Hi Leo

Thanks for the reply..

please go through the below link.

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70ovrv.html#wp1069102

In that it has given as note.

NOTE :Layer 2 and Layer 3 Operation
Lightweight Access Point Protocol (LWAPP) communications between the controller and lightweight access points can be conducted at Layer 2 or Layer 3. Control and Provisioning of Wireless Access Points protocol (CAPWAP) communications between the controller and lightweight access points are conducted at Layer 3. Layer 2 mode does not support CAPWAP.

We have two types of AP's standalone and controller based .

what CAPWAP tunnel will exatly do?

You are getting confused with the old LWAPP (Layer 2) protocol and the newer CAPWAP (Layer 3) protocol.

Remember that CAPWAP is a tunneling protocol so it's got NOTHING to do whether you plug your switch in a Layer 2 or Layer 3 switch.

You can still plug the AP in a Layer 3 switch, but it doesn't mean that the port is a Layer 3 port (with an IP Address).  Just think about it, You have each switch port an IP address to do what?  Point-to-point link between your switch port and your AP?  It sure is a "funny" way to burn through IP addresses. 

So my answer is still the same, it doesn't make any difference.  The main thing is if you are dealing with controller-based AP, then put your AP in an access VLAN for APs only and make sure the APs get a valid IP addresses and can ping the management IP address of the WLC.

please correct me if i am wrong.

when ever we are using the controller based AP's there shoud be a communication b/w controller and AP.

It doesent matter weather we have connected to L2 or L3

only thing is L2 switch can't  understand the CAPWAP  protocol , But it can allow the CAPWAP tunnel to next devise.

when ever we are using the controller based AP's there shoud be a communication b/w controller and AP.

Correct.

It doesent matter weather we have connected to L2 or L3

Correct.  The VLANs where the AP are located should have the IP address and there should be routing to go from the AP VLAN and back to the controller.

only thing is L2 switch can't  understand the CAPWAP  protocol , But it can allow the CAPWAP tunnel to next devise.

I don't understand your question.

CAPWAP tunnel is not supported on the L2 switch . That means whenever CAPWAP tunnel from the AP to the controller, CAPWAP can pass through  L2 switch as normal data packet or cannot identify the CAPWAP  . And the L3 switch can identify CAPWAP protocol

And the L3 switch can identify CAPWAP protocol

I still don't understand what you're trying to do.

Yes, Layer 3 switch can "see" UDP 5246 & 5247 and it's enabled by default. 

Please go through below Fig1

My question is

• •1)       if the L2 switch doesn’t support CAPWAP then how the AP communicates with  the controller through the CAPWAP tunnel?
• •2)      Can I connect the controller to the L2 switch and communicate with the AP (i.e with out the L3 switch)?

Fig1:-

if the L2 switch doesn’t support CAPWAP then how the AP communicates with  the controller through the CAPWAP tunnel?

It is HIGHLY RECOMMENDED that you configure your DHCP with Option 43 and Option 60.    It is also recommended you configure DNS for CISCO-LWAPP-CONTROLLER.localdomain or CISCO-CAPWAP-CONTROLLER.localdomain.

I recommend you read the section called Controlling Lightweight Access Points.

Options 43, options 60 and the DNS settings mentioned above are the discovery methods that will enable the AP to quickly join the WLC.   Once the AP sees the WLC, a CAPWAP tunnel is created. 

Can I connect the controller to the L2 switch and communicate with the AP (i.e with out the L3 switch)?

Yes you can.  The AP and WLC can either be in the same subnet or different subnet.

thanks Leo , the given information is very useful to me

Don't forget to rate our useful posts.