Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WCS and WLC, On the same VLAN ?

Whats best practice ? Is it better to have the WCS on the same vlan as the controller(s)

Johann Folkestad

  • Security and Network Management
1 ACCEPTED SOLUTION

Accepted Solutions

Re: WCS and WLC, On the same VLAN ?

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.

the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).

Also don't forget to lock down https access to WCS web frontend as well

3 REPLIES

Re: WCS and WLC, On the same VLAN ?

johannf,

im not sure of a "best Practice". I have allways installed the WCS in a server Vlan which is different to the controller VLAN's across our customer's sites. As long as your snmp is working across the VLAN's all will be fine.

Cheers

mark

*pls rate good reply's

Re: WCS and WLC, On the same VLAN ?

Given the fact that it is snmp traffic, the WCS to WLC snmp read/writes should be confined to a subnet(s) that are secured by ACLs/firewalls/rfc1918 address space, yada yada....

One way to do it is to place the WCS behind a firewall on the same or reachable subnet as the WLC service or management ports. I prefer using the service port on the WLC for the WCS snmp traffic, this way I can prune that vlan off the switch trunk ports that the WLC connect to as well as put it in a subnet that is away from prying eyes. I have had it working just fine since 3.0.2x all the way up to the latest rev this way.

the controller will touch an additional vlan for each dynamic interface you create for wlans

You can also dual home the WCS server, but the default option on WCS install/upgrade is to bind to one interface (it will detect & prompt in regards to multiple interfaces - at least on the Linux version).

Also don't forget to lock down https access to WCS web frontend as well

New Member

Re: WCS and WLC, On the same VLAN ?

Thanks a lot.

Regards

Johann Folkestad

260
Views
18
Helpful
3
Replies