Solved: Re: Question about 2504 Wireless Controller - Page 2

kennin.simmons · ‎01-04-2012

Hello,

I am tasked with configuring a 2504 wireless controller. Is it possible to assign an SSID to an interface that has dynamic ap management enabled?

Scenario:

Location1:

1) 10.0.0.0/24

2)192.168.0.0/24 DMZ

Location 2:

1) 10.0.5.0

Both locations are routable using network 1 at each location. However, I need to configure several access points and send them to location 2. These access points will communicate with the controller at location 1 on network 1. Two SSIDs will need to be on network 1 at location 1. The other SSID will be on Network 2 at location 1. This network is not routable.

Thank You for your help.

kennin.simmons · ‎01-05-2012

I only have 6 AP's. Is it possible to to implement a cisco wireless controller on 1 flat network? (1 subnet) If so, how?

Scott Fella · ‎01-05-2012

All you need to do is assign the SSID to the management interface for your internal SSID. Your guest SSID will use a different interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

kennin.simmons · ‎01-05-2012

That's my issue. The access points do not communicate with the controller unless dynamic ap management is enabled. Once I enable dynamic management on an interface, I am unable to assign an ssid to that interface.

Scott Fella · ‎01-05-2012

Create another interface on the wlc with an ip address on the same subnet as the management interface and then enable dynamic ap manager to the management interface and put the SSID on the other interface. You can have multiple interfaces on the same subnet if you have dynamic ap manager enabled.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

kennin.simmons · ‎01-05-2012

I'm getting "IP information conflicts with another interface" when trying to configure port 3 on the same subnet as port 1

I have dynamic ap management enabled on

Port 1

Vlan Tag 0 (untagged)

IP: 10.0.0.4

SM: 255.255.255.0

GW:10.0.0.5

Dynamic AP Management Enabled

Port 3

Vlan Tag 0 (untagged)

IP: 10.0.0.6

SM:255.255.255.0

GW: 10.0.0.5

Stephen Rodriguez · ‎01-05-2012

you should be able to assign the management interface to an SSID, even with ap-manager enabled under it. Any other interface you create to be an ap-manger, can not be assigned, as it is then locked to being for AP communication only.

You might want to clear the config, and restart, and leave the management interface as the default setting of ap-manger. Mthen you should be able to set it under the SSID.

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

kennin.simmons · ‎01-05-2012

I think I have it configured. I have three interfaces

management 10.0.0.4 dynamic ap enabled

main network 10.0.0.6 dynamic ap enabled

dmz 192.168.0.4

Since adding the second interface with dynamic ap enabled, I am now able to assign an ssid to the mangement interface. I am unsure of why I can't assign an ssid to the main network. I'm guessing that the AP's will communicate with the 10.0.0.6 interface.

Scott Fella · ‎01-05-2012

They would communicate with either interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-05-2012

I agree... Something is not right. Follow this guide when going through the startup script.

http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-05-2012

Kennin,

FYI.... I just actually did an install with a 2504 today. The setup was an internal network and a guest network in the dmz. I configured the management with dynamic ap managemet 10.8.0.0/24. I then configued another interface for the internal network on a differen subnet 10.32.0.0/24. The guest network was also on a differnt subnet and I configured the interface on a 192.168.0.0/24.

Management: 10.8.0.0 Port 1 primary Port 2 backup - Dynamic ap manager enabled

Internal: 10.32.0.0 Port 1 primary Port 2 backup - Dynamic ap manager disabled

Guest: 192.168.0.0 Port 3 primary no backup port - Dynamic ap manager disabled

-Scott
*** Please rate helpful posts ***

kennin.simmons · ‎01-07-2012

I was able to get it working. Thanks for your help. I learned alot. I'm not sure what the bug was. But I had to have to interfaces with dynamic management enable. I was unable to wipe the unit and start from scratch since part of the config was done from by another company. I was able to get it working and I installed it. Once again thanks for all your help.

Steve Carter · ‎03-16-2012

Scott Fella thanks for the great info.

I am setting up a 2504 in pretty much exactly the same method you described above, but I do have a couple of questions.

1- physical ports 1&2 are carrying the 10.8.x.x and 10.32.x.x networks, are those physical ports on the WLC trunked to

the switch allowing both vlans?

2- Which network are the APs in?

bonus question-

The documentation linked above says that the management interface "is used for communications between the controller and the APs" and that the AP-Manager interface "is used as the tunnel source for packets from the controller to the AP"

So if the AP-manager interface is being used as a tunnel endpoint for communications with the AP, what communication is being done by the management interface (assuming the management interface is NOT configured as an AP-manager interface)?

Thanks man. I'm learning a lot.

Steve.

Stephen Rodriguez · ‎03-16-2012

It depends on if you have the backup port set on the interface or not. If you don't have the backup configured it won't matter either way.

I would recommend that you set the backup port and trunk both VLAN on both ports.

The AP can be in any VLAN do long as it has reach ability to the management interface. Though I would not recommend that they be in any dynamic interface VLAN.

For the bonus. The management interface will be the management of WLC of course but it is also the source for any 802.1x authentication that will happen.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella · ‎03-16-2012

Okay... Every interface you create on the wlc, you need to allow on the trunk port. Here is an example:

Management is on vlan 100, I will make primary port 1 and backup port 2.

APs will be places in a different vlan, vlan 101

Internal Users will be on vlan 102

Internal other devices on vlan 103

Guest on vlan 299

So I will make the management primary port 1 and backup port 2. I will put internal vlan 101 & 102 primary port 2 and backup port 1. Guest will be primary port 3 and backup port 4. So I will connect all four ports and it will be a trunk port. For port 1-2, allow vlan 100, 101, and 103. For port 3-4, that also would be a trunk port only allowing vlan 299. The AP's that are on vlan 101 just needs to have connectivity to vlan 100 so make sure routing is in place.

You don't have to use all four ports on the wlc if you don't want, but what ever you define as primary and backup ports on an interface on the wlc, you need to allow those vlans.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Steve Carter · ‎03-19-2012

Thanks Scott again for the info.

Let me just make sure I'm following along correctly.

management- vlan 100

APs- vlan 101

Internal SSID- vlan 102 (& 103?)

Guest SSID- vlan 299

management- primary port 1, b/u port 2, internal SSID- primary port 2, b/u port 1, guest SSID- primary port 3, b/u port 4

port 1 and port 2- Trunk 100, 101(?), 102, and 103?

port 3 and port 4- Trunk 299(?)

So this is where I get a little confused. In your notes above you say the trunk for ports 1 and 2 only allows 100, 101 and
103. What about vlan 102? And why would 101 need to be added to the trunk since wouldn't that traffic be routed (and not at layer 2)?

Does the guest SSID (vlan 299) also need to communicate with the APs in vlan101?

Also just a general question- Why put the APs in a separate vlan? I understand that they can be in any vlan, but is there some logic behind isolating them? Couldn't I just place them in the same vlan as the AP-manager interface to facilitate more direct communication?

Thanks again.

Steve.