Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is it possible to have 2500 series management interface out of band of APs?

I currently have 2500 series WLCs. Our wireless network is completely separate from our internal network, keeping the WLC from talking to any internal servers. The company would like to start using AD(LDAP authentication) for end users while still keeping the APs on a completely separate network. Since the 2500 series does not support a "service port", Is there any way to move the management port out-of-band with no access to APs and just use the other ports for AP management?

  • Security and Network Management
5 REPLIES

Is it possible to have 2500 series management interface out of b

I haven't had my morning coffee ... But let me give this a shot..

I am going to say no. The managment interface is needed for APs to join. If you isloate this interface no APs can join. Even if AP managers are used, the AP requries to touch the managment interface when booting up.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Is it possible to have 2500 series management interface out of b

George, I have the same opinion as you. I'm hoping I'm wrong.

thanks!!

Brian

VIP Purple

Is it possible to have 2500 series management interface out of b

George is right (even without his morning coffee )

You cannot isloate managment IP from the AP. In this WLC model you have to live with in-band management.

HTH

Rasika

**** Pls rate all useful responses ****

VIP Purple

Is it possible to have 2500 series management interface out of b

Agree with Rasika and George.

The APs will need connectivity to the management interface. The management interface is the default interface for in-band management of the controller.

Reagrds

Dont forget to rate helpful posts

Hall of Fame Super Silver

Is it possible to have 2500 series management interface out of b

Wow... you are like the third person I heard wanted to do this... the other two were my customers:)  The only way we archived this was to move the WLC and AP's in the DMZ and open the FW to allow radius traffic to and from the WLC and radius server.  They had layer 2 vlans created on each closet that they didn't route that terminated to the DMZ.  My other client had two separate infrastructure... don't ask why.... I would never design it this way if it was my choice.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
223
Views
0
Helpful
5
Replies
This widget could not be displayed.