cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40280
Views
83
Helpful
21
Replies

Virtual Interface (WLC)

sniff
Level 1
Level 1

Hello,

are there any background information about the virtual Interface and his IP-address: 

[Config Guide]

..... 

A virtual interface must be configured with an unassigned and unused gateway IP address. (no question !!)

A virtual interface IP address is not pingable and should not exist in any routing table in your network. (why? The controller have this IP address and no other systems, what ist the problem?)

Regards

Sven

21 Replies 21

---Edit---
Hello,

I ran into this situation recently and the question i have is, can we use a public IP from company's public IP range (something like 198.x.x.100) and create a DNS entry on the external DNS servers (say AT&T) and make this work.?
FYI- the IP used for virtual interface is not used anywhere in the network and not pingable internally or externally.

I appreciate any suggestions. Thanks in advance!

Yes that will work. I have done that many times when the DNS used for guest is public. I also have done that for my home lab for testing guest and NAT of OEAP.
-Scott
*** Please rate helpful posts ***

Thanks Scott!

Hi,

 

I am in similar situation.. So guest controller is connected to DMZ to access internal DNS should we add rule on firewall to allow dns to be accessed by anchor controller?

 

Thanks,

 

Mounica

No, for anchor you don’t need to provide access.

 

Configure the Public IP as Virtual Interface IP in anchor . Create URL for the same.

 

On ur internal DNS server create Host entry for the URL with respect to the Public IP.

 

So once the client connect, Virtual Interface URL will be resolved by ur DNS configured on the Client subnet.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Mounica,

It depends on what you're trying to do. If your anchor controller hands out public DNS server IPs to the clients , then creating a dns entry on your internal DNS servers doesn't work.  I would assume your anchor controller is in DMZ and hands out Internal DNS server IPs in which case you need a Firewall exception for anchor to access internal DNS servers.

In my case, I wanted to use a SSL protected URL for the guest login and I used a public IP that we own and create a DNS entry on our public DNS servers that can be resolved outside of the company. So no firewall exceptions.  

 

Hope this helps!

-PK

one question..

if we have two WLCs part of the same mobility group but in different management subnets , can they still have the same virtual IP address (non routed, not pingable) and perform the inter controller roaming (L2 roaming) correctly?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: