Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

APs not joining 5508 on dynamic ports created manualy

Hey all,

i have a problem with our new 5508 wireless controller (7.0.116.0).

Port 1 is the system default "management" (Port 2 is backup). Dynamic AP Management is disabled.

Port 3 is a new dynamic interface "ap-manager 2" with Dynamic AP Management enabled and has a ip in a seperated VLAN which is not routed.

When i am connecting the AP (1260 series) to the "ap-manager 2" interface, then it will not join and i get an error message on the WLC:

*spamApTask1: Mar 05 14:52:12.783: %CAPWAP-3-DISC_INTF_ERR1:
capwap_ac_sm.c:1453 Ignoring discovery request received on non-management
interface (3) from AP

When i am connecting the AP to the "management2 interface, then it is working fine. But i don't want the APs in the Management LAN. I want them in the separated no routed LAN explicit for the APs.

What do i miss here.

Thanks a lot.

Regards

Matthew

5 REPLIES
Hall of Fame Super Silver

Re: APs not joining 5508 on dynamic ports created manualy

Why do you have the aps in a non routed vlan?

The AP's need to connect to the management interface initially and then will use the ap manager. One of my peers had a customer with a setup like this and was told that the 5508 needs to see the traffic on the management interface along with the ap manager when using a 5508. So the fact that your ap manger is not routed, will not work as I was told. It worked with the 4400's and 2106's but not with the 5508 and I'm assuming the 2504 also.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

APs not joining 5508 on dynamic ports created manualy

Hmmm...but i found follwoing in the documentation:

The AP-manager interface's IP address must be different from the management interface's IP address and may or may not be on the same subnet as the management interface. However, we recommend that both interfaces be on the same subnet for optimum access point association.

I want the APs in a separated non routed LAN because of security reasons. Why set APs into the management LAN when they only need to communicate with the controller?

But if there is no way to do that, then i need to redesign the plans for the WLAN structure.

Thanks

Matthew

Hall of Fame Super Silver

Re: APs not joining 5508 on dynamic ports created manualy

You can separate the two but you need routing between the two vlans.

The AP's being on a routed vlan doesn't make it not secure since AP's in local mode tunnel traffic back to the wlc. You need to secure the client vlans more than you do for the AP's. Most of my installs with the 5508 I will use LAG and also use dynamic ap manager. I just don't see any pro's to do otherwise unless your gigabit switch is unmanaged.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

APs not joining 5508 on dynamic ports created manualy

Ok great - thanks for the great information!

That means, if i route the AP VLAN i can set the APs in the AP VLAN and they will join over the management VLAN to the management port?

The idea of a separated AP VLAN came because we first used WLC 2106 and here it is working with the special non routet VLAN Because here the APs do only communicate with the AP-Manager port and not the Management port.

Many thanks for your infos. I will change the routing and then i hopefully get the APs working.

Best regards

Matthew

Hall of Fame Super Silver

Re: APs not joining 5508 on dynamic ports created manualy

The 4400's and the 2106 would work that way but the 5508 and 2504 will not. If you allow the AP vlan to communicate with the wlc management vlan, your AP's will join. You can always create an acl to only allow the wlc management to access the AP vlan if you need to secure it a little.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
490
Views
0
Helpful
5
Replies
CreatePlease login to create content