07-02-2013 07:15 AM - edited 07-04-2021 12:20 AM
Hi All
Could some body please tell me if its possible or indeed advisable to configure physical ports on a WLC for egresstion of specific VLANs,
For example could one confiure a seperate port to connect to the DMZ for guest VLAN traffic only. I'm sure the best way is to use guest anchoring with secure tunneling, but is this alternative way even possible. If so could someone please point me to the documentation.
Many thanks
Simon
Solved! Go to Solution.
07-02-2013 07:20 AM
You can, but what you need to understand is that your can either LAG or not use LAG. If you want to break out the ports on the WLC to specify a primary and or a secondary port, you can, but LAG will need to be disabled.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 08:02 AM
There isn't a doc out there explaining this, since LAG is the prefered method. Its basically simple... in your interface or dynamic interface, you specify what port is your primary and secondary.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 07:20 AM
You can, but what you need to understand is that your can either LAG or not use LAG. If you want to break out the ports on the WLC to specify a primary and or a secondary port, you can, but LAG will need to be disabled.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 07:26 AM
So for example...
If you had a 5508.... you can have two ports configured as a primary and secondary port for an interface.
Port1
Primary for management
Secondary for internal vlans
Port 2
Secondary for management
Primary for internal vlans
Port 3
Primary for guest
Port 4
Secondary for guest
You don't have to use a backup port if you don't want.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 07:34 AM
Thanks for the reply Scott
Could you point me to some docs on how this is done please?
Cheers
Simon
07-02-2013 08:02 AM
There isn't a doc out there explaining this, since LAG is the prefered method. Its basically simple... in your interface or dynamic interface, you specify what port is your primary and secondary.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 08:08 AM
I want to add .. If you choose to break out ports. Remeber to TAG all the vlans. Dont dotn native. We had issues with leaking between ports when there was more then 1 native.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
07-02-2013 08:10 AM
The important thing is to only allow the vlans for that port on the trunk..... that usually will solve that issue of seeing the wrong traffic on a different vlan. Learned from experience:)
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-02-2013 08:55 AM
THanks guys. I very much appreciate both of your input.
Regards
Simon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide