Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
7
Replies

Configuring physical WLC ports for egress of Guest traffic.

Go to solution
s.vosper
Level 1
Level 1

‎07-02-2013 07:15 AM - edited ‎07-04-2021 12:20 AM

Hi All

Could some body please tell me if its possible or indeed advisable to configure physical ports on a WLC for egresstion of specific VLANs,

For example could one confiure a seperate port to connect to the DMZ for guest VLAN traffic only. I'm sure the best way is to use guest anchoring with secure tunneling, but is this alternative way even possible. If so could someone please point me to the documentation.

Many thanks

Simon

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎07-02-2013 07:20 AM

You can, but what you need to understand is that your can either LAG or not use LAG.  If you want to break out the ports on the WLC to specify a primary and or a secondary port, you can, but LAG will need to be disabled.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to s.vosper

‎07-02-2013 08:02 AM

There isn't a doc out there explaining this, since LAG is the prefered method.  Its basically simple... in your interface or dynamic interface, you specify what port is your primary and secondary.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎07-02-2013 07:20 AM

You can, but what you need to understand is that your can either LAG or not use LAG.  If you want to break out the ports on the WLC to specify a primary and or a secondary port, you can, but LAG will need to be disabled.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎07-02-2013 07:26 AM

So for example...

If you had a 5508.... you can have two ports configured as a primary and secondary port for an interface. 

Port1

     Primary for management

     Secondary for internal vlans

Port 2

     Secondary for management

     Primary for internal vlans

Port 3

     Primary for guest

Port 4

     Secondary for guest

You don't have to use a backup port if you don't want.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
s.vosper
Level 1
Level 1
In response to Scott Fella

‎07-02-2013 07:34 AM

Thanks for the reply Scott

Could you point me to some docs on how this is done please?

Cheers

Simon

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to s.vosper

‎07-02-2013 08:02 AM

There isn't a doc out there explaining this, since LAG is the prefered method.  Its basically simple... in your interface or dynamic interface, you specify what port is your primary and secondary.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Scott Fella

‎07-02-2013 08:08 AM

I want to add .. If you choose to break out ports. Remeber to TAG all the vlans. Dont dotn native. We had issues with leaking between ports when there was more then 1 native.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to George Stefanick

‎07-02-2013 08:10 AM

The important thing is to only allow the vlans for that port on the trunk..... that usually will solve that issue of seeing the wrong traffic on a different vlan.  Learned from experience:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
s.vosper
Level 1
Level 1

‎07-02-2013 08:55 AM

THanks guys. I very much appreciate both of your input.

Regards

Simon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card