on port 1 and backup on port 2. Your ssid can be primary on port 2 and backup on port 1. If you do not want to do this, make sure you only specify the primary and set the backup to either port 0 or a port you are not using. I also would not allow the vlan on the trunk port. So on the trunk port for port 1, just allow the vlan for management and do the same for the trunk on port 2, only allow the vlans for the ssids.


Sent from Cisco Technical Support iPad App

Totardo Tobing Mon, 08/20/2012 - 00:54
User Badges:

Thanks Scott it really helps..


But by the way, I'm not mentioning "interface for ssid" here. I only mention 2 Interfaces that is AP-Manager and Management Interface.


But, because you have mention it and I still not clear about placing interfaces in WLC. I should ask one more question.


For instances, in case I also need to add WLAN interfaces.


With example before,

Port 1 is interface management

Port 2 are AP-Manager.

I created 1 WLAN interface and attached to SSID A on port 2.


WLC port2-- Switch 2 -- 2 LAPs --- Clients (Client WLAN)

WLC port1-- Switch 1 -- 48 LAPs --- Client


Can you tell me how's the traffic flows from Client on 2 LAPs to Clients on 48 LAPs scott? I really confuse and need to master it for I now work in wireless.

Correct Answer
Scott Fella Mon, 08/20/2012 - 04:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well one thing you need to know if you decide to split the management and ap managers on a 5508... You need to make sure the ap manager has connectivity back to the management interface or else your APs will not join.


All user traffic is tunneled back to the management interface and then placed in the specified interface on the wlc. So why not use LAG... you still have no real redundancy. If the switch dies that is connected to port 1, local APs will fail to join. If switch 2 that connects to your WLAN I terrace dies, user traffic dies too. I never implement the way you are trying to do, even with one WLC. You want redundancy, get two WLC's. Just best practice and no workarounds.


Sent from Cisco Technical Support iPhone App

Totardo Tobing Mon, 08/20/2012 - 12:05
User Badges:

Thanks again, Scott. Hmm.. You are right. This is not best practice scenario.

Our condition is  we have order a new SFP for WLC to use to connect but we have no ports left at the core switch.

So, I would like to propose this scenario to my team but before, I need to ask it to you guys.


Now, I clear about the risk. I will tell it to my team and discuss it.


Thanks Scott... You are a good teacher

Totardo Tobing Mon, 08/20/2012 - 12:12
User Badges:

But Wait a minute. If I create a interface VLAN on WLC, its primary port and back up port should mapped to port 1 and port 2 on the WLC right?


What if I only mapped the interface VLAN to only in port 1? Do Local AP on the switch 2 will broadcasting the SSID?

Stephen Rodriguez Mon, 08/20/2012 - 12:15
User Badges:
  • Purple, 4500 points or more

yes the all the AP that have the WLAN configured will service it.  But if you don't set a backup port, if port 1 goes down, the clients will not be able to pass traffic.



HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella Mon, 08/20/2012 - 13:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You need to look at it this way.... two things, the management and ap managers (both the same ip) and any dynamic interfaces used for any SSID's.  If you do not have a backup port, then what ever port that went down, connectivity is lost.  So if your management goes down and you ap's are in local mode, well you ap's will drop and go through the whole discover process until connectivity to the management interface comes back up.  Its the same for the dynamic interfaces.  Your primary port goes down, then if you don't have a backup port, traffic will not flow.  So if your looking for a workaround to not using lag, then I guess your can say port 1 is your primary for the management and port 2 is your backup, then your dynamic interfaces used for your ssids can be primary port 2 and backup port 1.  It doesn't matter if the aps are on the same vlan or not, as long as they have connectivity to the management interface your ap's will join the WLC.

Totardo Tobing Thu, 08/23/2012 - 00:52
User Badges:

Thanks for the explaination Scott! I took 3 days to understand your explaination carefully.


Okay here is my carefully understanding:

1. the VLAN: interface management and the access point don't have to be in the same VLAN. as long the access point have connectivity to the interface management.

2. the ports: if interface management using only 1 port or it only use a primary port or it is not using any backup port, so the access point and the WLC only have 1 path between them. When path is down the AP will go on discovery process over and over again. The AP down, no SSID will broadcast in their service area...


Is it correct that A WLC = A layer 2 Switch?

George Stefanick Thu, 08/23/2012 - 02:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Yes indeed it is .. WLC just switches packets, doesn't route ..

Totardo Tobing Thu, 08/23/2012 - 02:57
User Badges:

Goerge,


WLC only examine up to L2 packet's address correct? They not examine up to L3 packet's address, correct?

George Stefanick Thu, 08/23/2012 - 02:59
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

WLC doesnt route ... see my other post to you ..

Stephen Rodriguez Thu, 08/23/2012 - 06:28
User Badges:
  • Purple, 4500 points or more

The WLC doesn't really look at the address of the packet. If it's from a client, it puts it on the wire in the VLAN the client is in.


L2 vs L3 is for if the client roams between WLC.  L2 roam if the WLC are configured with the same VLAN and IP address.  L3 roam if the WLC are configured with different VLAN and/or IP addresses.



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Totardo Tobing Fri, 08/24/2012 - 01:03
User Badges:

In non-roaming client, my final question,

after decapsulating the capwap header, wlc is always examine the source mac-address and destination-mac address of the packet?

if destination mac-address is in the wlc's mscb then the packet will be encapsulated back with capwap header then forwarded back to the access point where the clients is attached to.

if destination mac-address isn't in the wlc's mscb then the packet will be tagged and forwarded to neighbour switch where wlc connected to via primary port of the interface that the wlan mapped to?

Scott Fella Fri, 08/24/2012 - 19:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Its just like Steve mentioned... the wlc doesn't look at the pactet... Lets say a device associates to ssid10 which is mapped to vlan 10. The packet is encapsulated in a capwap header to the wlc. The wlc strips off the capwap header and places the packet on the dynamic interface for vlan 10. the packet is the encapsulated with a ethernet (layer 2) header and sent to the switch.


Sent from Cisco Technical Support iPad App

Totardo Tobing Sat, 08/25/2012 - 03:55
User Badges:

What? Scott from your post, are you saying that:

1. The WLC is never looks into L2 frame addresses? This is different to what Steve mentioned. He said that the WLC is examining the mscb first than forward the packet based on exist or not exist the destination address on that mscb.

2.The WLC always forwards packets that he received to the switch? Always to be like this?

3. If number 2 is true, switch will be flooded by wireless traffic didn't they?


Can you give me the CLI command showing MSCB Scott? Is it just like mac-address table on a switch?


I'm so excited


But thanks before, Scott

Scott Fella Sat, 08/25/2012 - 06:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I was just trying to make it simple:). The wlc is a layer two device for one. If you want to see Mac address, you view the client information. The client information is all the Mac address that the wlc knows about. If a Mac address is there, the wlc does not know about it. A switch is different, because it can tell you of a Mac address of a pc that might be connected to a different switch. The wlc will only show you active devices that have not timed out.


Look at it this way... You define an SSID on a wlc. That SSID is mapped to the management by default. I you want devices that use that SSID to be placed on another vlan, you need a to create an interface on the wlc, so the wlc can communicate in that vlan. Then you would assign that interface to that SSID.


So whatever SSID the device is associated to, the wlc knows what interface it needs to put on. Very simple.


Sent from Cisco Technical Support iPhone App

Totardo Tobing Sat, 08/25/2012 - 10:35
User Badges:

Okay sir, I read your post. But please confirm these 2 points sir:


1. Switch L2 examines the L2 destination adresses, compared it to MAC address table then knows which port to forward it.

2. But, the WLC is different from switch layer 2. WLC is not doing any L2 destination address checks to forward packet. WLC just simply forward packet based on WLAN's interfaces ports.

Scott Fella Sat, 08/25/2012 - 11:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

That is correct.

Totardo Tobing Sat, 08/25/2012 - 13:42
User Badges:

thanks Scott for be patience!

I understand now!


Wish you luck, thanks sir...

Actions

This Discussion

Related Content