Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Clarification regarding WLC 's interfaces

Hi Netpros,

I am about to deploy WLC and LWAPP solution. I have only done Autonomous set up in the past and so would appreciated some clarification regardig the below points:

1.- switch port connected to LWAPP access points must be an access port (not trunk) correct ?

2.- switch port connected to WLC 44+ must be a trunk (assuming I need to map SSID to different vlans) correct ?

3.- WLC 44+ port can only be connected to a gigabit port .. so I can't change its speed in order to connect it to a fastethernet port .. correct ?

4.- What exactly is Management interface, service port, AP manager ..etc so many names I am getting confused.

5.- What is layer 2 and layer 3 mode .. I am also confused here.

6.- If I want all my LWAPP access points on vlan 10 (for argument sake) .. which WLC's interface do I need to place on vlan 10 in order for the access points to register ? I want to have LWAPP and WLC on the same vlan but with so many inteface names I don't know which one I have to use (AP manager ? perhaps )

7.- If I want SSID 1 (vlan 11), SSID 2 (VLAN 22). How do I configure the WLC interfaces (which one do I need to use .. create ..?) so that clients using SSID 1 can communicate on its respective VLAN 11

8.- Microsoft IAS and PEAP .. do I need to set up every access point as radius client ? or do I only need to configure the WLC as radius client .. and if so which WLC interface's IP address do I need to use on the radius server (IAS)

I apologize for so many questions and really appreciate your feedback which - as always - I am sure will make things clear.

Cheers,

8 REPLIES

Re: Clarification regarding WLC 's interfaces

1.- switch port connected to LWAPP access points must be an access port (not trunk) correct ?

(A) Correct, Cisco recommends no more then 70 or so APs per VLAN. You can do more then 70 and in fact put all of your APs in the same VLAN. But if the controller ever goes dark it could take a bit longer for the APs to join.

2.- switch port connected to WLC 44+ must be a trunk (assuming I need to map SSID to different vlans) correct ?

(A) Yup yup. You can truck the switch or Echannel it and use LAG on the controller.

3.- WLC 44+ port can only be connected to a gigabit port .. so I can't change its speed in order to connect it to a fastethernet port .. correct ?

(A) Yup yup. again. GIG only. Wont connect otherwise.

4.- What exactly is Management interface, service port, AP manager ..etc so many names I am getting confused.

(A)

Manager is the IP address you will use to manage the controller. Its the way the controller see's the world.

AP Manger is used for the APs to phone home to. This interface is not pingable. Nothing special with this interface.

Service Port ... think about out of service management for the WLC. Suppose you lose network connection to the WLC manager interface. You can jack right into the service port. I have also put this on the network before so you can still access the WLC remotely.

5.- What is layer 2 and layer 3 mode .. I am also confused here.

(A)

Layer 2 --- Think about deploying your entire WLAN on one subet. So your APs and WLC are all in the same subnet.

Layer 3 -- This is used when you have your APs on other subnets ect..

You can actually console into the LWAPP ap during the join process. you will see the AP send a 255.255.255.255. This is a join attempt by the AP to find a controller on its subnet.

6.- If I want all my LWAPP access points on vlan 10 (for argument sake) .. which WLC's interface do I need to place on vlan 10 in order for the access points to register ? I want to have LWAPP and WLC on the same vlan but with so many inteface names I don't know which one I have to use (AP manager ? perhaps )

(A) The beauty of the WLC is you dont have to have the APs on the same VLAN as the controller, unless u are layer 2. The access layer teh APs are on just need to be routable to the AP interface.

7.- If I want SSID 1 (vlan 11), SSID 2 (VLAN 22). How do I configure the WLC interfaces (which one do I need to use .. create ..?) so that clients using SSID 1 can communicate on its respective VLAN 11

(A)

You map the SSID to VLAN under the WLANs tab. You Create the wired side info (VLANS) under the controller tab

8.- Microsoft IAS and PEAP .. do I need to set up every access point as radius client ? or do I only need to configure the WLC as radius client .. and if so which WLC interface's IP address do I need to use on the radius server (IAS)

(A) Advantage of the WLC, you use the WLC as the client to a Raduis server. The management address..

I apologize for so many questions and really appreciate your feedback which - as always - I am sure will make things clear.

Cheers,

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: Clarification regarding WLC 's interfaces

Hi gstefanick,

Thanks for your response.

On point 4 Would you (or anybody) please elaborate a bit more on this .. so is the Management interface the one I need to use for accessing the controller by telnet ,http ..etc ? Is it also the same interface that the access points communicate with ?

"AP manager is used for the APs to phone home to .." What do you mean ..? Do I need to configure this in order to get the APs to register ..? do I need this at all when all the APs and the WLC management interface are on the same VLAN - which is what I am intending to do ?

On point 5. Are you saying that layer two is when I have all the LWAPP and the WLC' management interface on the VLAN ? and layer three is when I have LWAPPs on different VLAN than the WLC's management interface ?

Appreciate your help !!!

Re: Clarification regarding WLC 's interfaces

Thank you for rating the post.. I really appreciate that :)

On point 4 Would you (or anybody) please elaborate a bit more on this .. so is the Management interface the one I need to use for accessing the controller by telnet ,http ..etc ? Is it also the same interface that the access points communicate with ?

(A) Yes, the manager interface is the interface you would HTTPS, TELNET, etc too. This is a live interface much like a gateway if you will.. You would also point the radius to this address and WCS.

"AP manager is used for the APs to phone home to .." What do you mean ..? Do I need to configure this in order to get the APs to register ..? do I need this at all when all the APs and the WLC management interface are on the same VLAN - which is what I am intending to do ?

(A) So when the AP fires up and if you console into the LWAPP AP you will see this first hand. You will see by default the AP will try a number of attempts to join the controller.

1) It will do a 255.255.255.255 broadcast in an attempt to find the controller on layer 2. If your controller is on different vlan / subnet then the AP will fail and not join.

2) It will also try and get a DHCP. If you use DHCP option 43, the DHCP address will have the ip address of the management interface of the controller

3) Or you can use DNS. This is the option i do often and i find it to be the easier option for our deployments. So if the above 2 fail, the AP will try and resolve CISCO-LWAPP-CONTROLLER via DNS. You will want to create an A record with the above name in your DNS and have it resolve to your controller's management address.

4) There is a 4th option and thats manually going into the console cli of the AP and add the controller IP address. A bit of a pain...

If you plan to keep the WLCs and the APs in the same subnet they should fine the controllers via the broadcast.

On point 5. Are you saying that layer two is when I have all the LWAPP and the WLC' management interface on the VLAN ? and layer three is when I have LWAPPs on different VLAN than the WLC's management interface ?

(A)Correct, if you deploy lets say your entire deployment access points and WLC in the same subnet this will be layer 2. In fact if you deploy it in this fashion you will not have a AP manager interface. Only layer 3 will have the ap manager(s).

How many APs and WLCs you looking to deploy?? You can get fancy and have the AP managers broken out etc depending on the design.

Appreciate your help !!!

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: Clarification regarding WLC 's interfaces

On point 4 Would you (or anybody) please elaborate a bit more on this .. so is the Management interface the one I need to use for accessing the controller by telnet ,http ..etc ? Is it also the same interface that the access points communicate with ?

The management interface is your management purpose only, ap-manager interface is the communication between the WLC and the AP.

"AP manager is used for the APs to phone home to .." What do you mean ..? Do I need to configure this in order to get the APs to register ..?

Yes... this is a manditory interface you will need to configure on the startup wizard.

do I need this at all when all the APs and the WLC management interface are on the same VLAN - which is what I am intending to do ?

Yes you will need both interfaces and both need to be on the same vlan and also the switchport needs to be configure as a native vlan. On the WLC, you need to tagg the management and ap-manager interface with "0", which is untagged, because the switch port is set to native vlan.

On point 5. Are you saying that layer two is when I have all the LWAPP and the WLC' management interface on the VLAN ? and layer three is when I have LWAPPs on different VLAN than the WLC's management interface ?

You need to configure the WLC for layer3 and not layer 2. The old 1000 AP's only can do layer2 which means that it does not need an IP to join the wlc. This is going away and best practice is to always use layer3.

-Scott
*** Please rate helpful posts ***

Re: Clarification regarding WLC 's interfaces

Fella, have you deployed 5.2 yet? I understand the AP manager goes away in this version?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: Clarification regarding WLC 's interfaces

I have deployed it in a test environment and it still has the ap-manager:

http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mint.html#wp1126765

-Scott
*** Please rate helpful posts ***

Re: Clarification regarding WLC 's interfaces

Thanks fella5,

"Yes you will need both interfaces and both need to be on the same vlan and also the switchport needs to be configure as a native vlan. On the WLC, you need to tagg the management and ap-manager interface with "0", which is untagged, because the switch port is set to native vlan. "

So if I have the LWAPPS on vlan 10 (for argument sake) .. I can then configure the switchport connecting to the WLC as dot1q trunk making sure the native VLAN on that port is also 10 .. and then 'tag' the management and ap-manager interfaces as 0 (no tag) and then allocate IP addresses to those interfaces on the range belonging to valn 10 .. Correct .. would that work ?

Appreciate your help !!!

Hall of Fame Super Silver

Re: Clarification regarding WLC 's interfaces

If your management and ap managers are on vlan 10, you tag your wlc management and ap manager to "0" and set your trunk port to native vlan 10.

If your LAP's are going to be on vlan 10, then all that is required on the ap switch port is switchport access vlan 10. Make sure you have dhcp on vlan 10 so the ap can get an ip address and join the wlc.

If you LAP's will be on a different vlan, then you can follow the sets above to allow the LAP to join the wlc. Then you would change the switch port to vlan x and then reboot the ap. As long as dhcp is running on vlan x, your ap will get an ip address and join the wlc. Make sure routeing is enabled between vlan x and vlan 10.

You can also setup option 43 or dns if you pla on putting the LAP's on a different subnet from the management and ap manager interface.

-Scott
*** Please rate helpful posts ***
188
Views
12
Helpful
8
Replies
CreatePlease to create content