Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
3
Replies

2500 Series Wireless LAN Controller

Go to solution
kbermingham1
Level 1
Level 1

‎12-21-2015 03:39 AM - edited ‎03-08-2019 03:10 AM

I have a Wireless LAN Controller and I don't understand how the AP's communicate back to the controller if the AP's are not on
the same VLAN as the controller itself.

I have 1 controller and 4 AP's.

The AP's all broadcast 4 SSID's

Guest on VLAN 100
Staff on VLAN 200

These 2 SSID's are assigned to Port 3 on the controller which is directly connected to my firewall which uses 2 sub-interfaces to
route these VLAN's

Corp on VLAN 20
Scanner on VLAN 30

These 2 SSID's are assigned to Port 2 on the controller which is connected via a switch to my firewall which uses 2 sub-interfaces to
route these VLAN's. So the port on the switch (22) is on VLAN 20 & 30.

OK, so I get all this.

This is where my tiny brain capsizes!!...

So the actual AP's are connected to edge switches. The edge switches have trunks up-linking them to the Firewall which performs all the inter-vlan
routing ie the core switch if you will.

I have noticed that the ports the AP's are connected to are only tagged on VLAN 20. Do the ports the AP's are connected to not have to be tagged
on ALL Vlans that are being broadcasted??

So my AP's are all assigned IP's on the 10.10.20.0 subnet. So they all have DG of 10.10.20.1. The ports the AP's are connected to are on VLAN 20 on edge switches which are connected to the firewall via trunks. The firewall is the core doing the inter-vlan routing. So in order for the AP's to be able to hand out a 10.10.30.0/24 or a 10.10.40.0/24 address does the port the AP is connected to not ALSO have to be in VLAN 30 and 40 similiar to a physical edge switch that would have trunk ports in multiple VLAN's?

The controllers managament IP is 10.10.10.10.

Appreciate and help and guidance?

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8
In response to kbermingham1

‎12-21-2015 08:22 AM

Hi,

Yes, Correct, The AP will just send the packet to the controller just like any network packet. The AP will create a CAPWAP tunnel from 10.20.20.70 to the controller management ip 10.10.10.10. All SSIDs will be encapsulated in the tunnel and the traffic is split out to the correct vlan at the controller.

It is better to have the APs and controller in different subnets to minimise the size of your vlans. It is not a good idea to have  a vlan spanning the whole network. Using different vlans creates a more scalable solution.

Thank

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
3 Replies 3

Go to solution
johnd2310
Level 8
Level 8

‎12-21-2015 07:26 AM

Hi,

The access points create a CAPWAP tunnel to the controller and all traffic goes down this tunnel. Have a read of the following doc:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch2_Arch.html

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
kbermingham1
Level 1
Level 1
In response to johnd2310

‎12-21-2015 07:46 AM

Thanks John, I appreciate the link and I have been reading the doco, there is just oone piece of the puzzle I cannot find an answer for.. If the AP gives out an IP in the range, for example 10.10.30.0/24 and the AP itself has an IP of 10.10.20.70 and the switch port the AP is on is VLAN 20 I take it that the AP just sends the packets from 10.10.30.0/24 down the CAPWAP tunnel to the Controller and the Controller sends them on to the relevant interface in this case 10.10.30.2/24 with a Gateway of 10.10.30.1/24 (which is a sub-interface on my firewall where the inter-vlan routing happens). So in essance the AP's ( in 1010.20.0/24 in this example) HAVE to be able to speak to the management interface of the Controller which is in a different Vlan (10.10.10.0/24)?? .... and my final question, would it not be better practice to have your AP's on the same VLAN as the management IP of the controller?
0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to kbermingham1

‎12-21-2015 08:22 AM

Hi,

Yes, Correct, The AP will just send the packet to the controller just like any network packet. The AP will create a CAPWAP tunnel from 10.20.20.70 to the controller management ip 10.10.10.10. All SSIDs will be encapsulated in the tunnel and the traffic is split out to the correct vlan at the controller.

It is better to have the APs and controller in different subnets to minimise the size of your vlans. It is not a good idea to have  a vlan spanning the whole network. Using different vlans creates a more scalable solution.

Thank

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card