Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

New WLC setup

 

Hi

can someone check if my config is correct on L3 switch and access switch. any suggestion are welcome

 

@@@ L3 switch  @@@@

interface vlan 5
description - VLAN for WLC & AP
ip address 192.168.1.1 255.255.255.0

interface vlan 6
description - VLAN for Users
ip address 192.168.2.1 255.255.255.0

interface vlan 7
description - VLAN for Guest
ip address 192.168.3.1 255.255.255.0

 

ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.2.1 192.168.2.20
ip dhcp excluded-address 192.168.3.1 192.168.3.20

 

ip dhcp pool WLC&AP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 43 ip 192.168.1.2

 

@@@@ Ports connecting WLC   @@@@

interface Gi 1/0/10
switchport trunk encap dot1q
switchport trunk allowed vlan 5,6,7
switchport mode trunk
 

@@@@ Ports connecting AP @@@@

interface Fa 0/10
switchport access vlan 5
switchport mode access

 

do cisco recommend to have WLC and AP in the same VLAN in campus setup.

WLC 5508 without redundancy unit and AP are 2600 and 3600, any recommended software version. currently loaded version 7.4.121.0
How to secure Guest traffic from internal network.

WLC connected to L3 switch 4500 catalyst, Proxy bluecoat is connected as one leg to L3-switch on a different vlan with nat on firewall.

 

users-----------L3_Switch--------FW-------FW------ISP_RTR------{Internet}

 

appreciate some kind feedback

cheers

Paul

3 REPLIES
Hall of Fame Super Gold

interface Gi 1/0/10

interface Gi 1/0/10
 switchport trunk encap dot1q
 switchport trunk allowed vlan 5,6,7
 switchport mode trunk

It doesn't matter if you're just using a single physical link to your WLC or not, enable Etherchannel.  It'll be easier to do it now than later.

do cisco recommend to have WLC and AP in the same VLAN in campus setup.

If you have a very small network, it's not "best practice", but some people have done it.  

 

I would recommend that your Management IP address of your WLC be in the same subnet as the Management IP address of your switch and you don't need to put that particular subnet in a DHCP pool.  You want Management IP address to manage your network equipment to be statically assigned IP address.  You put the managment IP address of your AP in a DHCP pool, like VLAN 5.

any recommended software version. currently loaded version 7.4.121.0

Stay with 7.4.121.0 and load the latest FUS code.  This will save you precious upgrade time in the future. 

How to secure Guest traffic from internal network.

The default-gateway of your Guest Wireless VLAN is your FW.  And your FW will punt all traffic from the Guest Wireless VLAN straight out the internet.

New Member

many thanks leo.can you share

many thanks leo.

can you share Etherchannel config for 4500 catalyst and WLC or a document.

The default-GW for the guest is the L3_switch and not Firewall, what you advice in this scenario

 

i posted another discussion to assist on upgrade for WLC, if you can reply too...

 

cheers

Paul

 

 

Cisco Employee

Hello Paul, I just gone

Hello Paul,

 

I just gone through your query, and appreciate that Leo just provide you the accurate answer what was needed.

As far as your Guest traffic is concerned ,it souldn't have any issue ,as you can terminate Guest on L3 swtich on specific VLAN as the traffice is already segregated because of VLAN and then from there you can route from the GW to the internet.

For your Enterchannel Configuration please refer to the link stated below.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/channel.html#wp1020465

 

Hope that will be helpful.

 

42
Views
0
Helpful
3
Replies
CreatePlease login to create content