Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question about 2504 Wireless Controller

Hello,

I am tasked with configuring a 2504 wireless controller.  Is it possible to assign an SSID to an interface that has dynamic ap management enabled?

Scenario:

Location1:

1) 10.0.0.0/24

2)192.168.0.0/24 DMZ

Location 2:

1) 10.0.5.0

Both locations are routable using network 1 at each location.  However, I need to configure several access points and send them to location 2.  These access points will communicate with the controller at location 1 on network 1.  Two SSIDs will need to be on network 1 at location 1.  The other SSID will be on Network 2 at location 1.  This network is not routable. 

Thank You for your help.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Question about 2504 Wireless Controller

Kennin,

FYI.... I just actually did an install with a 2504 today.  The setup was an internal network and a guest network in the dmz.  I configured the management with dynamic ap managemet 10.8.0.0/24.  I then configued another interface for the internal network on a differen subnet 10.32.0.0/24.  The guest network was also on a differnt subnet and I configured the interface on a 192.168.0.0/24.

Management: 10.8.0.0 Port 1 primary Port 2 backup - Dynamic ap manager enabled

Internal: 10.32.0.0 Port 1 primary Port 2 backup - Dynamic ap manager disabled

Guest: 192.168.0.0 Port 3 primary no backup port - Dynamic ap manager disabled

-Scott
*** Please rate helpful posts ***
32 REPLIES
Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Is there a reason you have dynamic ap management enabled?  If you have the 2504 at location 1, those ap should be in local mode.  The AP's at location 2 should be configured for h-reap.  This allows you to say, this SSID will map to this vlan at location 2.  If you enable h-reap local switching on the wlan ssid, this give you the otion of mapping ssid to vlans or else it will tunnel back tothe wlc.  Make sense?

Here is a link for h-reap

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

I am new to cisco wireless controllers.  Without dynamic AP management enabled how can the access points communicate with the controller?

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

They connect through the management interface.

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

Once I disable dynamic ap management on the management interface,  All access points stop communicating with the controller.

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Okay... I thought you were configuring multiple ap manager interfaces.  If you want to use the management interface as the ap manager, you enable that there.  Then you can use the other ports for your other vlans.

Look at senerio 1 and senerio 2.

http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

So this is how you want this to be setup:

Scenario:

Location1:

1) 10.0.0.0/24

2)192.168.0.0/24 DMZ

Location 2:

1) 10.0.5.0

Both locations are routable using network 1 at each location. However, I need to configure several access points and send them to location 2. These access points will communicate with the controller at location 1 on network 1. Two SSIDs will need to be on network 1 at location 1. The other SSID will be on Network 2 at location 1. This network is not routable.

Since location 1 is a flat network with only one subnet (internal) and one in the DMZ, you will configure WLC management/ap-manger port 1 on the 10.0.0.0/24 subnet.  You can then map your SSID#1 to the management interface.  Create a new dynaminc interface on the WLC and assign it an ip in the 192.168.0.0/24 subnet and place that on port 2.  Connect port 2 to the DMZ.  Now since you want everything to tunnel back to the WLC from location 2, you would leave the ap's in local mode.  Devices in location 2 associating on SSID #1 will obtain an ip address in location 1 and tunnel back to the WLC and traffic will egress out of port 1.  Devices that associate in location 1 or location 2 to SSID#2 (Guest) will tunnel back to the WLC in location 1 and traffic will egress out of port 2.

Since you want to tunnel traffic back to the WLC from location 2, you need to make sure your link has enough bandwidth or else the ap's will be bouncing.

If you setup the AP's in location 2 in h-reap mode, then you can place devices that associate to SSID #1 on the 10.0.50.0 subnet.  Devices that associate to SSID #2 at location 2 will tunnel back to the WLC and egress out of port 2.

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

Ok, this is my issue.  I am unable to configure two interfaces on the same subnet.  I get a message stating ip confilct with another interface.

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Correct... each interface must be on a different subnet.

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

The documentation has multiple interfaces on the same subnet and vlan tag.

New Member

Re: Question about 2504 Wireless Controller

Cisco 2500 Series Wireless Controller also support multiple AP-managers (for AP Load Balancing) where multiple AP-managers can be configured in addition to an AP-manager which is bounded with a management interface. In this case, it is recommended to have all AP-managers in the same subnet as a management interface.

 >show interface summary
Interface Name        Port Vlan Id  IP Address     Type    Ap Mgr Guest
--------------------- ---- -------- -------------- ------- ------ -----
apmgr2                2    10       10.10.10.12    Dynamic Yes    No
apmgr3                3    10       10.10.10.13    Dynamic Yes    No
apmgr4                4    10       10.10.10.14    Dynamic Yes    No
management            1    10       10.10.10.10    Static  Yes    No
virtual               N/A  N/A      1.1.1.1        Static  No     No

 >

2500-deploy-guide-07.gif

In the above output, the management interface and AP-manager are bounded together to port 1. Three more AP-managers are created on other physical ports (2, 3, and 4) in the same subnet as management interfaces.

Hall of Fame Super Silver

Question about 2504 Wireless Controller

How many ap's do you have?  If you don't have a lot, there is no need to have multiple.  You can if you want though.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Correct.... but then you have to enable ap-manager on each interface.

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

Dynamic AP Manament? Or some other setting.

Hall of Fame Super Silver

Question about 2504 Wireless Controller

Dynamic AP Management.

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

I only have 6 AP's.  Is it possible to to implement a cisco wireless controller on 1 flat network?  (1 subnet)  If so, how?

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

All you need to do is assign the SSID to the management interface for your internal SSID. Your guest SSID will use a different interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

That's my issue.  The access points do not communicate with the controller unless dynamic ap management is enabled.  Once I enable dynamic management on an interface, I am unable to assign an ssid to that interface.

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Create another interface on the wlc with an ip address on the same subnet as the management interface and then enable dynamic ap manager to the management interface and put the SSID on the other interface. You can have multiple interfaces on the same subnet if you have dynamic ap manager enabled.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: Question about 2504 Wireless Controller

I'm getting "IP information conflicts with another interface" when trying to configure port 3 on the same subnet as port 1

I have dynamic ap management enabled on

Port 1

Vlan Tag 0 (untagged)

IP: 10.0.0.4

SM: 255.255.255.0

GW:10.0.0.5

Dynamic AP Management Enabled

Port 3

Vlan Tag 0 (untagged)

IP: 10.0.0.6

SM:255.255.255.0

GW: 10.0.0.5

Re: Question about 2504 Wireless Controller

you should be able to assign the management interface to an SSID, even with ap-manager enabled under it. Any other interface you create to be an ap-manger, can not be assigned, as it is then locked to being for AP communication only.

You might want to clear the config, and restart, and leave the management interface as the default setting of ap-manger. Mthen you should be able to set it under the SSID.

Sent from Cisco Technical Support iPad App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Question about 2504 Wireless Controller

I think I have it configured.   I have three interfaces

management 10.0.0.4    dynamic ap enabled

main network 10.0.0.6  dynamic ap enabled

dmz 192.168.0.4

Since adding the second interface with dynamic ap enabled, I am now able to assign an ssid to the mangement interface.  I am unsure of why I can't assign an ssid to the main network.   I'm guessing that the AP's will communicate with the 10.0.0.6 interface. 

Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

They would communicate with either interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

I agree... Something is not right. Follow this guide when going through the startup script.

http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Question about 2504 Wireless Controller

Kennin,

FYI.... I just actually did an install with a 2504 today.  The setup was an internal network and a guest network in the dmz.  I configured the management with dynamic ap managemet 10.8.0.0/24.  I then configued another interface for the internal network on a differen subnet 10.32.0.0/24.  The guest network was also on a differnt subnet and I configured the interface on a 192.168.0.0/24.

Management: 10.8.0.0 Port 1 primary Port 2 backup - Dynamic ap manager enabled

Internal: 10.32.0.0 Port 1 primary Port 2 backup - Dynamic ap manager disabled

Guest: 192.168.0.0 Port 3 primary no backup port - Dynamic ap manager disabled

-Scott
*** Please rate helpful posts ***
New Member

Question about 2504 Wireless Controller

I was able to get it working.  Thanks for your help.  I learned alot.  I'm not sure what the bug was.  But I had to have to interfaces with dynamic management enable.  I was unable to wipe the unit and start from scratch since part of the config was done from by another company.  I was able to get it working and I installed it.  Once again thanks for all your help.

New Member

Question about 2504 Wireless Controller

Scott Fella thanks for the great info.

I am setting up a 2504 in pretty much exactly the same method you described above, but I do have a couple of questions.

     1- physical ports 1&2 are carrying the 10.8.x.x and 10.32.x.x networks, are those physical ports on the WLC trunked to

     the switch allowing both vlans?

     2-  Which network are the APs in?

bonus question-

The documentation linked above says that the management interface "is used for communications between the controller and the APs" and that the AP-Manager interface "is used as the tunnel source for packets from the controller to the AP"

So if the AP-manager interface is being used as a tunnel endpoint for communications with the AP, what communication is being done by the management interface (assuming the management interface is NOT configured as an AP-manager interface)?

Thanks man. I'm learning a lot.

Steve.

Re: Question about 2504 Wireless Controller

It depends on if you have the backup port set on the interface or not. If you don't have the backup configured it won't matter either way.

I would recommend that you set the backup port and trunk both VLAN on both ports.

The AP can be in any VLAN do long as it has reach ability to the management interface. Though I would not recommend that they be in any dynamic interface VLAN.

For the bonus. The management interface will be the management of WLC of course but it is also the source for any 802.1x authentication that will happen.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Hall of Fame Super Silver

Re: Question about 2504 Wireless Controller

Okay... Every interface you create on the wlc, you need to allow on the trunk port. Here is an example:

Management is on vlan 100, I will make primary port 1 and backup port 2.

APs will be places in a different vlan, vlan 101

Internal Users will be on vlan 102

Internal other devices on vlan 103

Guest on vlan 299

So I will make the management primary port 1 and backup port 2. I will put internal vlan 101 & 102 primary port 2 and backup port 1. Guest will be primary port 3 and backup port 4. So I will connect all four ports and it will be a trunk port. For port 1-2, allow vlan 100, 101, and 103. For port 3-4, that also would be a trunk port only allowing vlan 299. The AP's that are on vlan 101 just needs to have connectivity to vlan 100 so make sure routing is in place.

You don't have to use all four ports on the wlc if you don't want, but what ever you define as primary and backup ports on an interface on the wlc, you need to allow those vlans.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Question about 2504 Wireless Controller

Thanks Scott again for the info.

Let me just make sure I'm following along correctly.

management- vlan 100

APs- vlan 101

Internal SSID- vlan 102 (& 103?)

Guest SSID- vlan 299

management- primary port 1, b/u port 2, internal SSID- primary port 2, b/u port 1, guest SSID- primary port 3, b/u port 4

port 1 and port 2- Trunk 100, 101(?), 102, and 103?

port 3 and port 4- Trunk 299(?)

So this is where I get a little confused. In your notes above you say the trunk for ports 1 and 2 only allows 100, 101 and
103. What about vlan 102? And why would 101 need to be added to the trunk since wouldn't that traffic be routed (and not at layer 2)?

Does the guest SSID (vlan 299) also need to communicate with the APs in vlan101?

Also just a general question- Why put the APs in a separate vlan? I understand that they can be in any vlan, but is there some logic behind isolating them? Couldn't I just place them in the same vlan as the AP-manager interface to facilitate more direct communication?

Thanks again.

Steve.

5995
Views
0
Helpful
32
Replies
CreatePlease login to create content