Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

2504 Wireless Controller|AIR-CAP1602I-x-K9

 I am trying to setup two SSID -one being the guest wireless (let's say and the other one being the wireless for internal users (let's say  The problem I am facing is re: the multiple interfaces and/or LAG on the 2504 controller


The current setup is ASA(DMZ interface 1 is connected to AP as a trunk

                                 ASA(Inside interface 2 is connected to netgear switch (L3 managed) as a trunk

                                 WLC is connected via port 1 and 2 to netgear switch as LAG


ASA inside has DHCP and all clients will get a valid DHCP lease


Because of the existing design, the management address of WLC and AP are and respectively .However, once I configure the LAG on the 2504 controller I am not able to manage my WLC anymore (being connected to the netgear switch directly with ip


Any recomendation of the setup? This is the first time I am setting up a wireless cisco controller so any recommendation would be welcomed.


Should the AP and WLC be on the same subnet?If yes should they be on the "inside" or the "DMZ" interface or it doesn't really matter? 




Everyone's tags (2)
VIP Purple

Check this link: http://www

Check this link:



New Member

According to the cisco

According to the cisco documentation, no LAG is used.Also the WLC and the AP are part of the same subnet? Is that best practises?

VIP Purple

Yes, AP and WLC in same

Yes, AP and WLC in same subnet is best practice to have.


New Member

Thanks Sandeep- I will

Thanks Sandeep- I will reconfigure the WLC and AP and post back. I assume the management port will go on port 1 and be the only ap-manager ?

VIP Purple

Yes,you don't to configure AP


you don't to configure AP manager.

On the old WLC models like 2100, 2006,4400  had to configure the management interface for managing the WLC and the AP manager so that the APs could create the LWAPP or CAPWAP tunnel to the WLC.

On the new model of WLCs like the 2500,5508 the AP manager interface is not required, the management interface if it has the check for dynamic interface it will work at the same time as the AP manager interface.


New Member

I've connected port 1 of the

I've connected port 1 of the controller to the netgear as access port (that would take a 10.1.0.x address which will act as a management port as well). Port 2 of the controller would be connected directly to the DMZ port of the ASA in order to get a 172.1.1.x address and be used for GUest Wifi. For simplicity I will connect the AP to the same L2 as the Controller (10.1.1.x network) . However , If I try to create another interface for the internal clients for the same subnet I get a subnet configuration error (tried to add interface "internal clients" but becasue of the ip/subnet conflict the WLC reset them to )


(Cisco Controller) >show interface summary



Number of Interfaces.......................... 4



Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

guest                            2    20     Dynamic No     No

inside-clients                   1    10         Dynamic No     No   <-if I try to configure ip ,it conflicts with management interface

management                       1    untagged       Static  Yes    No

virtual                          N/A  N/A    Static  No     No



Am I right to assume that I can map the management interface to the SSID to act as the internal clients subnet even though traffic between controller and netgear is untagged? I've managed to set up the SSID (using the management interface thought ) and got internal IP from ASA DHCP




CreatePlease to create content