cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4041
Views
14
Helpful
9
Replies

Separate VLAN for CAPWAP

dmcgrath-PTI
Level 1
Level 1

Hello,

I'm in the process of deploying a WLC2504 in an eviroment  which requires a private VLAN for access to file servers and other network resources, as well as a guest network for internet access. 

As far as performance is concerned, will I get acceptable throughput on my WLANs with the CAPWAP tunnel flowing over the same subnet as the private network? I've seen some suggestions that recommend a separate VLAN dedicated to CAPWAP, but I don't know if this is just a suggestion for security. I understand that CAPWAP supports encryption of control messages, but not data transmissions without additional licensing. If this is just a suggestion for security, I don't think this is much of a concern. I don't see anyone on the private network intercepting guest transmissions. Could someone please advise me on this?

1 Accepted Solution

Accepted Solutions

Just to add, there is no performance issue unless your subnet itself has too much chatter.  Typically I will put the ap's in its own subnet or multiple subnets depending on how many access points.  I never will place wireless traffic on the same subnet as the access points, but that is my preference.  Some companies will place AP's in its own subnet on a per closet basis and others will span that vlan and place ap's on the same vlan.  

Wireless throughput, depends on the number of clients on the AP, the connection the AP has to the wired side, interference, co-channel interference, modulation between the AP and client, throughput from the access switch to the core.  So many things can affect throughput, but CAPWAP will not.

Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

9 Replies 9

Your wireless throughput is not affected by CAPWAP. CAPWAP is the standard protocol used any controller based solution to communicate from AP to WLC & You cannot change it.

Once you put AP management into different vlan, all your CAPWAP traffic going from AP to WLC will be on that vlan. If your wireless users are on a different vlan, that IP traffic will be encapsulated into CAPWAP by AP & send to WLC.

 

HTH

Rasika

**** Pls rate all useful responses ****

Thanks for the reply. I understand the necessity for the CAPWAP tunnel and how it facilitates the connection between the WLC and the APs. I'm trying to figure out if there are substantial performance benefits to giving CAPWAP its own VLAN dedicated for just that traffic. The current setup I have for my wireless solution involves the WLC and APs residing in the same network as the private network which I'm assigning a SSID of Private-Network. Everything seems to work, but I'm curious if I could get better wireless throughput by having a dedicated CAPWAP VLAN. 

Just to add, there is no performance issue unless your subnet itself has too much chatter.  Typically I will put the ap's in its own subnet or multiple subnets depending on how many access points.  I never will place wireless traffic on the same subnet as the access points, but that is my preference.  Some companies will place AP's in its own subnet on a per closet basis and others will span that vlan and place ap's on the same vlan.  

Wireless throughput, depends on the number of clients on the AP, the connection the AP has to the wired side, interference, co-channel interference, modulation between the AP and client, throughput from the access switch to the core.  So many things can affect throughput, but CAPWAP will not.

Scott

-Scott
*** Please rate helpful posts ***

dmcgrath-PTI
Level 1
Level 1

Thanks for your clarification guys! I'm in the process of installing my fist CUWN. We are implementing 10 APs and have dealt with a few issues, namely throughput for laptops. I knew other factors could definitely come into play, but I wanted to rule topology out. Laptops are currently pulling very low internet speed tests results, whereas mobile devices seem to fare much better. I've tried testing with mostly 2.4 GHz connections from laptops, but even the 5GHz seem to struggle. I'm working with the Cisco TAC a bit on this one. Per their suggestion, I'm going to run Iperf to test internal performance before I involve network firewalls and Internet connectivity in the mix. 

One thing to also test is connect a laptop to the same subnet as the wireless clients are being placed on. Using iperf to test both wired and wireless helps.  You need to verify if the wired side works first so your not chasing your tail thinking it's a wireless issue.  Make sure you client device also has the latest manufacture wireless NIC update. Typically with windows laptops. 

Scott

-Scott
*** Please rate helpful posts ***

Other things to note when posting is to let us know what code you are running and AP type. With the 2504, running v7.4.121.0 and having FUS 1.9.0.0 is pretty stable. v7.6.130.0 is okay to if you need features that v7.4 doesn't provide. Any other code, you should stay away from. 

Scott

-Scott
*** Please rate helpful posts ***

Thanks for the suggestions I'm currently running 7.6.120.0. I'm using 1602 APs. 

7.6.120.0 is not a very good code to be in :(

Here is the list of bugs fixed in 7.6.130.0 & it is highly recommend to move onto that code.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn76mr03.html#pgfId-1227879

 

HTH

Rasika

**** Pls rate all useful responses ****

Thanks, I'll be downloading the new code today!

Review Cisco Networking for a $25 gift card