12-21-2015 03:39 AM - edited 03-08-2019 03:10 AM
I have a Wireless LAN Controller and I don't understand how the AP's communicate back to the controller if the AP's are not on
the same VLAN as the controller itself.
I have 1 controller and 4 AP's.
The AP's all broadcast 4 SSID's
Guest on VLAN 100
Staff on VLAN 200
These 2 SSID's are assigned to Port 3 on the controller which is directly connected to my firewall which uses 2 sub-interfaces to
route these VLAN's
Corp on VLAN 20
Scanner on VLAN 30
These 2 SSID's are assigned to Port 2 on the controller which is connected via a switch to my firewall which uses 2 sub-interfaces to
route these VLAN's. So the port on the switch (22) is on VLAN 20 & 30.
OK, so I get all this.
This is where my tiny brain capsizes!!...
So the actual AP's are connected to edge switches. The edge switches have trunks up-linking them to the Firewall which performs all the inter-vlan
routing ie the core switch if you will.
I have noticed that the ports the AP's are connected to are only tagged on VLAN 20. Do the ports the AP's are connected to not have to be tagged
on ALL Vlans that are being broadcasted??
So my AP's are all assigned IP's on the 10.10.20.0 subnet. So they all have DG of 10.10.20.1. The ports the AP's are connected to are on VLAN 20 on edge switches which are connected to the firewall via trunks. The firewall is the core doing the inter-vlan routing. So in order for the AP's to be able to hand out a 10.10.30.0/24 or a 10.10.40.0/24 address does the port the AP is connected to not ALSO have to be in VLAN 30 and 40 similiar to a physical edge switch that would have trunk ports in multiple VLAN's?
The controllers managament IP is 10.10.10.10.
Appreciate and help and guidance?
Kevin
Solved! Go to Solution.
12-21-2015 08:22 AM
Hi,
Yes, Correct, The AP will just send the packet to the controller just like any network packet. The AP will create a CAPWAP tunnel from 10.20.20.70 to the controller management ip 10.10.10.10. All SSIDs will be encapsulated in the tunnel and the traffic is split out to the correct vlan at the controller.
It is better to have the APs and controller in different subnets to minimise the size of your vlans. It is not a good idea to have a vlan spanning the whole network. Using different vlans creates a more scalable solution.
Thank
John
12-21-2015 07:26 AM
Hi,
The access points create a CAPWAP tunnel to the controller and all traffic goes down this tunnel. Have a read of the following doc:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch2_Arch.html
Thanks
John
12-21-2015 07:46 AM
12-21-2015 08:22 AM
Hi,
Yes, Correct, The AP will just send the packet to the controller just like any network packet. The AP will create a CAPWAP tunnel from 10.20.20.70 to the controller management ip 10.10.10.10. All SSIDs will be encapsulated in the tunnel and the traffic is split out to the correct vlan at the controller.
It is better to have the APs and controller in different subnets to minimise the size of your vlans. It is not a good idea to have a vlan spanning the whole network. Using different vlans creates a more scalable solution.
Thank
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide