cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6410
Views
5
Helpful
9
Replies

WLC 5500, multiple SSID and VLANs on LAP.

Ilya Geraskin
Level 1
Level 1

Hi, I'am going to implement wireles network based on wlc 5500 with a bunch of LAP 1140. So here is some questions I have:

1. For each SSID and vlan for this SSID I must configure interface on WLC? And I necessarily should adjust some IP address for this interface even if I already have main gateway (3750- stack) with interfaces on all vlan's?

2. How should LAP's register on wlc if I'll connect them to trunk port? Are they will broadcast to the native vlan? How can I force LAP to broadcast to the needed network, where all the LAPs getting their IP's?

Thank you

5 Accepted Solutions

Accepted Solutions

Stephen Rodriguez
Cisco Employee
Cisco Employee

So the easy question first.  For the AP, unless you are going to do HREAP, they can be on an access port.  Then on the scope where the AP will get it's DHCP from follow the option 43 guide..

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

As for the clients, it all depends on what you are looking to do, and what you need to do.

You can create multiple dynamic-interfaces (VLAN), for what subnet the user needs access too.  The WLC must have L2 access to the VLAN.

Then you can either create AP groups, or use RADIUS VLAN assignment to push the client into the VLAN you want them in.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

If you have a lot of ap's then you should have a layer 3 separation between the wlc and ap's.  You also do need an ip helper if you disable dhcp proxy.  By default it is enabled and you do not need the ip helper.  I usually add it anyway's for best practice.  You will definitely need an ip helper for the subnet the ap's are on.

-Scott
*** Please rate helpful posts ***

View solution in original post

I usually recommend that the AP be put on there own subnet, that is only allowed to communicate with the WLC.  That way if someone unpluggs the AP they can't go anywhere.

But yes, L3 communication between the AP and WLC is all you really need.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

DHCP proxy, puts the WLC in the path of the DHCP request from the client.  When you do an ipconfig on the client, the WLC virtual IP shows as the DHCP server.  It is a legacy setting from the airespace days.

You can disable DHCP proxy(so long as the WLC is not the DHCP server), globally.  Then the standard IP helper address at L3 to point to the DHCP server that has the scope for that vlan.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

I would only use the wlc dhcp for guest users if I had to. It's not as reliable than a true dhcp server.

If you do use the wlc as a dhcp sever, then you need to enable dhcp on both wlc and split the dhcp scope. The wlc hands out dhcp address to clients that are connected to it. So if wlc is your backup and all devices connect to AP's on wlc #1... wlc #1 will be the only dhcp server that will hand out addresses.

The WLC's do not know about what addresses were issued.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

You don't need to create a separate interface, but it is good practice to separate the wireless traffic.  For example, you create an internal ssid and put that on vlan 200, then maybe a bring your own device ssid and put that on vlan 210 and maybe a voice ssid and put that on vlan 220.  The ap's should be on a access port and not a trunk port especially if you have then in local mode.  Trunk ports are used when you have a remote site and place h-reap ap' out at that location.

Of course you will need to have routing between the vlans and if you have the ap in a different vlan than the wlc management interface.

-Scott
*** Please rate helpful posts ***

Stephen Rodriguez
Cisco Employee
Cisco Employee

So the easy question first.  For the AP, unless you are going to do HREAP, they can be on an access port.  Then on the scope where the AP will get it's DHCP from follow the option 43 guide..

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

As for the clients, it all depends on what you are looking to do, and what you need to do.

You can create multiple dynamic-interfaces (VLAN), for what subnet the user needs access too.  The WLC must have L2 access to the VLAN.

Then you can either create AP groups, or use RADIUS VLAN assignment to push the client into the VLAN you want them in.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Ilya Geraskin
Level 1
Level 1

So am I understood right that in best practice there is no layer2 separated trafic from APs? Just layer3 between AP and WLC? And I should configure dhcp helper for some APs SSID?

If you have a lot of ap's then you should have a layer 3 separation between the wlc and ap's.  You also do need an ip helper if you disable dhcp proxy.  By default it is enabled and you do not need the ip helper.  I usually add it anyway's for best practice.  You will definitely need an ip helper for the subnet the ap's are on.

-Scott
*** Please rate helpful posts ***

I usually recommend that the AP be put on there own subnet, that is only allowed to communicate with the WLC.  That way if someone unpluggs the AP they can't go anywhere.

But yes, L3 communication between the AP and WLC is all you really need.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Ilya Geraskin
Level 1
Level 1

Thak you, this information is very helpful for me.

And the last question. So i have to configure dhcp proxy for each ssid, cause broadcast in SSID's vlan will not reach gateway for it's subnet?

DHCP proxy, puts the WLC in the path of the DHCP request from the client.  When you do an ipconfig on the client, the WLC virtual IP shows as the DHCP server.  It is a legacy setting from the airespace days.

You can disable DHCP proxy(so long as the WLC is not the DHCP server), globally.  Then the standard IP helper address at L3 to point to the DHCP server that has the scope for that vlan.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Ilya Geraskin
Level 1
Level 1

And the last question. When I configure WLC cluster should I enable dhcp server on secondary WLC and how they will be work together or when the first wlc fails.

I would only use the wlc dhcp for guest users if I had to. It's not as reliable than a true dhcp server.

If you do use the wlc as a dhcp sever, then you need to enable dhcp on both wlc and split the dhcp scope. The wlc hands out dhcp address to clients that are connected to it. So if wlc is your backup and all devices connect to AP's on wlc #1... wlc #1 will be the only dhcp server that will hand out addresses.

The WLC's do not know about what addresses were issued.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: