Cisco Support Community
Community Member

2125 WLC Dynamic interfaces and their physical interface

I'm trying to broadcast multiple SSIDs per AP. I would like the new second SSID to be on a different VLAN. I have been reading this article and it looks like you create a trunk port on the switch that the WLC is connected to, which makes sense to me. A friend however told me to use a seperate physical interface on the WLC and assign the dynamic interface to it and connect it to the desired VLAN, instead of using the interface that is currently in production. I liked this idea because I would have downtime trying to reconfigure the port as a trunk that's in production.

So I guess my question is, if I use a secondary port on the WLC to connect to a different network than what the AP is on how will communication work? When the AP sends data to the WLC will everything be encapsulated in CAPWAP? How about the primary link connecting the WLC to the primary production network? Will this data to and from the WLC on the switch retain it's CAPWP encapsulation? Now that I'm thinking about it I guess it would have to since the WLC is what decapsulates the CAPWAP data and not the switch...

I would just like some advice on if I'm doing this correctly. Thanks a lot!  -Mark


2125 WLC Dynamic interfaces and their physical interface

I prefer to aggregate to one port as a trunk, that way you can elimiate issues of interface swicthing, which I really haven't seen that many of.

but to break down the traffic flow.  The AP is always going to send it's traffic to the AP-Manager interface, which will decapsulate the CAPWAP packets.  The WLC will drop the traffic out the port that the interface is configured to use.

So if you have port 1 as ap-manager/management and port 2 as user.  Traffic from the client flows to Port 1, gets decapsulated then sent out port 2.  The reverse happens on traffic destined to the client.

The only reason that I see to split the ports is for guest traffic, as you can then segregate them from the corporate traffic and drop then right on the FW or DSL modem if you wanted too.


Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Community Member

2125 WLC Dynamic interfaces and their physical interface

Thanks Stephen! I got the new SSID linked to my VLAN successfully!

Cisco Employee

2125 WLC Dynamic interfaces and their physical interface

We generally recomment one trunk port to be configured for different VLAN (for management and AP inetreface) but we can use other ethernet port also on WLC for any differnt VLAN config.

For all your port related queries please find the attach link with the diagramme.:-

Q. How does a WLC switch packets?

    A. All the client (802.11) packets are encapsulated in a LWAPP packet by the LAP and sent to the WLC. WLC descapsulates the LWAPP packet and acts based on the destination IP address in the 802.11 packet. If the destination is one of the wireless clients associated to the WLC, it encapsulates the packet again with the LWAPP and sends it to the LAP of the client, where it is decapsulated and sent to the wireless client. If the destination is on the wired side of the network, it removes the 802.11 header, adds the Ethernet header, and forwards the packet to the connected switch, from where it is sent to the wired client. When a packet comes from the wired side, WLC removes the Ethernet header, adds the 802.11 header, encapsulates it with LWAPP, and sends it to the LAP, where it is decapsulated, and the 802.11 packet is delivered to the wireless client. For more information about this, refer to the LWAPP Fundamentals section of the document Deploying Cisco 440X Series Wireless LAN Controllers.

Q. What are the various options available to access the WLC?

    A. This is the list of options available to access the WLC:

        GUI access with HTTP or HTTPS

        CLI access with Telnet, SSH, or console access

        Access through service port

    For more information on how to enable these modes, refer to the Using the Web-Browser and CLI Interfaces section of the document Cisco Wireless LAN Controller Configuration Guide, Release 5.1. Usually, the management interface IP address is used for GUI and CLI access. Wireless clients can access the WLC only when the optionEnable Controller Management to be accessible from Wireless Clients is checked. In order to enable this option, click the Management menu of the WLC, and click Mgmt via Wireless on the left-hand side. WLC can also be accessed with one of its dynamic interface IP addresses. Use the config network mgmt-via-dynamic-interface command to enable this feature. Wired computers can have only CLI access with the dynamic interface of the WLC. Wireless clients have both CLI and GUI access with the dynamic interface.

CreatePlease to create content