Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
2
Replies

WLC 5520 - How to properly use management ports?

MiroslavSestak
Level 1
Level 1

‎09-09-2019 12:08 PM - edited ‎07-05-2021 10:58 AM

Hello,

 

I've been trying to organize my network a little better.

Some of the steps was to put WLC into my Equipment Management network.

 

There is network:

192.168.21.0/24 with Gateway 192.168.21.254. (Forigate)

 

I put WLC Management interface 192.168.21.210 and adopted all AP-s to the WLC, also reconfigured switches.

Everything working properly, SSID-s are tagging to proper VLAN-s.

 

One thing that bothers me the most in that setup!
Why the hell all traffic is also loading my Fortigate gateway port 192.168.21.254?

 

On same switch in same network there is a Mikrotik with DHCP-s for each VLAN being used by Cisco WLS, and he is pushing those VLAN-s directly to internet - works great.

All AP-s are being connect in Local mode.

 

As far as I've seen traffic goes

Guest > AP > Management VLAN > WLC > WLC's Gateway > then back to Mikrotik > and then out to internet?

Why does it go to WLC's Gateway (Fortigate) 192.168.21.254? It's only management network for WLC.

 

Guests are - 172.100.0.0/18
Private are - 172.200.0.0/22

 

There is no 192.168.21.254 network that would generate any traffic.

 

 

 

I'm just testing this solution now:

Service-Port - added to my management network 192.168.21.0/24
I can access web interface of WLC through that without a problem.

 

Can I use then something virtual for AP-s to call?

 

 

Just an update when I run speedtest on some wireless client connected, on Mikrotik I can see duplicated traffic on:

 

One SFP port on Mikrotik

 VLAN21 - WLC Management Network

 VLAN100 - Guests

 VLAN501 - APManagement for that building.

 

If my speedtest runs with 80Mbps, all those ports will have 80Mbps (not 160)

and the last

Port SFP2 which is direct access to Internet will have also 80Mbps

 

 

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎09-09-2019 12:54 PM

Hi

 As your Access Points are in local mode, this means that the Access Points talk with WLC on the Management interface and all client traffic goes to the WLC. Considering WLC and Access Points  are in different subnet, the capwap tunnel must pass through your gateway, which is the Fortigate, to get on the WLC. Once the capwap traffic is opened on the WLC and goes back to the Internet, they need to pass through the Fortigate again. 

 This is one thing I can suppose.

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

MiroslavSestak
Level 1
Level 1
In response to Flavio Miranda

‎09-09-2019 12:57 PM

That's right Flavio!

You explained my situation better then I did :)

 

How to solve situation like that then?
How usually people do that?

Do you add WLC to you management network, or you just make some /30 just for WLC and that's it?

I really don't know... Never had any chance to check on already configure WLC in produciton

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card