09-20-2014 07:54 PM - edited 07-05-2021 01:34 AM
Hello,
I'm in the process of deploying a WLC2504 in an eviroment which requires a private VLAN for access to file servers and other network resources, as well as a guest network for internet access.
As far as performance is concerned, will I get acceptable throughput on my WLANs with the CAPWAP tunnel flowing over the same subnet as the private network? I've seen some suggestions that recommend a separate VLAN dedicated to CAPWAP, but I don't know if this is just a suggestion for security. I understand that CAPWAP supports encryption of control messages, but not data transmissions without additional licensing. If this is just a suggestion for security, I don't think this is much of a concern. I don't see anyone on the private network intercepting guest transmissions. Could someone please advise me on this?
Solved! Go to Solution.
09-21-2014 09:11 AM
Just to add, there is no performance issue unless your subnet itself has too much chatter. Typically I will put the ap's in its own subnet or multiple subnets depending on how many access points. I never will place wireless traffic on the same subnet as the access points, but that is my preference. Some companies will place AP's in its own subnet on a per closet basis and others will span that vlan and place ap's on the same vlan.
Wireless throughput, depends on the number of clients on the AP, the connection the AP has to the wired side, interference, co-channel interference, modulation between the AP and client, throughput from the access switch to the core. So many things can affect throughput, but CAPWAP will not.
Scott
09-20-2014 10:03 PM
Your wireless throughput is not affected by CAPWAP. CAPWAP is the standard protocol used any controller based solution to communicate from AP to WLC & You cannot change it.
Once you put AP management into different vlan, all your CAPWAP traffic going from AP to WLC will be on that vlan. If your wireless users are on a different vlan, that IP traffic will be encapsulated into CAPWAP by AP & send to WLC.
HTH
Rasika
**** Pls rate all useful responses ****
09-21-2014 07:40 AM
Thanks for the reply. I understand the necessity for the CAPWAP tunnel and how it facilitates the connection between the WLC and the APs. I'm trying to figure out if there are substantial performance benefits to giving CAPWAP its own VLAN dedicated for just that traffic. The current setup I have for my wireless solution involves the WLC and APs residing in the same network as the private network which I'm assigning a SSID of Private-Network. Everything seems to work, but I'm curious if I could get better wireless throughput by having a dedicated CAPWAP VLAN.
09-21-2014 09:11 AM
Just to add, there is no performance issue unless your subnet itself has too much chatter. Typically I will put the ap's in its own subnet or multiple subnets depending on how many access points. I never will place wireless traffic on the same subnet as the access points, but that is my preference. Some companies will place AP's in its own subnet on a per closet basis and others will span that vlan and place ap's on the same vlan.
Wireless throughput, depends on the number of clients on the AP, the connection the AP has to the wired side, interference, co-channel interference, modulation between the AP and client, throughput from the access switch to the core. So many things can affect throughput, but CAPWAP will not.
Scott
09-21-2014 10:42 AM
Thanks for your clarification guys! I'm in the process of installing my fist CUWN. We are implementing 10 APs and have dealt with a few issues, namely throughput for laptops. I knew other factors could definitely come into play, but I wanted to rule topology out. Laptops are currently pulling very low internet speed tests results, whereas mobile devices seem to fare much better. I've tried testing with mostly 2.4 GHz connections from laptops, but even the 5GHz seem to struggle. I'm working with the Cisco TAC a bit on this one. Per their suggestion, I'm going to run Iperf to test internal performance before I involve network firewalls and Internet connectivity in the mix.
09-21-2014 12:02 PM
One thing to also test is connect a laptop to the same subnet as the wireless clients are being placed on. Using iperf to test both wired and wireless helps. You need to verify if the wired side works first so your not chasing your tail thinking it's a wireless issue. Make sure you client device also has the latest manufacture wireless NIC update. Typically with windows laptops.
Scott
09-21-2014 12:06 PM
Other things to note when posting is to let us know what code you are running and AP type. With the 2504, running v7.4.121.0 and having FUS 1.9.0.0 is pretty stable. v7.6.130.0 is okay to if you need features that v7.4 doesn't provide. Any other code, you should stay away from.
Scott
09-21-2014 05:22 PM
Thanks for the suggestions I'm currently running 7.6.120.0. I'm using 1602 APs.
09-21-2014 05:31 PM
7.6.120.0 is not a very good code to be in :(
Here is the list of bugs fixed in 7.6.130.0 & it is highly recommend to move onto that code.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn76mr03.html#pgfId-1227879
HTH
Rasika
**** Pls rate all useful responses ****
09-22-2014 03:49 PM
Thanks, I'll be downloading the new code today!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide