12-13-2011 11:40 PM - edited 07-03-2021 09:14 PM
Hi all, appreciated if you guys can answer this.
I have Cisco 2100 need to set up in DMZ and Air-Lap1131G as AP.
Right now i connected the WLC console to a PC to run the initial bootup in terminal and i really need the info that it required.
Now i have make a mistake by setting up the WLC in my network (assign lan network ip, lan subnet etc) so i set back the WLC to factory default
Now if i want the WLC to be in DMZ zone , what ip should i give, ( do i get one from my isp? and also how ip's is been distributed to all guest wireless devices, where is all this ip's need to be set) subnet, gateway etc during the initial setup and also after the setup config is finish , the WLC port 1 should connected to which device? and the AP must it be direct connected to the WLC only in this case to be work? can the AP be connected to the one of my network port cause i got few floors and 6 ap's to connected.
thanks.
Solved! Go to Solution.
12-14-2011 08:08 PM
ok. So might be bit out of order..
Your WLC can connect into either the PTN or the LAN, so long as the AP can talk to,the WLC on 5246/5247, and this is generally going to be a pinhole in the firewall.
For the ap manager address you generally want this to be in the same subnet as the management address. You can use either. Dhcp option (43) or dns to point the ap at the WLC. Would use 192.168.62.2 if it's a ailanle, but that just for symmetry. The ap do not need to be in the same segment as the WLC so long as there is L3 reach ability between the subnets.
Any config floor inside reaching to the dmz controller is usually on the firewall, so you need to make sure the traffic can flow.
Of or any WLAN config I. The startup script, just put the minim in, then configure it once the WLC is up and running.
Sent from Cisco Technical Support iPad App
12-14-2011 04:33 AM
The WLC should be assigned an address of the DMZ subnet. I wouldn't put an external ip on it personally , as you can use a RFC 1918 and not have to pay for it. If you are only using it for guests, you can configure the shop server on the WLC ti give out addresses to the clients.
The WLC would the plug intro a switch, and the APs would join across the LAN. Now if the APs are on the inside subnet(s), you'll need to pin hole the firewall , of one is I'm place, to allow UDP 5246/5247 do the ap can join.
Sent from Cisco Technical Support iPhone App
12-14-2011 07:36 PM
Hi Stephen, Thanks for answering
So during the initial setup of the WLC, i assigned the following to the WLC
IP: 192.168.63.1 (RFC 1918)
Subnet: 255.255.254.0 (not my lan subnet)
gateway: 192.168.63.1
dhcp: 192.168.63.1
Port: is the port number of the WLC where it going to connect to a switch.
Now there is some question during the inital bootup where it is not in the manual of the cisco guide in setting up the WLC which is the following and won't allow me to continue until i key in define its entry.
Now as what you mention above that all the AP's would join the network, this i understood cause i have 6 ap's to put at the building floors so it is not realistic to connect it directlyly to the WLC.
So for the four question above; what entry should i key in?
Now back to the 6 ap's , so for this ap's i need to assign my lan ip address to this ap's (using dhcp, to reserve ip for each ap's) or let it pickup dhcp ip address? also do i need to configure anything to the Aironet Ap's once it connected to my network(configure the ap's settings via web after it get an ip address)?
For the question on UDP 5246/5247 , now this i think is block cause my first try my wlc cannot detect the ap's
Now where i can check this entry? Is it in my firewall settings or do i need to create a new entry in the firewall settings.
i'm using TMG server.
For configure the shop server on the WLC to give out addresses to the clients. (Yes this is what i will do), so when i've finish configure the WLC initial setup. I need to access to the WLC via the Web and set the shop server settings in there right?
After the WLC is configure, since the wireless will be in DMZ, the port 1 of the WLC have to be connected to my Lan PTN swich right? instead of to the Network switch.
Lastly just few initial WLC initial config question;
sorry for so many question, this is my first time setting up a Cisco WLC
many thanks
.
12-14-2011 08:08 PM
ok. So might be bit out of order..
Your WLC can connect into either the PTN or the LAN, so long as the AP can talk to,the WLC on 5246/5247, and this is generally going to be a pinhole in the firewall.
For the ap manager address you generally want this to be in the same subnet as the management address. You can use either. Dhcp option (43) or dns to point the ap at the WLC. Would use 192.168.62.2 if it's a ailanle, but that just for symmetry. The ap do not need to be in the same segment as the WLC so long as there is L3 reach ability between the subnets.
Any config floor inside reaching to the dmz controller is usually on the firewall, so you need to make sure the traffic can flow.
Of or any WLAN config I. The startup script, just put the minim in, then configure it once the WLC is up and running.
Sent from Cisco Technical Support iPad App
12-18-2011 07:54 PM
Hi Stephen,
Thanks f, i understand the concept now, i will find out the other info by myself.
12-18-2011 08:17 PM
Tbw,
I attched a topolgy that i created as a reminder to myself for the ports that are needed between the DMZ and the internal controllers, radius, wcs etc ...
One type O is 1666 should be 16666...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide