topic Re: wlc placement in Wireless

wlc placement

bluesea2010 — Wed, 19 Oct 2022 08:57:40 GMT

Hi,

I have two questions ,

1)usually where should I place the wlc , behind firewall or core

2)I have routed access layer , So the connectivity to wlc will be layer 2 or layer 3

Thanks

Re: wlc placement

Mark Elsen — Wed, 19 Oct 2022 09:48:15 GMT

- There's no unique answer and 'behind core' is somewhat undefined, it depends where the wireless clients are , usually on the Intranet which close proximity to core , to start with.

Re: wlc placement

bluesea2010 — Wed, 19 Oct 2022 13:32:56 GMT

Hi,

Sorry it was not behind , I mean wlc connected to the core .

Now the second question is,

Currently i am following the traditional layer2 architecture between distribution and access

I have the SSID EMPLOYEES -10.0.2.0/24

So I have a vlan 10 for employees in all edge switches and on distrubtion side gateway configured

And in the wlc added vlan 10 and one inteface with the ip 10.0.2.10/24

If I am moving from l2 to l3 , how the configuration would be

Thanks

Add vlan

Re: wlc placement

Arshad Safrulla — Wed, 19 Oct 2022 19:47:44 GMT

As Marce explained answer is "it depends". I would start my day with reading the CVD's

https://www.cisco.com/c/en/us/solutions/design-zone/networking-design-guides/campus-wired-wireless.html

If that gives me a high-level idea, then I will start reading the WLC configuration guides and design guides. For me there are multiple reasons which can impact the WLC placement in the network.

1. If I have AP's reaching out from the public networks (OEAP)

2. If I have APs distributed across multiple WAN sites connected over MPLS/SD-WAN/VPN etc.

3. If the role of the WLC is Anchor controller

then I would definitely consider placing them in a DMZ which has upstream firewall/IPS/IDS/DDOS protection.

Sometimes AP mode such as Local/Flex also impacts the WLC placement. If my APs are inside LAN segment, then I will definitely place it where it can be centrally accessible (Core Switch possibly) and make sure that is redundantly connected.

Now since you have routed access network, using Flex connect might become a challenge as you might have to work with multiple flex profiles and additional configuration to support the routed access network. I would suggest you go with local mode for AP's as in this case traffic is tunneled to the WLC along with Management traffic. So, from the configuration side you can reduce the complexity.

Re: wlc placement

bluesea2010 — Thu, 20 Oct 2022 12:18:27 GMT

Hi,

This is your post in the below thread

https://community.cisco.com/t5/wireless/issues-with-wireless-in-routed-access-layer-design/td-p/4437641

If the AP’s are in local mode AP will build a capwap tunnel to the controller, so any wireless clients connected will egressing directly from the controller as the client data traffic will be encapsulated with capwap between AP and WLC. In the routed access world this is the preferred method for me as this will reduce complexity. Remember you need L3 reachability between AP management VLAN and WLC AP Manager interface.

If i have ssid test 10.0.2.0/24 (vlan 2 )

Are you saying to create vlan 2 on the access switch and on core 2 ,
and a vlan interface on the controller 10.0.2.10/24

then there will be stp election ?

Please clarify

Then you will create dynamic interface per VLAN in your controller (tag VLAN per said as reqd.) and then corresponding VLAN’s in the upstream switches as well.

Thanks

Re: wlc placement

Arshad Safrulla — Thu, 20 Oct 2022 12:39:06 GMT

Hi Bluesea,

WLC will not participate in STP. In case you are going with local mode AP's as you said you will create the SVI for VLAN2 in Core Switch and then allow it on the trunk connecting to the WLC.

"Then you will create dynamic interface per VLAN in your controller (tag VLAN per said as reqd.) and then corresponding VLAN’s in the upstream switches as well."

Above statement is valid only if Flex AP's then you need to worry about VLAN to SSID mapping and Flex profiles etc. this method is not recommended for routed access networks.

Re: wlc placement

bluesea2010 — Thu, 20 Oct 2022 12:55:45 GMT

Hi @Arshad Safrulla

In that case do I need to create the same vlan on the access layer also , or access layer do we need only ap management vlan

Thanks

Re: wlc placement

Arshad Safrulla — Thu, 20 Oct 2022 13:20:38 GMT

If you are going with Local mode then only AP management VLAN is needed in needed in all access switches.

Re: wlc placement

bluesea2010 — Wed, 26 Oct 2022 05:49:10 GMT

Hi @Arshad Safrulla

What if we create the vlan assoicated with the SSID on the access side

Thanks

Re: wlc placement

Arshad Safrulla — Wed, 26 Oct 2022 07:46:34 GMT

Then you need to have APs in Flex mode, and you need to create the required Flex profiles. It will be like 1 Flex profile per access switch/stack.