still confuse about LAG and non-LAG

Answered Question
Aug 17th, 2012

I'm using 5500 WLC. Using 2 distribution ports (port 1 and port 2). Each port connect to different switch.

Port 1 connect to port gi0/1 3750 switch.

Port 2 connect to port gi1/0/1 2960 switch.

According to this design, I should turn off the LAG right?

If I turn of the LAG, I should configure how many dynamic AP managers according to this design?

Thanks mate for helping me step by step.

I have this problem too.
0 votes
Correct Answer by Scott Fella about 1 year 8 months ago

Well one thing you need to know if you decide to split the management and ap managers on a 5508... You need to make sure the ap manager has connectivity back to the management interface or else your APs will not join.

All user traffic is tunneled back to the management interface and then placed in the specified interface on the wlc. So why not use LAG... you still have no real redundancy. If the switch dies that is connected to port 1, local APs will fail to join. If switch 2 that connects to your WLAN I terrace dies, user traffic dies too. I never implement the way you are trying to do, even with one WLC. You want redundancy, get two WLC's. Just best practice and no workarounds.

Sent from Cisco Technical Support iPhone App

Correct Answer by Stephen Rodriguez about 1 year 8 months ago

First, if you are splitting your ports between different switches the yes you would need ti disable LAG.

As for the ap-manager it would depend on how many AP you have. Each ap-manager can handle 48 AP. so if you are below that the default management u terrace will be fine.

Steve

Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.6 (11 ratings)
Correct Answer
Stephen Rodriguez Fri, 08/17/2012 - 04:54

First, if you are splitting your ports between different switches the yes you would need ti disable LAG.

As for the ap-manager it would depend on how many AP you have. Each ap-manager can handle 48 AP. so if you are below that the default management u terrace will be fine.

Steve

Sent from Cisco Technical Support iPhone App

Robot_Otobot Fri, 08/17/2012 - 06:23

Thank you Stephen for your reply.

I forget to mention that we have 50 LAPs.

Ok. So it looks like this right?

~ port 1 would be attached to 48 LAPs, and

~ port 2 would be attached to 2 LAPs

And, addtional steps, I should create another dynamic-AP manager in port 2? Do dynamic AP-Manager should be in 1 IP segment with interface management or not?

Stephen Rodriguez Fri, 08/17/2012 - 06:47

Yes you would need to add a second ap-manager on the second port. And I would keep it in the same VLAN as the first

That being said you would probably be better served by connecting the WLC to one switch and going with LAG vs splitting the ports. Just my opinion

Steve

Sent from Cisco Technical Support iPad App

George Stefanick Fri, 08/17/2012 - 10:38

Just to add to Steves great post.

With a 5508 you cant not break out the ports with LAG, meaning all the connections should come down to a single controller.

However, I would disgree with Steve on the number of access points per AP manager. If you were using a 4400 then yes I would agree. But for a 5508, no AP managers are needed UNLESS you want to do segmentation. but even then how are you going to direct which AP to what AP manager ?

Steve am I off on these comments?

Stephen Rodriguez Fri, 08/17/2012 - 10:50

I believe that you still have the 48 AP per AP-manager limitation, if you are not doing LAG.

The only difference there, is with the Gen2 stuff you don't 'need' the ap-manager as the management can take care of both roles.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

Robot_Otobot Sun, 08/19/2012 - 12:51

Thank for your help

So, port 1 will be connect to switch 1 and port 2 to switch 2.

Port 1 and port 2 are trunks

Interface management is in port 1

Dynamic Inteface-AP manager is in port 2.

Both, Interface management & Dynamic AP-manager Interface would be at same segment. Since switch 2 is a layer 2 switch, the access points attached to it should lies in the same segment with them both.

And, access points that attached to switch 1 (multi layer switch) allowed to lies in different subnet than both of interface and dynamic ap-manager.

Thank you guys for correcting me out.

Cheers

Scott Fella Sun, 08/19/2012 - 20:03

The access points don't need to reside on the same vlan as the management interface if you don't want to. The thing you need to also understand is that when you do not use lag, you can specify a primary and backup port. So in your example, management can be primary on port 1 and backup on port 2. Your ssid can be primary on port 2 and backup on port 1. If you do not want to do this, make sure you only specify the primary and set the backup to either port 0 or a port you are not using. I also would not allow the vlan on the trunk port. So on the trunk port for port 1, just allow the vlan for management and do the same for the trunk on port 2, only allow the vlans for the ssids.

Sent from Cisco Technical Support iPad App

Robot_Otobot Mon, 08/20/2012 - 00:54

Thanks Scott it really helps..

But by the way, I'm not mentioning "interface for ssid" here. I only mention 2 Interfaces that is AP-Manager and Management Interface.

But, because you have mention it and I still not clear about placing interfaces in WLC. I should ask one more question.

For instances, in case I also need to add WLAN interfaces.

With example before,

Port 1 is interface management

Port 2 are AP-Manager.

I created 1 WLAN interface and attached to SSID A on port 2.

WLC port2-- Switch 2 -- 2 LAPs --- Clients (Client WLAN)

WLC port1-- Switch 1 -- 48 LAPs --- Client

Can you tell me how's the traffic flows from Client on 2 LAPs to Clients on 48 LAPs scott? I really confuse and need to master it for I now work in wireless.

Correct Answer
Scott Fella Mon, 08/20/2012 - 04:15

Well one thing you need to know if you decide to split the management and ap managers on a 5508... You need to make sure the ap manager has connectivity back to the management interface or else your APs will not join.

All user traffic is tunneled back to the management interface and then placed in the specified interface on the wlc. So why not use LAG... you still have no real redundancy. If the switch dies that is connected to port 1, local APs will fail to join. If switch 2 that connects to your WLAN I terrace dies, user traffic dies too. I never implement the way you are trying to do, even with one WLC. You want redundancy, get two WLC's. Just best practice and no workarounds.

Sent from Cisco Technical Support iPhone App

Robot_Otobot Mon, 08/20/2012 - 12:05

Thanks again, Scott. Hmm.. You are right. This is not best practice scenario.

Our condition is  we have order a new SFP for WLC to use to connect but we have no ports left at the core switch.

So, I would like to propose this scenario to my team but before, I need to ask it to you guys.

Now, I clear about the risk. I will tell it to my team and discuss it.

Thanks Scott... You are a good teacher

Robot_Otobot Mon, 08/20/2012 - 12:12

But Wait a minute. If I create a interface VLAN on WLC, its primary port and back up port should mapped to port 1 and port 2 on the WLC right?

What if I only mapped the interface VLAN to only in port 1? Do Local AP on the switch 2 will broadcasting the SSID?

Stephen Rodriguez Mon, 08/20/2012 - 12:15

yes the all the AP that have the WLAN configured will service it.  But if you don't set a backup port, if port 1 goes down, the clients will not be able to pass traffic.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella Mon, 08/20/2012 - 13:37

You need to look at it this way.... two things, the management and ap managers (both the same ip) and any dynamic interfaces used for any SSID's.  If you do not have a backup port, then what ever port that went down, connectivity is lost.  So if your management goes down and you ap's are in local mode, well you ap's will drop and go through the whole discover process until connectivity to the management interface comes back up.  Its the same for the dynamic interfaces.  Your primary port goes down, then if you don't have a backup port, traffic will not flow.  So if your looking for a workaround to not using lag, then I guess your can say port 1 is your primary for the management and port 2 is your backup, then your dynamic interfaces used for your ssids can be primary port 2 and backup port 1.  It doesn't matter if the aps are on the same vlan or not, as long as they have connectivity to the management interface your ap's will join the WLC.

Robot_Otobot Thu, 08/23/2012 - 00:52

Thanks for the explaination Scott! I took 3 days to understand your explaination carefully.

Okay here is my carefully understanding:

1. the VLAN: interface management and the access point don't have to be in the same VLAN. as long the access point have connectivity to the interface management.

2. the ports: if interface management using only 1 port or it only use a primary port or it is not using any backup port, so the access point and the WLC only have 1 path between them. When path is down the AP will go on discovery process over and over again. The AP down, no SSID will broadcast in their service area...

Is it correct that A WLC = A layer 2 Switch?

Robot_Otobot Thu, 08/23/2012 - 02:57

Goerge,

WLC only examine up to L2 packet's address correct? They not examine up to L3 packet's address, correct?

Stephen Rodriguez Thu, 08/23/2012 - 06:28

The WLC doesn't really look at the address of the packet. If it's from a client, it puts it on the wire in the VLAN the client is in.

L2 vs L3 is for if the client roams between WLC.  L2 roam if the WLC are configured with the same VLAN and IP address.  L3 roam if the WLC are configured with different VLAN and/or IP addresses.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Robot_Otobot Fri, 08/24/2012 - 01:03

In non-roaming client, my final question,

after decapsulating the capwap header, wlc is always examine the source mac-address and destination-mac address of the packet?

if destination mac-address is in the wlc's mscb then the packet will be encapsulated back with capwap header then forwarded back to the access point where the clients is attached to.

if destination mac-address isn't in the wlc's mscb then the packet will be tagged and forwarded to neighbour switch where wlc connected to via primary port of the interface that the wlan mapped to?

Scott Fella Fri, 08/24/2012 - 19:58

Its just like Steve mentioned... the wlc doesn't look at the pactet... Lets say a device associates to ssid10 which is mapped to vlan 10. The packet is encapsulated in a capwap header to the wlc. The wlc strips off the capwap header and places the packet on the dynamic interface for vlan 10. the packet is the encapsulated with a ethernet (layer 2) header and sent to the switch.

Sent from Cisco Technical Support iPad App

Robot_Otobot Sat, 08/25/2012 - 03:55

What? Scott from your post, are you saying that:

1. The WLC is never looks into L2 frame addresses? This is different to what Steve mentioned. He said that the WLC is examining the mscb first than forward the packet based on exist or not exist the destination address on that mscb.

2.The WLC always forwards packets that he received to the switch? Always to be like this?

3. If number 2 is true, switch will be flooded by wireless traffic didn't they?

Can you give me the CLI command showing MSCB Scott? Is it just like mac-address table on a switch?

I'm so excited

But thanks before, Scott

Scott Fella Sat, 08/25/2012 - 06:43

I was just trying to make it simple:). The wlc is a layer two device for one. If you want to see Mac address, you view the client information. The client information is all the Mac address that the wlc knows about. If a Mac address is there, the wlc does not know about it. A switch is different, because it can tell you of a Mac address of a pc that might be connected to a different switch. The wlc will only show you active devices that have not timed out.

Look at it this way... You define an SSID on a wlc. That SSID is mapped to the management by default. I you want devices that use that SSID to be placed on another vlan, you need a to create an interface on the wlc, so the wlc can communicate in that vlan. Then you would assign that interface to that SSID.

So whatever SSID the device is associated to, the wlc knows what interface it needs to put on. Very simple.

Sent from Cisco Technical Support iPhone App

Robot_Otobot Sat, 08/25/2012 - 10:35

Okay sir, I read your post. But please confirm these 2 points sir:

1. Switch L2 examines the L2 destination adresses, compared it to MAC address table then knows which port to forward it.

2. But, the WLC is different from switch layer 2. WLC is not doing any L2 destination address checks to forward packet. WLC just simply forward packet based on WLAN's interfaces ports.

Robot_Otobot Sat, 08/25/2012 - 13:42

thanks Scott for be patience!

I understand now!

Wish you luck, thanks sir...

Actions

Login or Register to take actions

This Discussion

Posted August 17, 2012 at 2:36 AM
Stats:
Replies:25 Avg. Rating:4.63636
Views:1174 Votes:0
Shares:0
Tags: ap, manager, dynamic, lag
+

Related Content

Discussions Leaderboard