Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

controller | AP | conf

Hello Support Community,

Please guide me on best practise configuration on WLC | AP | Switches

Controller - 5508

L3 switch - Catalyst 4509

L2 switch - Cisco 2960

1 -  What is the configuration required on L3 switch connecting WLC 

2  -   If I have 3 SSID then should I connect to 3 ports of WLC to L3 switch or single port

3  -   what is the configuration required on the L2 switch port connecting AP

4 -   What configuration is required on the AP to join the Controller, should be have static or dynamic IP  for AP

                  

Thank You

JP

  • Getting Started with Wireless
5 REPLIES
VIP Purple

controller | AP | conf

HI Jean,

1 -  What is the configuration required on L3 switch connecting WLC 

You need to configure initial config..

http://www.xerunetworks.com/2012/05/cisco-5508-wlc-setup-and-initial-configuration/

http://ciscowlc.blogspot.de/2012/06/initial-configuration-for-cisco-wlc.html

2  -   If I have 3 SSID then should I connect to 3 ports of WLC to L3 switch or single port

Yes or No, but I will recommand to use only one port(Port 1).

3  -   what is the configuration required on the L2 switch port connecting AP

L2 Swicth Config:

interface FasttEthernet0/xx

switchport access vlan 80

switchport mode access

4 -   What configuration is required on the AP to join the Controller, should be have static or dynamic IP  for AP

*** In my example AP and WLC are in vlan 80.

You can configure like this on Layer 3 Swicth :

1. Create a DHCP pool from AP will get a IP via DHCP.

2. Connect WLC at right ports:

ip dhcp excluded-address 10.xx.80.1 10.xx.80.100

ip dhcp excluded-address 10.xx.80.115 10.xx.80.254

ip dhcp pool WirelessLAN

   network 10.xx.80.0 255.255.255.0

   default-router 10.xx.80.254

   option 43 ip 10.xx.80.1  -----> WLC IP addres

   lease 3

WLC Connection port config:

interface FastEthernet2/0/42

description *** WLAN Controller ***

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 80,81,82

switchport mode trunk

speed 100

duplex full

Hope it helps.

Regards

Dont forget to rate helpful posts

New Member

controller | AP | conf

Sandeep,  thank you.  Your input helps alot

  • Any initial configuration required on AP unpacked from a box

  • How the traffic flow from a wireless connected user ?  user--AP--switch--WLC----server or user--AP--switch---server

  • On WLC 5508 there is RP & SP ports -  what are these ports for ??

  • Is it recommended to have one port configured for Management ??

  • Is It recommended to have one dedicated port configured for Guest SSID

  • What is the best practise for Guest SSID. i.e dhcp on WLC or L3 switch /

  • Guest traffic should pass through Local Proxy bluecoat, possible to automate proxy IP and port entry in DHCP config ( guest get ip and proxy info with DHCP )

  • best practise to secure the WLC and AP registration
Hall of Fame Super Gold

controller | AP | conf

Any initial configuration required on AP unpacked from a box

Just make sure your DHCP Option 43 is configured.

On WLC 5508 there is RP & SP ports -  what are these ports for ??

RP stands for Redundant Port.  SP stands for Service Port.  Both ports are explained in the configuration guide.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.html

Take the time and effor to read them because they will teach you A LOT.

How the traffic flow from a wireless connected user ?  user--AP--switch--WLC----server or user--AP--switch---server

This information should be explained in detail in the configuration guide (link posted above).

VIP Purple

controller | AP | conf

HI jean,

Any initial configuration required on AP unpacked from a box

No, You dont need to configure anything on AP(ZeroTouch Configurationg ). But make sure you have a DHCP pool on swicth from where AP can get IP address as well as the ip of the WLC.(Just check the last answer in point 4). Try to keep AP and WLC management in same subnet.

How the traffic flow from a wireless connected user ?  user--AP--switch--WLC----server or user--AP--switch---server

user-AP-Switch-WLC-Server. More ...:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Guest_Wireless_Access.html

On WLC 5508 there is RP & SP ports -  what are these ports for ??

  • Is it recommended to have one port configured for Management ??

  • Is It recommended to have one dedicated port configured for Guest SSID

  • What is the best practise for Guest SSID. i.e dhcp on WLC or L3 switch /

  • Guest traffic should pass through Local Proxy bluecoat, possible to automate proxy IP and port entry in DHCP config ( guest get ip and proxy info with DHCP )

  • best practise to secure the WLC and AP registration

RP is used for HA:

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113681-high-availability-dg-00.html#port

Service Port:

This port is used exclusively for Out-of-Band management. It is the only port that is active when the controller is in boot mode (useful for troubleshooting). The service port does not support 802.1Q tagging so you must configure the switch port on the other side in access mode. It does not support a backup port and a default gateway in its configuration. This last fact means that you can reach it only if you are on the same subnet (as it will not have a route back) unless you configure static routes in the menu Controller -> Network Routes.

***The service port and the management interface must be on a different subnet.The service port is also not auto-sensing so you must use the correct straight-through or crossover Ethernet cable to communicate with the service port.

Normally I use only one port for management and all other purpose.(You can also use sperate ports...).

I have DHCP on WLC for guest access, or you can have on DHCP server.

If you have firewall (I dont know about bluecoat).

You can use authrize function WLC and add the mac of the AP in it. Then only that AP will join which have the mac address in the auth. list.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70333-lap-registration.html

Regards

Dont forget to rate helpful posts.

203
Views
5
Helpful
5
Replies
This widget could not be displayed.