Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CAPWAP Wireless VLAN in Routed Campus LAN

I am configuring CISCO Wireless LAN Controller in College campus. we have the following components
 
 1. CISCO 4510R as core switch and a centralized WLC is connected to Core Switch
 2. CISCO 3560 L3 switch at Distribution Layer Switch
 3. CISCO LWAP 1142
 
I want to configure Wireless VLAN in a college campus. Wireless LAN.  The requirement is to configure Distribution switch as L3 so that VLAN will not reach till the Core Switch. That is the Link between Distribution and Core Switch will be Layer 3 routed link and not a Trunk Link.
Since it is a routed back bone environment, VLAN is configured only in distribution layer switches. So, these configured VLAN will not reach core
switch.
  
With that said, is it technically possible to achieve the Wireless VLAN in this above proposed setup.?

Do I have to configure Trunk between Distribution Switch (APs are connected) and Core Switch (WLC is connected), to pass the Wireless VLAN in the trunk link?

 

Advance Thanks for reading and helping to get it clarified

 

SAIRAM
 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

The WLC also blocks broadcast

The WLC also blocks broadcast unless you enable that. If you want to have wireless user traffic to egress at each building, then you need to look at FlexConnect. 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_flexconnect.html

Scott

-Scott
*** Please rate helpful posts ***
VIP Purple

Hi Sairam,Pls find the

Hi Sairam,

Pls find the response to your query.

Without deploying H-REAP/FLEXCONNECT the question is :
Will this Wireless VLAN work in the Routed backbone environment?

​Yes, you need to remember in centralized WLC deployment with  local mode AP, wireless user vlans present to wired network from WLC & not from AP. So in your access layer, you do not need to have WLAN related vlans. Only AP management vlan exist at your access layer. All wireless user traffic will be encapsulated onto CAPWAP from AP management IP to WLC management IP & then WLC will remove CAPWAP & release those into wired network as normal Ethernet frames.

Do the Link between Distribution and Core need to allow the Wireless VLAN ID?

No, Wireless vlan ID define on your WLC connected distribution switch. WLC connected ports are configured as trunk ports & allow wireless VLAN ID acorss this trunk link.

 

HTH

Rasika

*** Pls rate all useful responses ****

20 REPLIES
Hall of Fame Super Silver

If you want a centralized WLC

If you want a centralized WLC deployment and have the WLC connected to the CORE, then your vlans for the clients would have to be defined on the CORE.  This is probably what you don't want.  You want to connect the WLC to the DISTRO and have your vlans for the WLC management and the wireless defined there.  Then traffic that has to egress out, will hit the CORE.  The WLC would have a trunk that allows all the vlans for management and your dynamic interfaces that are defined.  This is how I would design and deploy.  This way from your DISTRO and your CORE, its L3 still.

Scott

-Scott
*** Please rate helpful posts ***
New Member

Hey Scott - Thanks for your

Hey Scott - Thanks for your response.  As per my client requirement, the WLC has to be at the Core only. My question is, in order to deploy the Wireless VLAN Solution, do I have to extend my VLANs from the Access/Distro to the Core by making the link between Core and Distro to be Trunk.

By avoiding the trunk link I can stop the L3 broadcast from Distro to Core. Is it possible  to configure Wireless VLAN over WAN or Routed campus LAN environment

Thanks

 

SAIRAM

Hall of Fame Super Silver

Well why you you trunk if you

Well why you you trunk if you want L3 between the distro and the core. To better understand this, all traffic when the AP's are in local mode gets tunneled to the WLC. The WLC then has an interface on the vlan's/subnets that client will be placed on.  If your distro are doing L3 and you have a L3 between the distro and the core, then your WLC should be placed on the distro unless you plan on creating the wireless user vlan's on the core. 

Scott

-Scott
*** Please rate helpful posts ***
New Member

Hi Scott - Let me go deep in

Hi Scott - Let me go deep in design aspects and explain you my requirement

It is a University having 8 different buildings. Each Building having one Distro and its access layer switches.

I have one WLC. So, I am forced to connect it centrally Thus it is on the Core Switch.

In order to avoid access layer Broadcast to reach till core we decided to use a Routed Campus LAN model. Each Building is configured as different subnet. So, the VLANs are not configured at Core. Clients default gateway VLAN Interface is at Disto itself

So far it is perfect for Wired LAN environment. But when introducing Wireless VLAN, I got challenge to understand, do I need to extend the Wireless VLAN  and make the link between core and disto as trunk link

Hope this explanation is clear to understand

SAIRAM

 

 

 

 

Hall of Fame Super Silver

If you have the WLC at the

If you have the WLC at the core, that is fine. Just need to create the wireless subnets at the core. The AP's will still be able to join the WLC. This is the same design as if each floor in a building is l3 to the core. 

Scott

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

The WLC also blocks broadcast

The WLC also blocks broadcast unless you enable that. If you want to have wireless user traffic to egress at each building, then you need to look at FlexConnect. 

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_flexconnect.html

Scott

-Scott
*** Please rate helpful posts ***
New Member

Thank you Scott

Thank you Scott

Hall of Fame Super Silver

No problem. Glad to help

No problem. Glad to help.

Scott

-Scott
*** Please rate helpful posts ***
New Member

Hi Scott - Does it mean that

Hi Scott - Does it mean that we don't need Trunk link between Core & Distribution?.

So, the Wireless VLANs that are broadcasted in SSIDs are encapsulated in the CAPWAP tunnel?

SAIRAM

 

Hall of Fame Super Silver

If you will deploy in

If you will deploy in FlexConnect local switching mode, then traffic does not come back to the WLC and each AP is connected to a trunk port. 

Where do you want the traffic to go, locally at each building or directly to the core?

Scott

-Scott
*** Please rate helpful posts ***
VIP Purple

Hi If you like, you could

Hi 

If you like, you could have a separate distribution switch for your wireless. So all your wireless vlan SVI define on this switch & your WLC will connect to this distribution switch as well.So from to Core to this distribution switch you running your L3 routing.

In this way , you can have your core layer without having any user traffic termination

HTH

Rasika

**** Pls rate all useful responses ****

 

New Member

Hi Rasika - Thank youAs you

Hi Rasika - Thank you

As you suggested I can have a separate distribution switch dedicated for WLC. Currently my Wired campus LAN is a Routed backbone where VLAN is local to the access and the VLANs does not cross across the Distribution switch. So, from Distribution to Core it is running Static routing and the Link between Distribution to core is not having Trunk link.

 

Now we are introducing Wireless VLANs in CAPWAP. The APs are at Access layer. I have 6 SSIDs mapped to different VLANs. I can configure a trunk between WLC and the ports on the Core switch connected to this WLC.

 

Without deploying H-REAP/FLEXCONNECT the question is :

will this Wireless VLAN work in the Routed backbone environment? Do the Link between Distribution and Core need to allow the Wireless VLAN ID?

 

Thanks in advance for your time and ideas

SAIRAM

VIP Purple

Hi Sairam,Pls find the

Hi Sairam,

Pls find the response to your query.

Without deploying H-REAP/FLEXCONNECT the question is :
Will this Wireless VLAN work in the Routed backbone environment?

​Yes, you need to remember in centralized WLC deployment with  local mode AP, wireless user vlans present to wired network from WLC & not from AP. So in your access layer, you do not need to have WLAN related vlans. Only AP management vlan exist at your access layer. All wireless user traffic will be encapsulated onto CAPWAP from AP management IP to WLC management IP & then WLC will remove CAPWAP & release those into wired network as normal Ethernet frames.

Do the Link between Distribution and Core need to allow the Wireless VLAN ID?

No, Wireless vlan ID define on your WLC connected distribution switch. WLC connected ports are configured as trunk ports & allow wireless VLAN ID acorss this trunk link.

 

HTH

Rasika

*** Pls rate all useful responses ****

New Member

Hi Rashika - I did this is a

Hi Rashika - I did this is a lab environment. This is my observation. Please comment

 

If a CAPWAP client needs to communicate with the Wired host at the access layer switch , the access layer switch needs to know the MAC address of the Wireless Client. So, in order to learn the MAC address of the Wireless Client the Link between Core (Where WLC is connected) and the access layer switch need to be on the Trunk.

 

If there is not requirement for communication between Wired and Wireless host the Link between Access layer and Core switch can be routed and not carrying  the Wireless VLAN IDs.

 

I hope this learning after a experiment  is correct ?

Thanks

SAIRAM

VIP Purple

Hi SAIRAM,you can think of

Hi SAIRAM,

you can think of all your wireless users (irrespective of their location of association to a AP) as wired users in a hypothetical 9th building. This is because all wireless client information MAC, IP visible to rest of the wired network only from the Distribution switch where your WLC connected.

So wireless user & a wired user communication in a same building is equivalent to two wired users communication in two different building (where they are L3 separated)

Hope you get my point, If not please let me know

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Snarayanaraju,This is pretty

Snarayanaraju,

This is pretty much how our network is set-up too. We've transitioned over to mostly a Routed Campus LAN model. Our WLC is located in the server farm, which is where our core switch is located. Our distro switches aren't located in an ideal place to locate our WLC, to connect directly into the distro vice core. We run L3 only between our distros and core switches.

We do have another wireless network (our morale), which is L2 only and the WLC for that network is connected directly to the Distro, and we don't use any PTP wireless bridges with this network, only our other wireless network.

For our main wireless network, most of the L3 SVIs are placed on the building access switches, and setup as EIGRP stubs, which have L3 routed ports to our distro switches. We do have some older configurations for a few of our wireless enclaves, that have L3 SVIs on the Core Switches in a GLBP fashion, that are on the same subnet of the dynamic interfaces created on the WLC.

New Member

We are in the process of

We are in the process of moving to a mostly routed Campus, and had similar questions and a few more. We will be using only EIGRP, with each enclave set-up as a stub. I was wondering if I can modify our wireless network to be strictly routed, and remove all the trunk/access configurations from the switch ports facing  theAPs, and hard code (static) all of them to IP routed ports. We only have one WLC active, with one back-up. The WLC is facing our core switches in a LAG set-up. The network was originally set-up with all the dynamic interfaces for each AP set-up in a GLBP fashion between our two cores. Each AP had a dynamic interface created in the WLC and added to one AP group. All of our APs are now connected via ethernet to the wired infrastructure, so none of our APs are in true MESH fashion anymore. We use Microsoft DHCP to issue out IPs to our APs.

I was wondering if I can remove the dynamic interfaces from the WLC, and use EIGRP to sort of the routing of our wireless network. I would create L3 SVIs (multiple in some cases) on all the switches that APs are attached too, and modify each Microsoft DHCP scope to point to whatever AP model was used and to point to the WLC. Now, what I'm unsure on, how would this behave with no Native Vlan/User Vlans configured on trunk ports pointing toward the AP. I was thinking of using what was once used at the Native Vlan (subnet info), and using that same subnet to create a IP routed port facing the AP and modify the AP IP via the WLC to select static assign. I can place IP helper addresses under the routed port to face our DHCP server (not sure if this really matters, if I already place them under the user L3 SVIs). Before, I had a DHCP scope for the native and user subnet. Would the AP still be able to connect to the WLC correctly, if I delete the scope (used before for the native vlan), since it usually resolved the WLC IP via option 43 (it can use DNS instead). I would imagine so, since I will be placing these networks under EIGRP to advertise within our Campus, which has L3 reachability to the WLC. And under the user subnets, I would still configure the Microsoft DHCP scope to face the AP model and controller IP. There just woundn't be a scope for the subnet that use to be for the Native Vlan. For any new set-up, I would pre-provision the AP under a user subnet access port, and then hard code it within the controller a static IP, to deploy later at the new site. For routed networks, are dynamic interfaces really necessary on the WLC? As long as L3 is working as intended, and the user switch has reachability to the Microsoft DHCP server, then users should be able to pull IPs fine through, correct? I've tested already with a PTP bridge we have, and hardcoded the ports to IP routed ports, and advertised it via EIGRP, and haven't noticed any issues with the customers pulling new IPs. I wanted to gather more information before deploying this for across the board to our other types of wireless set-ups. I'm not using FlexConnect. I've moved most of our 1552e APs over to local mode recently, which have wired connections to the LAN.

VIP Purple

HiRemember that WLC is a L2

Hi

Remember that WLC is a L2 device & having no capability of running any routing. So thinking about EIGRP between WLC & your switch is useless.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

I understand EIGRP doesn't

I understand EIGRP doesn't run between the WLC and a switch, but unclear on a few things. For one of our PTP wireless bridges (using 1552 APs) I recently made the ports IP routed facing both APs, and statically assigned them in the WLC. I didn't modify the user L3 SVIs, which was a different subnet than what the AP was on. I removed the dynamic interface in the WLC for the AP subnet, and removed the VLAN # that the AP was part of from the etherchannel between the WLC and our core switch. In the WLC, under MESH, I changed the ethernet bridging on both APs to normal, from Trunk. And, I noticed no difference on the surface after doing this. Both APs can ping the WLC, and the clients can pull new IPs. I can still see the APs in the WLC. The subnet they are on is different from the management subnet on the WLC. I didn't originally set-up this PTP wireless to wired bridge. So, I'm wondering if the dynamic interface on the WLC and/or the VLAN # placed on the Etherchannel between the WLC and core switch served any purpose for this PTP wireless to wired bridge. What am I losing here? Any particular management/control functions.

Yesterday, I pre-provisioned a new 1552 AP to the WLC, and used an access port that was on a subnet/vlan that isn't configured on the WLC, and the vlan # isn't part of the etherchannel between the WLC and Core switch, but still had reachability to the WLC. This is what I'm unclear on, since it appears to make it through our L3 Eigrp network to the Core switch and via our L2 etherchannel to the WLC somehow. We have a bunch of VLANs listed on the etherchannel between the WLC and Core switch. I was wondering for our PTP wireless to wired bridges, If I can say use one VLAN for management/Native (say Vlan 90), and one Vlan for data (say Vlan 100), to place on the Etherchannel between the WLC and Core switch, and not configure a dynamic interface on the WLC for these Vlans to clean up our network, instead of having multiple Vlans for each our new wireless PTP enclaves, since each enclave is set-up as a Eigrp stub, and the Vlan info is locally significant. Based on my test results mentioned above, I'm still unclear if I even need a native vlan/user vlan placed on the etherchannel between the WLC and core for PTP wireless to wired bridges.

New Member

I forgot to add, I've hard

I forgot to add, I've hard coded every AP via HA in the WLC, with the primary and back-up WLC 's hostname and IP. I don't have any AP on the same subnet as the management subnet of the WLC.

1224
Views
29
Helpful
20
Replies
CreatePlease to create content