Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1227
Views
0
Helpful
9
Replies

Is this statement in the 7.3 config guide contradicting?

Go to solution
Nolan Herring
Level 1
Level 1

‎10-14-2012 09:12 AM - edited ‎07-03-2021 10:49 PM

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_011.pdf

First statement:

For Cisco 5500 Series Controllers in a non-link-aggregation (non-LAG) configuration, the management

interface must be on a different VLAN than any dynamic AP-manager interface. Otherwise, the

management interface cannot fail over to the port that the AP-manager is on.

(in the link above they have screenshots of the management being used by default as an AP-Manager interface, on the same subnet as the other 7 AP-Manager interfaces)

Second statement:

The AP-manager interface’s IP address must be different from the management interface’s IP address and

may or may not be on the same subnet as the management interface. However, we recommend that both

interfaces be on the same subnet for optimum access point association.

It's confusing me lol, can someone explain? ( and don't ask why not use LAG, this is all theorycraft to solidify my understanding )

The scenario that I think the first statement is talking about is if you disable dynamic AP-Manager on the management interface, which is enabled by default, and try to seperate them. Right/Wrong ?

Thanks !

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Nolan Herring

‎10-14-2012 01:22 PM

Is it confusing... yeah.   Not every doc is worded correct and not every doc is correct.  What I was trying to show you is what others have done.  It doesn't matter what the doc says, if it doens't work that way.  Others have tested using multiple ap managers and really, you need to see what works for them and what doesn't.  Again... my preference on the 5508 is to put the managment and ap manager in the same vlan.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎10-14-2012 09:38 PM

#First statement:

// Each WLC's physical port can strictly have only one AP-Manager, 5500's management interface with AP management enabled can't fail to the backup port which is primary for an AP-Manager(on management/dyn vlan).

you may think it is dumb to have this restriction on this high capacity wlc while single management interface with AP management can handle all the APs on one port. This feature has been inherited from legacy WLC platform.

#Second statement:

// I think, it means keep AP-manager & Management on same vlan & same subnet, don't keep them on same vlan and different subnet. "Configuring a dynamic interface with a secondary subnet is not supported".

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml#dyn-interface

#The scenario that I think the first statement is talking about is if you disable dynamic AP-Manager on the management interface, which is enabled by default, and try to seperate them. Right/Wrong ?

// If you disable AP Management then i think you should be able to map an AP-Manager to that port.

On management interface, we can't have AP management enabled and an AP-Manager mapped to dyn interface on same physical port.

One AP Manager per physical interface can be mapped irrespective of VLAN/tag.

On untagged/tagged vlan, we can create multiple dynamic interface that has AP Management enabled as long as their interface IPs are different.

#Statement #2 to me would be like this

Port 1 -- management primary + AP-Manager1 -- VLAN 10

Port 2 -- management backup + AP-Manager2 -- VLAN 10

You can't seperate the management / default AP-Manager because they're both under the management interface, so its going to be on the same VLAN/subnet etc.

//

Port 1 -- management primary + AP-Manager1 -- VLAN 10 ===> not valid config if AP management enabled.

Port 2 -- management backup + AP-Manager2 -- VLAN 10 ===> this config is accepted but it won't work.

you can configure all AP-manager(s) with VLAN10 but it needs separate physical port mapping.

#

"You don't need to configre AP Manager on a 5508"

// Yes, it is optional, if one physical port in use or when redundancy not enabled/used. unfotunately, current non-lag architecture doesn't support failing to one of multiple availble port(s), it support one to one failure.

#

Port 1 - management (dynamic AP-Manager unchecked) - VLAN 10

Port 2 - AP-Manager1 - VLAN 20

Port 3 - AP-Manager2 - VLAN 20

That's the only way I can think of where you would 'seperate' the management and AP-Manager interface.

// Yes, you need multiple AP manager(s) for max redundancy.

No. of configurable AP manager is equal to no. of available physical port.

AP-Manager mapped physical port can't have backup port configured, means it can't failover to any another port.

on 5508, Below setting is also applicable/configurable

Port 1 - management (dynamic AP-Manager checked or unchecked) - VLAN 10

Port 2 - AP-Manager1 - VLAN 10

Port 3 - AP-Manager2 - VLAN 10

Port 4 - AP-Manager3 - VLAN 20

Port 5 - AP-Manager4 - VLAN 20

*On WLC, non-lag feature didn't evolve due to lag alternative.

#cannot create two dynamic interface using same VLAN ID, however we can configue two interface to have different vlan ID with similar subnet which is unsupported.

#when lag enabled, both 4400 and 5500 can have one physical port mapped to all interfaces(including all AP managers).

#For AP joining, the difference between AP manager and Management interface on any platform is, Discovery request always hits the Management interface and join request always hits AP-manager of WLC. Basically, need routing from L3 AP vlan to all AP manager(s) and Management vlan of wlc. Remember, can't have APs on dyn VLAN of WLC. May be to avoid all these config hassle, it is suggested to place AP manager and WLC management on same vlan is what i think.

#could run into spanning tree if two dyn interface -one mapped to port-1 with AP management enabled while other mapped to port-2 with AP management disabled that used for WLAN.

#Below are true when using non-lag, if management interface is down and no backup port configured.

new APs can't join, snmp, guest anchor, webauth, new DHCP, Radius requests,.. won't work only openauth & preshared WLAN works.

I'm not 100% sure about all the above, it is strongly suggested to test before implementing any scenarios.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎10-14-2012 10:51 AM

You may want to look at this thread:

https://supportforums.cisco.com/thread/2069292

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎10-14-2012 10:53 AM

Also look at this thread:

https://supportforums.cisco.com/thread/2069292

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Nolan Herring
Level 1
Level 1
In response to Scott Fella

‎10-14-2012 11:40 AM

Thanks for the reply Scott

Those links are both the same, so I think you copied the same one twice on accident.

BUT....I have already read that thread =)

Read a bunch of threads to assist with my understanding of this subject, and gone over the config guide in my original post multiple times

My quesiton still remains though  =(

For a situation where you can't use LAG, but you want load balancing (meaning your using more than the one default AP-Manager interface), is where my question would come into play.

Statement #2 to me would be like this

Port 1 -- management primary + AP-Manager1 -- VLAN 10

Port 2 -- management backup + AP-Manager2 -- VLAN 10

You can't seperate the management / default AP-Manager because they're both under the management interface, so its going to be on the same VLAN/subnet etc.

Another point to mention is this statement which i think people take too literal:

"You don't need to configre AP Manager on a 5508"

To me this statement means that you don't need to make an AP-Manager interface yourself (like you did on the 4400), because its already enabled by default under the management interface. BUT....if you can't use LAG and you want to have load balancing and use more than just the port 1, then you WILL have to make more AP-Manager interfaces. Everytime I read a post where someone is configuring a non-LAG configuration with load-balancing on multiple ports, people keep quoting that statement incorrectly.

Anyhow, statement 1 to me means this --- i think --- but this is where I need clarification

Port 1 - management (dynamic AP-Manager unchecked) - VLAN 10

Port 2 - AP-Manager1 - VLAN 20

Port 3 - AP-Manager2 - VLAN 20

That's the only way I can think of where you would 'seperate' the management and AP-Manager interface.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Nolan Herring

‎10-14-2012 11:44 AM

This was the thread I wanted to post:

https://supportforums.cisco.com/message/3432802#3432802

"If" you want to keep an individual port configuration, and need more than 60 APs connected, you will need to create more than one "ap-manager" interface. You will just make a new dyanamic intreface and place it on the same network as the current ap manager (ie, management interface) and mark it for dynamic ap management. All APs will still need to only see the management interface for joining; the WLC will assign to the appropriate AP manager as needed. The WLC will fill up the first AP manager before joining building tunnels through the next AP-manager interface, so in your lab you will not really be able to test this behavior, assuming the 3-4 APs you were using.
1. You can keep your management interface with "dynamic ap management" enabled so this serves as the first AP manager; if you desire. 
2. You will need to create another dynamic interface mapped to the next port. enabled "dynamic ap management" again here, and place this new "ap-manager" interface on the same vlan as the mgmt. Keep in mind creating a dynamic interface and designating it as an AP manager prevents mapping that interface to a WLAN, see note below.
*NOTE (from config guide): When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Nolan Herring
Level 1
Level 1
In response to Scott Fella

‎10-14-2012 12:01 PM

Well still doesn't really answer my question, but not for a lack of trying ! lol

The original statement in red above "the management interface must be on a different VLAN than any dynamic AP-manager interface" still confuses me as all of the explanations have the management and AP-Manager interfaces on the same VLAN.

The only time it makes sense to me is if you were to disable the default AP-Manager interface under the management interface (uncheck dynamic AP-Managment), and make your own. Only then would I think you would have to ensure you place it on a different VLAN. Otherwise when they are 'bundled together' , they would be on the same VLAN.

I hope that makes sense lol, trying to type as little as possible and I appreciate your help !

0 Helpful

Go to solution
Nolan Herring
Level 1
Level 1
In response to Nolan Herring

‎10-14-2012 01:08 PM

That's just it Scott. I mean this is my confusion.

Doesn't this contradict what you just said?

"the management interface must be on a different VLAN than any dynamic AP-manager interface"

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Nolan Herring

‎10-14-2012 01:22 PM

Is it confusing... yeah.   Not every doc is worded correct and not every doc is correct.  What I was trying to show you is what others have done.  It doesn't matter what the doc says, if it doens't work that way.  Others have tested using multiple ap managers and really, you need to see what works for them and what doesn't.  Again... my preference on the 5508 is to put the managment and ap manager in the same vlan.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎10-14-2012 12:24 PM

You can have the ap manager on the same or different vlan. The AP's still need to be able to communicate to the management unlike the 4400's in which communication is just to the ap manager. It's recommended on the same subnet as the management.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎10-14-2012 09:38 PM

#First statement:

// Each WLC's physical port can strictly have only one AP-Manager, 5500's management interface with AP management enabled can't fail to the backup port which is primary for an AP-Manager(on management/dyn vlan).

you may think it is dumb to have this restriction on this high capacity wlc while single management interface with AP management can handle all the APs on one port. This feature has been inherited from legacy WLC platform.

#Second statement:

// I think, it means keep AP-manager & Management on same vlan & same subnet, don't keep them on same vlan and different subnet. "Configuring a dynamic interface with a secondary subnet is not supported".

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml#dyn-interface

#The scenario that I think the first statement is talking about is if you disable dynamic AP-Manager on the management interface, which is enabled by default, and try to seperate them. Right/Wrong ?

// If you disable AP Management then i think you should be able to map an AP-Manager to that port.

On management interface, we can't have AP management enabled and an AP-Manager mapped to dyn interface on same physical port.

One AP Manager per physical interface can be mapped irrespective of VLAN/tag.

On untagged/tagged vlan, we can create multiple dynamic interface that has AP Management enabled as long as their interface IPs are different.

#Statement #2 to me would be like this

Port 1 -- management primary + AP-Manager1 -- VLAN 10

Port 2 -- management backup + AP-Manager2 -- VLAN 10

You can't seperate the management / default AP-Manager because they're both under the management interface, so its going to be on the same VLAN/subnet etc.

//

Port 1 -- management primary + AP-Manager1 -- VLAN 10 ===> not valid config if AP management enabled.

Port 2 -- management backup + AP-Manager2 -- VLAN 10 ===> this config is accepted but it won't work.

you can configure all AP-manager(s) with VLAN10 but it needs separate physical port mapping.

#

"You don't need to configre AP Manager on a 5508"

// Yes, it is optional, if one physical port in use or when redundancy not enabled/used. unfotunately, current non-lag architecture doesn't support failing to one of multiple availble port(s), it support one to one failure.

#

Port 1 - management (dynamic AP-Manager unchecked) - VLAN 10

Port 2 - AP-Manager1 - VLAN 20

Port 3 - AP-Manager2 - VLAN 20

That's the only way I can think of where you would 'seperate' the management and AP-Manager interface.

// Yes, you need multiple AP manager(s) for max redundancy.

No. of configurable AP manager is equal to no. of available physical port.

AP-Manager mapped physical port can't have backup port configured, means it can't failover to any another port.

on 5508, Below setting is also applicable/configurable

Port 1 - management (dynamic AP-Manager checked or unchecked) - VLAN 10

Port 2 - AP-Manager1 - VLAN 10

Port 3 - AP-Manager2 - VLAN 10

Port 4 - AP-Manager3 - VLAN 20

Port 5 - AP-Manager4 - VLAN 20

*On WLC, non-lag feature didn't evolve due to lag alternative.

#cannot create two dynamic interface using same VLAN ID, however we can configue two interface to have different vlan ID with similar subnet which is unsupported.

#when lag enabled, both 4400 and 5500 can have one physical port mapped to all interfaces(including all AP managers).

#For AP joining, the difference between AP manager and Management interface on any platform is, Discovery request always hits the Management interface and join request always hits AP-manager of WLC. Basically, need routing from L3 AP vlan to all AP manager(s) and Management vlan of wlc. Remember, can't have APs on dyn VLAN of WLC. May be to avoid all these config hassle, it is suggested to place AP manager and WLC management on same vlan is what i think.

#could run into spanning tree if two dyn interface -one mapped to port-1 with AP management enabled while other mapped to port-2 with AP management disabled that used for WLAN.

#Below are true when using non-lag, if management interface is down and no backup port configured.

new APs can't join, snmp, guest anchor, webauth, new DHCP, Radius requests,.. won't work only openauth & preshared WLAN works.

I'm not 100% sure about all the above, it is strongly suggested to test before implementing any scenarios.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card