Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

Separate mgmt and AP_manager VLANs in Virtual WLC

5mlarsson
Level 1
Level 1

‎05-30-2016 03:54 AM - edited ‎07-05-2021 05:09 AM

I would like to have the vWLC management and "APmanager" functionality on separate VLANs. For security reasons I don't like exposing the manager IP to all places where I place APs. But when I disable DYNAMIC-AP-MGMT on the management if and enable it on another IF the VWLC complains that the JOIN message comes in on a wrong VLAN and rejects the  AP join. 

Is it possible to separate the mgmt and APManager to different VLANs? Maybe to use the out of band service port for mgmt and put an CPU access list on the data port to block exposed mgmt protocols like https?

Or did I misunderstand how this is supposed to work?

Labels:
0 Helpful
1 Reply 1

Scott Fella
Hall of Fame
Hall of Fame

‎05-30-2016 07:14 AM

I don't think you can do this with a vWLC, but in general, the newer code, AP's still had to communicate via the management before it tries to use a dynamic interface.  You would have to play around with the VM and create multiple vlans and try to map those properly, but again, I haven't used many vWLC.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card