Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
5
Replies

Is it possible to have 2500 series management interface out of band of APs?

bkirby
Level 1
Level 1

‎02-04-2014 07:06 AM - edited ‎07-05-2021 12:05 AM

I currently have 2500 series WLCs. Our wireless network is completely separate from our internal network, keeping the WLC from talking to any internal servers. The company would like to start using AD(LDAP authentication) for end users while still keeping the APs on a completely separate network. Since the 2500 series does not support a "service port", Is there any way to move the management port out-of-band with no access to APs and just use the other ports for AP management?

Labels:
0 Helpful
5 Replies 5

George Stefanick
VIP Alumni
VIP Alumni

‎02-04-2014 07:27 AM

I haven't had my morning coffee ... But let me give this a shot..

I am going to say no. The managment interface is needed for APs to join. If you isloate this interface no APs can join. Even if AP managers are used, the AP requries to touch the managment interface when booting up.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

bkirby
Level 1
Level 1
In response to George Stefanick

‎02-04-2014 07:29 AM

George, I have the same opinion as you. I'm hoping I'm wrong.

thanks!!

Brian

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to bkirby

‎02-04-2014 10:44 AM

George is right (even without his morning coffee )

You cannot isloate managment IP from the AP. In this WLC model you have to live with in-band management.

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to bkirby

‎02-04-2014 10:51 AM

Agree with Rasika and George.

The APs will need connectivity to the management interface. The management interface is the default interface for in-band management of the controller.

Reagrds

Dont forget to rate helpful posts

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-04-2014 12:26 PM

Wow... you are like the third person I heard wanted to do this... the other two were my customers:)  The only way we archived this was to move the WLC and AP's in the DMZ and open the FW to allow radius traffic to and from the WLC and radius server.  They had layer 2 vlans created on each closet that they didn't route that terminated to the DMZ.  My other client had two separate infrastructure... don't ask why.... I would never design it this way if it was my choice.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card