Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
18
Helpful
3
Replies

WCS and WLC, On the same VLAN ?

Go to solution
johannf
Level 1
Level 1

‎05-04-2007 04:09 AM - edited ‎07-03-2021 02:01 PM

Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)

Johann Folkestad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ericgarnel
Level 7
Level 7

‎05-04-2007 05:36 AM

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.

the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).

Also don't forget to lock down https access to WCS web frontend as well

View solution in original post

3 Replies 3

Go to solution
DigitalAirWireless
Level 1
Level 1

‎05-04-2007 05:14 AM

johannf,

im not sure of a "best Practice". I have allways installed the WCS in a server Vlan which is different to the controller VLAN's across our customer's sites. As long as your snmp is working across the VLAN's all will be fine.

Cheers

mark

*pls rate good reply's

Go to solution
ericgarnel
Level 7
Level 7

‎05-04-2007 05:36 AM

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.

the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).

Also don't forget to lock down https access to WCS web frontend as well

Go to solution
johannf
Level 1
Level 1
In response to ericgarnel

‎05-04-2007 11:12 PM

Thanks a lot.

Regards

Johann Folkestad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card