A WLC port is a physical entity that connects the WLC to the neighbor switch. Cisco 2006 Series WLC devices have 4 10/100 copper Ethernet ports. Cisco 440x series controllers have either 2 or 4 fiber Gigabit Ethernet ports. Each port is, by default, an 802.1Q VLAN trunk port.
An interface is a logical entity on the WLC. An interface has multiple parameters associated with it, including IP address, default-gateway (for the IP subnet), primary physical port, secondary physical port, VLAN tag, and DHCP server. When LAG is not used, each interface is mapped to at least one primary physical port and an optional secondary port. Multiple interfaces can be mapped to a single WLC port.
There are multiple types of interfaces on the WLC, four of which are static types that must be present and are configured at setup time:
"Management interface (Static and configured at setup time; mandatory)
"AP Manager interface (When operating using L3 LWAPP, static and configured at setup time; mandatory)
"Virtual interface (Static and configured at setup time; mandatory)
"Service-port interface (Static and configured at setup time; optional)
The Management interface is the default interface for in-band management of the WLC and connectivity to enterprise services such as AAA servers. If the service port is in use, the management interface must be on a different subnet from the service port. The management interface is also used for layer 2 communications between the WLC and access points. The Management interface is the only consistently "pingable" in-band interface IP address on the WLC.
A WLC has one or more AP Manager Interfaces that are used for all Layer 3 communications between the WLC and the lightweight access points after the access point discovers the controller. The AP Manager IP address is used as the tunnel source for LWAPP packets from the WLC to the access point, and as the destination for LWAPP packets from the access point to the WLC. The AP Manager must have a unique IP address.
The Virtual Interface is used to support mobility management, DHCP relay, and embedded layer 3 security like guest web authentication and VPN termination. The Virtual Interface must be configured with an unassigned and unused gateway IP address. A typical virtual interface is "184.108.40.206". The Virtual Interface address will not be pingable.
The Service-port Interface is statically mapped by the system only to the physical service port. The service port interface must have an IP address on a different subnet from the Management, AP Manager, and any dynamic interfaces. The service port can get an IP address via DHCP or it can be assigned a static IP address, but a default-gateway cannot be assigned to the Service-port interface. Static routes can be defined in the WLC for remote network access to the Service-port. The Service-port is typically reserved for out-of-band management in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The physical service port is a copper 10/100 Ethernet port and is not capable of carrying 802.1Q tags so it must be connected to an access port on the neighbor switch.
Dynamic Interfaces are created by users and are designed to be analogous to VLANs for wireless LAN client device. The WLC will support up to 512 Dynamic Interface instances. Dynamic Interfaces must be configured on a unique (to the WLC) IP network and VLAN. Each Dynamic Interface acts as a DHCP relay for wireless clients associated to wireless LANs mapped to the interface.