Greetings again all! I have what I fear is a fairly basic question regarding the switchports on the rear of the 2106 controller. How do I configure them for use? I'm using port 1 as my uplink to a trunk port on an ASA and my network traffic to the management interface and guest vlans is all working as expected, but when I plug anything into any of the other ports, they get no addresses from my dhcp server (the ASA). I see nowhere to configure which vlan to tie the ports to or anything. I suppose I'm more used to a catalyst or ASA where I can just pick the ports and vlans (or trunks) I want to attach them to. Am I missing something? My ASA uplink config looks like:
switchport trunk allowed vlan 2,12
switchport trunk native vlan 2
switchport mode trunk
and my controller port 1 configuration looks like:
(Cisco Controller) show>interface summ
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
-------------------------------- ---- -------- --------------- ------- ------ --
ap-manager 1 untagged 192.168.3.55 Static Yes No
guest 1 12 18.104.22.168 Dynamic No No
management 1 untagged 192.168.3.2 Static No No
virtual N/A N/A 22.214.171.124 Static No No
Again, all of the existing network functionality (private and guest network) is all functioning fine so I'm pretty confident I have the above configured correctly, I just cant make any progress on the WLC ports 2 - 8.
You can't use the 2106 like a switch. They are only for connecting to the network or for access points, not laptops, etc.
Okay - so, what you're telling me is that in order for AP's to work off of the integrated ethernet ports on the 2106, I'm going to need to set up a seperate DHCP scope on the controller just for those ports? Do I need to do anything special to tie the dhcp service to those ports? How do I prevent that scope from answering my clients that are currently served by the ASA?
Thanks for all of the help!
Well what you can do is port 1 will be your management and apmanager and then you can use port 2 for your other users. This is the only way you can seperate users and dhcp scopes. Again.... port 1 can connect to your internal network and port 2 can connect to the ASA.
I don't really suggest using the 2100 series in switched mode. The CPU and memory limitations of the box ideally require you to use the WLC in appliance mode. In this mode you use 1 port to be the management and AP manager interfaces. All VLAN interfaces are also tied to this port. In this mode, the unit is basically a scaled down 4400.
I think its facinating that the marketing and technical documents imply that these are 'usable ports', yet noone can give me a straightforward answer on 'how to use them'.
says: "The Cisco 2100 Series Wireless LAN Controllers come with eight Ethernet ports, two of which can provide power directly to Cisco lightweight access points."
as well as the 2106 Quick Start Guide at:
Shows (in figure 1) a 'Typical 2100 Series Wireless LAN Controller Topology and Network Connections' with a minimum of two AP's directly attached to the controller with no loopback cable or anything.
I'm working on a very non taxed controller (two SSID's - one guest and one WPA2-PSK) with 3 AP's for half a dozen users so I'm quite confident that the WLC load shouldn't be an issue here at all. Has anyone ever been able to directly attach two AP's to the PoE ports on a 2106? If so, how did the AP's get their IP addresses? What network did they end up on and how did ports 7 & 8 get configured on the controller to allow them on the network?
Additionally, none of these 'tips' or 'suggestions' show up in the WLC best practices guide at:
(infact, no 2106 specific information shows up there at all!) This is very frustrating since there seems to be a relative dirth of information on these 2106 ports. It is quite obvious that these are not destined for high bandwidth apps, etc but For those of us that need functionality over performance, where do we go for configuration examples?
I struggled with this as well, and here is the answer to using port 7 and 8 as poe on the 2100. The trick is to not configure anything for port 7 or 8 and it will forward dhcp into the ap-manager vlan. Also, the WLC cannot hand out DHCP to the AP's.
Answer below from TAC, as I had to open up a case after it drove me nuts:
To configure this please open the GUI/ go to Controller/ Interfaces/ ap-manager/ under DHCP information configure the IP address of the primary DHCP server, you should also be aware that the APs plugged into port 7 and 8 are going to get an IP address from the same range that the ap-manager, so in order to this to work both the ap-manager and the DHCP should be on the same subnet.
What you say is correct except that the AP-manager interface DOES relay the DHCP request from the AP to the DHCP server: There is no need of a local DHCP on the VLAN that the ap-manager interface belongs.
Traces confirm that DHCP packets are coming from the ap-manager interface an not from the AP itself.
I've stumbled across this thread and wanted to know if the same thing is achievable with 7.2 Firmware. I'm really struggling to get it working!
The fact is, that in 7.2 there is no need anymore to create the ap-manager interface, as you can tell the management interface also to be "Dynamic AP manager"... is this correct or did I misinterpret this thing?
Do you have any suggestions?
Dear Dennis, in my deployment at a warehouse I plan to use 2125 WLC. Totally 24 access points (LAP1242AG) will be served by it. I intend to use 2 powered ports on 2125 to connect LAPs. However, I also plan to use 6 unpowered ports as switch ports in order to connect PCs and printers.
Please clarify if it is possible.
First of all, lets look at your whole solution. The 2125 is probably not the best solution for you here. The 2125 is not really an enterprise grade controller from a throughput, resources (memory and cpu), or powering standpoint. I have deployed more 2112 and 2125s (over 250) than any other partner Cisco has to date. We use these controllers within a very strict criteria. We size our deployments based on the following unpublished guidelines.
â¢ Customer add a WLC-4404-100 at the corporate data center to control auto-RF settings for channel, power, and load balancing control at sites of less than 3 access points which will run in REAP/HREAP modes with local switching.
â¢ Customer add a Cisco WLC 2106 at sites of 3-6 access points. This is done to reduce WAN traffic.
â¢ Customer add a Cisco WLC 2112 to sites with 7-12 APs and less than 20 client devices. This is a more affordable solution than a 4400 but only provides 100mb of aggregate throughput.
â¢ Customer add a Cisco WLC 2125 to sites with 12-25 APs and less than 20 client devices. This is a more affordable solution than a 4400 but only provides 100mb of aggregate throughput.
â¢ Customer add a Cisco WLC 4400 series controller to all locations of 7-100 APs where more than 20 client devices will exist. This maintains local switching of wireless traffic and reduces loads on the WAN.
â¢ Customer add a Cisco WLC 4402-12 as a Guest Access Mobility Anchor when needed. (2100 series WLCs are not supported)
â¢ Customer install a WCS Server at the corporate data center for centralized management of all controller, access points, and WLANs within the Customer enterprise wireless network.
To answer your questions, yes you can use the PoE switch ports but it takes a great deal of configuration and the unit already has temperature issues. Adding PoE would add an additional themal load on the device and cause subsequent hardware failure so NO I would not use it in this case. I would use a 4402-25 with 2mb of aggregation via LAG on the two sfp ports.
I have chosen to use 2125 in my deployment because:
1) Customers application is a Warehouse management system which works via telnet protocol, it is thansaction based application, so throughput is not the issue.
2) The total number of clients by now is 12 data capture terminals (Intermec CK31), all of them will work via telnet with the host application. Maybe later the customer will use several laptops and 10 more data capture devices. So, the number off client devices is rather small.
So, I've decided to install a WLC2125 and a CE520-8port switch on the 3rd floor of the warehouse. On the 3rd floor I have 9 LAPs, so I want to use all the ports of the switch and 1 POE port of 2125. Also I thought about connecting upto 4 desktops into unpowered ports of 2125.
It is rather interesting for me why Cisco installs 2 POE ports and 6 common ports to the controller and then does not recommend to use them. Kindly comment.
This physical device was meant to be a SOHO solution. It was never given the physical horsepower to be an enterprise device. If you use the PoE on a 2112 or 2125 I can just about guarantee you that you will be replacing the unit due to thermal issues. The way the switch behaves and the way APs talk to the controller in layer 3 mode almost requires you to use the device in appliance mode (1 port used only) to get full usage of the 25 AP software residing on it.
Thanks for the comprehensive answer. You've convinced me to use 2125 in appliance mode, I will not use its 8 ports.
If you had deployed many of these devices can you advise a part number for mounting this device into 19 inch rack?