Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Connecting WLC 5508 to 2 different network devices. Possible?

Hi,

I have an existing 5508 port 1 and 2 connect to core switch using LAG.

Vlan 10 is management vlan (dynamic AP management enabled)

vlan 100 is staff vlan

I plan to add another Guest vlan (vlan 200) in the WLC but using port 3 and connect to internet router directly so that guest can only go to the internet.

Is this possible?

How?

Thank you.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Connecting WLC 5508 to 2 different network devices. Possible?

But I want to separate the guest users from going into internal network.

What you are about to do, i.  e.  assign each dynamic interface to a port, is do-able.  People are doing it now.  However, know the risks.  One of them is that you won't have redundancy.  What happens if you wind up having nine dynamic interfaces?  Doesn't stack up.

Alternatively, you can get a proxy server and you push your Guest traffic to the proxy server.  If you have a firewall you can also explicitely put up firewall rules preventing guest access to corporate network and vice versa. 

How can this be done?

First, you create a guest dynamic interface.  Assign the guest dynamic interface a distribution port.  Next create a guest SSID and assign the guest SSID to the guest dynamic interface.

13 REPLIES
Hall of Fame Super Gold

Connecting WLC 5508 to 2 different network devices. Possible?

Yes it can be done.  Some people have done this but do consider that by doing this you take away link redundancy.

Alternatively, you put your distribution ports into a LAG and enable all the VLANs you are using.  Use a router or a Layer 3 switch or a firewall to push the traffic to their respective destination.

New Member

Connecting WLC 5508 to 2 different network devices. Possible?

But I want to separate the guest users from going into internal network. Prefarably guest user can directly go to internet. That is why I was planning to connect the WLC to an internet router just for guest user to go internet.

How can this be done?

Hall of Fame Super Gold

Connecting WLC 5508 to 2 different network devices. Possible?

But I want to separate the guest users from going into internal network.

What you are about to do, i.  e.  assign each dynamic interface to a port, is do-able.  People are doing it now.  However, know the risks.  One of them is that you won't have redundancy.  What happens if you wind up having nine dynamic interfaces?  Doesn't stack up.

Alternatively, you can get a proxy server and you push your Guest traffic to the proxy server.  If you have a firewall you can also explicitely put up firewall rules preventing guest access to corporate network and vice versa. 

How can this be done?

First, you create a guest dynamic interface.  Assign the guest dynamic interface a distribution port.  Next create a guest SSID and assign the guest SSID to the guest dynamic interface.

New Member

Connecting WLC 5508 to 2 different network devices. Possible?

Okay thanks. I will try and see if it works or not.

By the way, the LAG is in enable status. Do I need to disable this function?

Hall of Fame Super Gold

Connecting WLC 5508 to 2 different network devices. Possible?

You need to disable LAG if you want to do what you need.  You also need to reboot the controller.

New Member

Connecting WLC 5508 to 2 different network devices. Possible?

So that means the original configuration where management and staff interface running on LAG on port 1 and 2 will not be able to do etherchannel anymore if I want to do what I need?

Instead to do what I need, I should map management interface and staff interface to port 1 and port 2 as backup?

while port 3 mapped to Guest interface?

Correct me if I am wrong.

TQ

Hall of Fame Super Gold

Connecting WLC 5508 to 2 different network devices. Possible?

It's either you enable LAG or you disable.  There will be no "secondary" or "backup" port once you disable LAG.  I've been telling you that.

New Member

Connecting WLC 5508 to 2 different network devices. Possible?

Okay. So with LAG disabled,

It means that I can only use 1 distribution port which is for example, port 1 for management and staff interface which connect to core switch.

While mapping my Guest interface to port 3 at WLC which connects directly to internet router for guest to go internet only.

Am I right with this setup?

Hall of Fame Super Silver

Re: Connecting WLC 5508 to 2 different network devices. Possible

Yes... Like Leo mentioned you first need to disable lag. Now you can define a primary port and a backup (optional) port if you want. So for example, for management, port 1 is primary and port 2 is backup. For staff, port 2 is primary and port 1 is backup. For guest, port 3 is primary and port 4 (optional) is backup. This gives you some redundancy on the links.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Connecting WLC 5508 to 2 different network devices. Possible?

What about the configuration at core switch? If I disable LAG, both port 1 and port 2 will be trunk port allow management vlan and staff vlan. Will the core switch see it as a loop and disable one of the port through spanning tree?

Connecting WLC 5508 to 2 different network devices. Possible?

Without link aggregation, the switch will see a L2 loop and spanning tree will block one of the links.

If you have two links, setup a L2 port channel on the switch, configure it as a trunk and enable LAG on the WLC

New Member

Connecting WLC 5508 to 2 different network devices. Possible?

Right . Thanks for the suggestion and information. I will try it out.

Connecting WLC 5508 to 2 different network devices. Possible?

Yes, it is possible that guest can only go to the internet whwn you add the Guest Vlan in the WLC using port 3

833
Views
0
Helpful
13
Replies
CreatePlease to create content