cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2306
Views
10
Helpful
4
Replies

9800 WLC Routing

mark.amendola
Level 1
Level 1

Having an issue with static routes on a 9800 WLC and maybe what im trying to do isnt possible...

 

WLAN that is for access to our wired LAN works fine. Have a guest wifi interface connected from wlc -> firewall and i can ping that interface from the wlc but cannot get out to the internet. When i add a static route on the wlc to point the guest vlan out to that firewall interface, the guest wifi works, but the LAN wifi breaks. Its like i can only have one static route in there (which may be how its designed). Not sure if this physical setup is the way it should be done or possible or if i should go to my switch and let my switch do the routing out the firewall. Any suggestions or info on multiple static routes on the 9800 would be appreciated.

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

 

Not familiar with WLC but after a bit of searching seems Cisco recommendation is not to do the routing on it. 

 

Recommended way seems to be to use a trunk to your switch and pass the vlans that way. You could then have L3 SVIs on your switch for LAN subnets but just extend a vlan to the firewall ie. no SVI on the switch, for your guest access and that would take care of the routing for you. 

 

You could also move this post to wireless forums if it would help as they will have more knowledge there. 

 

Jon

mark.amendola
Level 1
Level 1

Thanks for the response. I initially thought the wireless forum but figured this is more of a routing type problem. I think thats the way im going to have to go is moving some cables and letting the switch do the routing. Figured id try to get some input and some knowledge on if it was possible and i was doing something wrong.

 

I believe from what I have read it is possible but not having used one did not want to say for sure. 

 

Also just to clarify the switch would only route for internal vlans, for the guest vlan you pass it through to the firewall ie. no routing on the switch. 

 

Jon

Hello @mark.amendola ,

@Jon Marshall  is spot on

the WLC 9800 runs IOS XE but as the previous ones based on AirOS WLC 5580 or older are expected to be the emersion point of wireless users for every SSID. A good design rule would be:

One SSID, One VLAN, One IPsubnet

 

WLC 9800 ------  L2 trunk carrying all VLANs -----   Multilayer switch ---- FW

 

To be more correct a WLC can manage AP groups in this way or APs that are on remote sites like Cisco CUCM  can manage IP phones in multiple sites.

CAPWAP a UDP based tunnel is built between each AP and the WLC and the WIFI users MAC addresses are seen as coming from the WLC uplink on the multilayer switch.

 

Finally, multiple SSIDs can be mapped to the same VLANs or because they use a different WPA2 pre shared key.

 

Hope to help

Giuseppe

 

Review Cisco Networking for a $25 gift card