01-27-2018 12:59 PM - edited 03-04-2019 02:39 AM
Solved! Go to Solution.
01-27-2018 03:11 PM
Hi @uzochikwa
ISE does not need trunk and probably even does not support trunk. So that Prime. As the communication between WLC and ISE happen in TCP/IP mode, it is necessary that they have reachability only.
On the WLC you can enable LAG which means trunk with the switch in which is connected.
Hope that help.
-If I helped you somehow, please, rate it as useful.-
01-28-2018 01:08 AM
Hi @uzochikwa glad I have helped.
You need to point to the PSN:
The PSN persona is where policy decisions are made. These are the nodes where network enforcement devices send all network messaging to; RADIUS messaging is an example of what is sent to the PSNs. The messages are processed and the PSN gives the go/no-go for access to the network.
-If I helped you somehow, please, rate it as useful.-
01-28-2018 05:05 AM
No. The only physical connection you are going to use it that between WLC and Switch.
If you have one SSID and this need to have two vlans then you need to create and Interface group containing those vlans. Then, on the SSID you point to that Interface group.
Keep in mind that the traffic will be load balanced automatically by the WLC between the two vlans.
-If I helped you somehow, please, rate it as useful.-
01-31-2018 06:55 AM - edited 01-31-2018 06:57 AM
HI Flavio, If Prime and WLC are both on different management vlans and with different subnets, will prime still be able to add the WLC via snmp?
Yes you can use Prime and WLC in different vlans, as long as, they have reachability. When you will add the WLC on Prime, you need to provide the WLC IP address, if Prime is able to reach the WLC IP address, everything will be ok. If not, you need to check firewall and/or route.
What is the best way to configure WLC management port-access or trunk ?
Depends. You need to know your environment. Usually, it is necessary to use trunk.
Whats the relationship between the port and the interface in WLC?
Port is the physical port. It that you connect to the switch. It can be fiber or cable.
Interface (Dynamic Interface) is configured on the WLC on the CONTROLLER tab, under Interfaces.
The WLC comes with Management interface, Service-Port, Virtual Interface and Redundant Port. You can't delete it.
You can create new Interfaces according to your environment.
-If I helped you somehow, please, rate it as useful.-
02-01-2018 04:08 AM
Flexconnect Central Switching is similar to Local Switching, I mean, traffic flows from remote office all the way up to the WLC on the Data Center. On this case you can have vlans for individual SSIDs. It is a good idea create AP groups and on the AP group you can define which SSID will be sent to the remote office and which vlan they will use.
Example, for remote office A you can send only the SSID A on Vlan A so one so forth.
But, sometimes is better keep traffic locally on the remote site. For this situation, you can use Flexconnect Local Switching. Then, the SSID is mapped to the Management interface only. AP is configured as trunk with the local switch and you can Map SSID per VLAN at the AP level.
-If I helped you somehow, please, rate it as useful.-
02-01-2018 04:54 AM
Yes. You need the WLC Port as trunk. (CONTROLLER tab, "LAG Mode on next reboot" change to Enable
Yes, the management interface need to have a vlan associated. This vlan is used for AP to join the WLC and management traffic for the proper network functioning.
Yes, you need to create more interface on the WLC "IF" you intend to segregate traffic per SSID.
-If I helped you somehow, please, rate it as useful.-
02-02-2018 09:48 AM
(WLCBRCORP01) >show snmpversion
SNMP v1 Mode.................................... Disable
SNMP v2c Mode.................................... Enable
SNMP v3 Mode.................................... Enable
-If I helped you somehow, please, rate it as useful.-
02-08-2018 07:13 AM
Hi
You are right. Only two is possible and they will be primary and standby.
You add PSN if I'm not wrong, but no worry, if you point to the wrong role, Prime will complain.
ISE is not meant to be managed via Prime. If you add, you probably will see only cpu and memory, maybe interface.
-If I helped you somehow, please, rate it as useful.-
02-08-2018 08:04 AM
You can use Monitoring role on Prime for that:
–Monitoring—Enables Cisco ISE to function as the log collector and store log messages from all the administration and Policy Service ISE nodes in your network. This persona provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources. A node with this persona aggregates and correlates the data that it collects to provide you with meaningful information in the form of reports. Cisco ISE allows you to have a maximum of two nodes with this persona that can take on primary or secondary roles for high availability. Both the primary and secondary Monitoring ISE nodes collect log messages. In case the primary Monitoring ISE node goes down, the secondary Monitoring ISE node automatically becomes the primary Monitoring ISE node.
-If I helped you somehow, please, rate it as useful.-
01-27-2018 03:11 PM
Hi @uzochikwa
ISE does not need trunk and probably even does not support trunk. So that Prime. As the communication between WLC and ISE happen in TCP/IP mode, it is necessary that they have reachability only.
On the WLC you can enable LAG which means trunk with the switch in which is connected.
Hope that help.
-If I helped you somehow, please, rate it as useful.-
01-28-2018 12:59 AM
Hi Flavio,
NIce reply.One more question, on Wireless contrloler which which ISE node is added or configured, PAN, MNT or PSN...in other word what does WLC point to?
01-28-2018 01:08 AM
Hi @uzochikwa glad I have helped.
You need to point to the PSN:
The PSN persona is where policy decisions are made. These are the nodes where network enforcement devices send all network messaging to; RADIUS messaging is an example of what is sent to the PSNs. The messages are processed and the PSN gives the go/no-go for access to the network.
-If I helped you somehow, please, rate it as useful.-
01-28-2018 04:13 AM
Hi ,
Thanks for your nice reply.One last thing...If i have 2 vlans for ssids to be created do i need two network adapter interfaces created?
01-28-2018 05:05 AM
No. The only physical connection you are going to use it that between WLC and Switch.
If you have one SSID and this need to have two vlans then you need to create and Interface group containing those vlans. Then, on the SSID you point to that Interface group.
Keep in mind that the traffic will be load balanced automatically by the WLC between the two vlans.
-If I helped you somehow, please, rate it as useful.-
01-31-2018 05:56 AM
01-31-2018 06:55 AM - edited 01-31-2018 06:57 AM
HI Flavio, If Prime and WLC are both on different management vlans and with different subnets, will prime still be able to add the WLC via snmp?
Yes you can use Prime and WLC in different vlans, as long as, they have reachability. When you will add the WLC on Prime, you need to provide the WLC IP address, if Prime is able to reach the WLC IP address, everything will be ok. If not, you need to check firewall and/or route.
What is the best way to configure WLC management port-access or trunk ?
Depends. You need to know your environment. Usually, it is necessary to use trunk.
Whats the relationship between the port and the interface in WLC?
Port is the physical port. It that you connect to the switch. It can be fiber or cable.
Interface (Dynamic Interface) is configured on the WLC on the CONTROLLER tab, under Interfaces.
The WLC comes with Management interface, Service-Port, Virtual Interface and Redundant Port. You can't delete it.
You can create new Interfaces according to your environment.
-If I helped you somehow, please, rate it as useful.-
02-01-2018 03:51 AM
02-01-2018 04:08 AM
Flexconnect Central Switching is similar to Local Switching, I mean, traffic flows from remote office all the way up to the WLC on the Data Center. On this case you can have vlans for individual SSIDs. It is a good idea create AP groups and on the AP group you can define which SSID will be sent to the remote office and which vlan they will use.
Example, for remote office A you can send only the SSID A on Vlan A so one so forth.
But, sometimes is better keep traffic locally on the remote site. For this situation, you can use Flexconnect Local Switching. Then, the SSID is mapped to the Management interface only. AP is configured as trunk with the local switch and you can Map SSID per VLAN at the AP level.
-If I helped you somehow, please, rate it as useful.-
02-01-2018 04:37 AM
02-01-2018 04:54 AM
Yes. You need the WLC Port as trunk. (CONTROLLER tab, "LAG Mode on next reboot" change to Enable
Yes, the management interface need to have a vlan associated. This vlan is used for AP to join the WLC and management traffic for the proper network functioning.
Yes, you need to create more interface on the WLC "IF" you intend to segregate traffic per SSID.
-If I helped you somehow, please, rate it as useful.-
02-02-2018 08:33 AM
Hi,
How do you determine if snmp port is open on WLC and if not how do i open it?
02-02-2018 08:38 AM
Go to the MANAGEMENT tab, under SNMP you can enable/disable v1,v2 and v3.
-If I helped you somehow, please, rate it as useful.-
02-02-2018 09:45 AM
Any show commands on cli? I am not seeing any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: