05-04-2007 04:09 AM - edited 07-03-2021 02:01 PM
Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)
Johann Folkestad
Solved! Go to Solution.
05-04-2007 05:36 AM
Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....
One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.
the controller will touch an additional vlan for each dynamic interface you create for wlans
You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).
Also don't forget to lock down https access to WCS web frontend as well
05-04-2007 05:14 AM
johannf,
im not sure of a "best Practice". I have allways installed the WCS in a server Vlan which is different to the controller VLAN's across our customer's sites. As long as your snmp is working across the VLAN's all will be fine.
Cheers
mark
*pls rate good reply's
05-04-2007 05:36 AM
Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....
One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.
the controller will touch an additional vlan for each dynamic interface you create for wlans
You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).
Also don't forget to lock down https access to WCS web frontend as well
05-04-2007 11:12 PM
Thanks a lot.
Regards
Johann Folkestad
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: