01-04-2012 01:26 PM - edited 07-03-2021 09:19 PM
Hello,
I am tasked with configuring a 2504 wireless controller. Is it possible to assign an SSID to an interface that has dynamic ap management enabled?
Scenario:
Location1:
1) 10.0.0.0/24
2)192.168.0.0/24 DMZ
Location 2:
1) 10.0.5.0
Both locations are routable using network 1 at each location. However, I need to configure several access points and send them to location 2. These access points will communicate with the controller at location 1 on network 1. Two SSIDs will need to be on network 1 at location 1. The other SSID will be on Network 2 at location 1. This network is not routable.
Thank You for your help.
Solved! Go to Solution.
01-05-2012 05:11 AM
I only have 6 AP's. Is it possible to to implement a cisco wireless controller on 1 flat network? (1 subnet) If so, how?
01-05-2012 05:44 AM
All you need to do is assign the SSID to the management interface for your internal SSID. Your guest SSID will use a different interface.
Thanks,
Scott Fella
Sent from my iPhone
01-05-2012 05:53 AM
That's my issue. The access points do not communicate with the controller unless dynamic ap management is enabled. Once I enable dynamic management on an interface, I am unable to assign an ssid to that interface.
01-05-2012 05:59 AM
Create another interface on the wlc with an ip address on the same subnet as the management interface and then enable dynamic ap manager to the management interface and put the SSID on the other interface. You can have multiple interfaces on the same subnet if you have dynamic ap manager enabled.
Thanks,
Scott Fella
Sent from my iPhone
01-05-2012 06:08 AM
I'm getting "IP information conflicts with another interface" when trying to configure port 3 on the same subnet as port 1
I have dynamic ap management enabled on
Port 1
Vlan Tag 0 (untagged)
IP: 10.0.0.4
SM: 255.255.255.0
GW:10.0.0.5
Dynamic AP Management Enabled
Port 3
Vlan Tag 0 (untagged)
IP: 10.0.0.6
SM:255.255.255.0
GW: 10.0.0.5
01-05-2012 06:16 AM
you should be able to assign the management interface to an SSID, even with ap-manager enabled under it. Any other interface you create to be an ap-manger, can not be assigned, as it is then locked to being for AP communication only.
You might want to clear the config, and restart, and leave the management interface as the default setting of ap-manger. Mthen you should be able to set it under the SSID.
Sent from Cisco Technical Support iPad App
01-05-2012 06:28 AM
I think I have it configured. I have three interfaces
management 10.0.0.4 dynamic ap enabled
main network 10.0.0.6 dynamic ap enabled
dmz 192.168.0.4
Since adding the second interface with dynamic ap enabled, I am now able to assign an ssid to the mangement interface. I am unsure of why I can't assign an ssid to the main network. I'm guessing that the AP's will communicate with the 10.0.0.6 interface.
01-05-2012 06:35 AM
They would communicate with either interface.
Thanks,
Scott Fella
Sent from my iPhone
01-05-2012 06:28 AM
I agree... Something is not right. Follow this guide when going through the startup script.
http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml
Thanks,
Scott Fella
Sent from my iPhone
01-05-2012 06:59 PM
Kennin,
FYI.... I just actually did an install with a 2504 today. The setup was an internal network and a guest network in the dmz. I configured the management with dynamic ap managemet 10.8.0.0/24. I then configued another interface for the internal network on a differen subnet 10.32.0.0/24. The guest network was also on a differnt subnet and I configured the interface on a 192.168.0.0/24.
Management: 10.8.0.0 Port 1 primary Port 2 backup - Dynamic ap manager enabled
Internal: 10.32.0.0 Port 1 primary Port 2 backup - Dynamic ap manager disabled
Guest: 192.168.0.0 Port 3 primary no backup port - Dynamic ap manager disabled
01-07-2012 06:48 PM
I was able to get it working. Thanks for your help. I learned alot. I'm not sure what the bug was. But I had to have to interfaces with dynamic management enable. I was unable to wipe the unit and start from scratch since part of the config was done from by another company. I was able to get it working and I installed it. Once again thanks for all your help.
03-16-2012 04:09 PM
Scott Fella thanks for the great info.
I am setting up a 2504 in pretty much exactly the same method you described above, but I do have a couple of questions.
1- physical ports 1&2 are carrying the 10.8.x.x and 10.32.x.x networks, are those physical ports on the WLC trunked to
the switch allowing both vlans?
2- Which network are the APs in?
bonus question-
The documentation linked above says that the management interface "is used for communications between the controller and the APs" and that the AP-Manager interface "is used as the tunnel source for packets from the controller to the AP"
So if the AP-manager interface is being used as a tunnel endpoint for communications with the AP, what communication is being done by the management interface (assuming the management interface is NOT configured as an AP-manager interface)?
Thanks man. I'm learning a lot.
Steve.
03-16-2012 04:23 PM
It depends on if you have the backup port set on the interface or not. If you don't have the backup configured it won't matter either way.
I would recommend that you set the backup port and trunk both VLAN on both ports.
The AP can be in any VLAN do long as it has reach ability to the management interface. Though I would not recommend that they be in any dynamic interface VLAN.
For the bonus. The management interface will be the management of WLC of course but it is also the source for any 802.1x authentication that will happen.
Steve
Sent from Cisco Technical Support iPhone App
03-16-2012 04:23 PM
Okay... Every interface you create on the wlc, you need to allow on the trunk port. Here is an example:
Management is on vlan 100, I will make primary port 1 and backup port 2.
APs will be places in a different vlan, vlan 101
Internal Users will be on vlan 102
Internal other devices on vlan 103
Guest on vlan 299
So I will make the management primary port 1 and backup port 2. I will put internal vlan 101 & 102 primary port 2 and backup port 1. Guest will be primary port 3 and backup port 4. So I will connect all four ports and it will be a trunk port. For port 1-2, allow vlan 100, 101, and 103. For port 3-4, that also would be a trunk port only allowing vlan 299. The AP's that are on vlan 101 just needs to have connectivity to vlan 100 so make sure routing is in place.
You don't have to use all four ports on the wlc if you don't want, but what ever you define as primary and backup ports on an interface on the wlc, you need to allow those vlans.
Sent from Cisco Technical Support iPhone App
03-19-2012 11:46 AM
Thanks Scott again for the info.
Let me just make sure I'm following along correctly.
management- vlan 100
APs- vlan 101
Internal SSID- vlan 102 (& 103?)
Guest SSID- vlan 299
management- primary port 1, b/u port 2, internal SSID- primary port 2, b/u port 1, guest SSID- primary port 3, b/u port 4
port 1 and port 2- Trunk 100, 101(?), 102, and 103?
port 3 and port 4- Trunk 299(?)
So this is where I get a little confused. In your notes above you say the trunk for ports 1 and 2 only allows 100, 101 and
103. What about vlan 102? And why would 101 need to be added to the trunk since wouldn't that traffic be routed (and not at layer 2)?
Does the guest SSID (vlan 299) also need to communicate with the APs in vlan101?
Also just a general question- Why put the APs in a separate vlan? I understand that they can be in any vlan, but is there some logic behind isolating them? Couldn't I just place them in the same vlan as the AP-manager interface to facilitate more direct communication?
Thanks again.
Steve.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: