We help IT Professionals succeed at work.

Cisco Wireless Lan Controller - Config help needed

farroar
farroar used Ask the Experts™
on
I am having trouble configuring a Cisco 2112 wireless lan controller. I am experienced with Cisco routers and switches but not with their wireless products.

Can someone give me an idea of how a configuration set-up would be?

For example, I am using an 871 router and a 2960 switch. I am setting up VLANs for management of devices as well as two different WLAN VLANs, and two other VLANs.

The controller asks for three interface addresses, an AP management address, a management address, and a virtual address. How would this be implemented and what are the purpose of the interfaces? Would I create a different VLAN for each of these interfaces?

Does the controller need to be connected as a trunk to the switch?

I have read cisco's documentation but I am having trouble putting it all together, I need to understand the concepts and how this device would generally be configured.

I think my problem is that I am looking at this device as a router or a switch but it really is neither.

I am connecting 8 Aironet lightweight APs to the this system.

The current wiring is:

router ->(trunk)-> switch
switch ->(trunk) -> WLC port 1
switch ->(access) -> each AP

Thanks

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Looking it from bottom to top ...


Wiring is OK. I assume switch -> (access to one of def. VLAN) -> AP's

Does the controller  need to be connected as a trunk to the switch?

- Yes. It provides that WLC knows about all of the VLAN's defined.


The controller asks  for three interface addresses, an AP management address, a management  address, and a virtual address. How would this be implemented and what  are the purpose of the interfaces? Would I create a different VLAN for  each of these interfaces?

This is very important and lot of mistakes are made by mixing those interfaces purpose. AP management address is used only for APs access to WLC. Through this interface WLC and AP's are "talking". Management address is for you to access through GUI and manage WLC. Virtual address is set by default like 1.1.1.1 or something like this, you can forget about it for now. Yes, you have to define new interfaces on WLC which belong to each VLAN you want AP's to belong to. There is one more interface on WLC which is used for cross over cable access to your WLC. Define some IP adress ex. 10.10.100.1 so you can in the case of emergency access WLC and use GUI through this interface.

Few notes here... AP management address is the address which you can add to DHCP server like option 43 where you put in hex this IP so that your AP's are connected for the first time knows where WLC is.

When AP's are connected you shoud create AP groups like for example 2 AP's are in the building 1, other two are in building 2 and so on. Hence 1 AP group = one object.

Then (for ex.) suppose you have VLAN 10 for building 1 and VLAN 20 for building 2. So you set ports on switch to access mode for appropriate VLAN.

Next, define WLAN's. Try to think of WLAN's like security sets. There you define SSID, PSK the way of encryption and so on. Maybe you want to separate some wireless clients from the others.

Lastly assing wanted WLAN to defined AP group. And that is pretty much all.

I thing you got a general idea, right?

Author

Commented:
I am understanding better.

I have a small implementation of 8 APs and only one controller all of which will be in the same group. This is a residential installation. When you mention using DHCP option 43, is that necessary for me here? If I place the WLC as well as all the APs on the same VLAN and keep both the AP manager and Management interfaces on that VLAN then the APs will use layer 2 to find and join with the controller, correct?

The implementation I am looking to achieve would be to have one group but with two SSIDs. One would be for client internet access and be in guest mode and the other would be for control system communication and would be hidden. When it comes to the interfaces on the WLC itself, am I only using port 1 for all communication to APs and the rest of the network? When would I use the other ports? I ask this because Cisco's documentation mentions only to use port 1, seems like a waste of ports.

Thanks
About Option 43 ...

Well I am telling you a way that I found the easiest to install AP's. Option 43 is used just once (hopefuly) at the moment AP is descovering first IP address for it to use and then WLC ap-management IP address. Rest of the process is atuomated and pufff there is the AP on the WLC list of AP's. It is the most easiest way. But, still, you are right it will work in L2 and it will find the WLC. But if you do in environment with few VLAN's which is per Cisco the most recomendable way, you better use this Opt. 43

Of course keep in mind, where is your DHCP server. On router, on switch ... on WLC. Be sure to pass through DHCP communications to-from DHCP server through WLC and AP 'couse it is the one your wireless clients are going to use. They (clients) do not mind this option, it is strictly for AP's .

"The implementation I am looking to achieve would be to have one group  but with two SSIDs. One would be for client internet access and be in  guest mode and the other would be for control system communication and  would be hidden."

This is common way to do things. Just be careful about ACL's for filtering traffic for clients. I assume this is going to take place on router. I really  recommend you considering VLANS. Since this is very  straight forward and "clean" way to separate this traffic. If this is your option ask and I will provide additional info, if you need.

"When it comes to the interfaces on the WLC itself, am I only using port 1  for all communication to APs and the rest of the network? When would I  use the other ports? I ask this because Cisco's documentation mentions  only to use port 1, seems like a waste of ports."


The best practice , as Cisco says, is to use as I noted in last post. The point of that is to separate management access to WCL from AP's and wireless users access. So when (god forbid) users LAN is down in their VLAN you always can connect through your management VALN and if this fails there is yet another port for direct straight through cable I mentioned before.

Hope it clarify things.