cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
27705
Views
40
Helpful
22
Replies

what virtual IP should i use on a cisco WLC

I know a lot of documentation says the virtual ip should be 1.1.1.1 and that's what I've used previously. But I recall a friend of mine saying the 1.1.1.1 had been allocated and would actually be used on the internet hence that's a bad address to use now. I know cisco recommended another one (which also is public but would never be used). I've totally forgotten what the new recommended IP address should be, could someone help me out here?

Br

//Peter

2 Accepted Solutions

Accepted Solutions

hi,

per my WIFUND notes, the virtual interface is used for certain client management functions such as DHCP request and mobility/roaming functions (every controller in the same mobility group should be configured with identical virtual address).

best practice is to use the RFC 1918 address space or RFC 5737 (192.0.2.0/24).



View solution in original post

Yes, you should use 192.0.2.x range as it is the recommended best practice (no longer 1.1.1.1)

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html#pgfId-380525

HTH

Rasika

View solution in original post

22 Replies 22

Francesco Molino
VIP Alumni
VIP Alumni

Hi

This IP wouldn't be routed and just local to the wlc. If you use 1.1.1.1 it doesn't matter. It will be used only for the guest redirection internally to the wlc.

However if you gonna import a trusted certificate, you will need to add the wlc name with this IP in your dns and for that i would like to suggest to use 1 of your internal ip like you do when you create a loopback on your routers.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

I know you're correct from a technical point of view and I could use any rfc1918 address i would like to without any issues. Anyway I managed to get a hold of a friend who knew it and new recommendations are 192.0.2.x/24 (by that I assume most people will use .1).

Br

//Peter

Just to add... VIP doesn't matter what you use unless you import a certificate like Francesco mentioned.  Some still use 1.1.1.1 or 2.2.2.2 or 10., 172. 192..  They all work.  With a cert, sometimes you have to use a public IP address to resolve the fqdn is your ISP host the dns servers.

i have used the 192.0. The last two octets of the controllers ip.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***

In general I just want "right to be right" (not sure that translates good from Swedish. But I prefer to do as much as best practice. But RFC5737 in combination with what cisco recommends that was what I was after. In this particular case certificates is involed as well though. Case closed and thanks for all the help.

Br

//Peter

Scott,  Are you saying that if youhave 2 WLCs in a RF group or providing access to a building, that you have two different virtual interface IPs?    Are they both unique 192.0.x.y?  I thought they were supposed to be the same across all controllers ina group? 

How does importing a cert effect affect the Virtual IP? I have this issue on multiple controllers. Android devices won't connect. Some have certs that were imported. It was recommended that I get a cert, but another party recommended I change the virtual IP. The current VIP is 1.1.1.1

Hi Scott,

So my understanding of the virtual IP is that it is globally used from WLC perspective for all configured SSID clients (DHCP, roaming mobility)?

So if you need to change this to a public IP for DNS resolution from ISP (BYOD SSID on anchor WLC's), how does this affect the "safety" of the private/corporate internal SSID's?

Or is this where the cert comes in?

Where do you install the cert, only on anchor side?

 

Thanks

Quintin

hi,

per my WIFUND notes, the virtual interface is used for certain client management functions such as DHCP request and mobility/roaming functions (every controller in the same mobility group should be configured with identical virtual address).

best practice is to use the RFC 1918 address space or RFC 5737 (192.0.2.0/24).



Just note that in 8.3, the Spartan dashboard's Best Practice tab will flag it as not following best practices if you are using RFC 5737 addressing.  So it appears per the BU, that has changed.

Yes, you should use 192.0.2.x range as it is the recommended best practice (no longer 1.1.1.1)

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html#pgfId-380525

HTH

Rasika

Hello Rasika et all,  I too have all of my controllers set to use the "old best practice" of 1.1.1.1.  In trying to sync up with current best practices do you happen to know how this will affect the users?  Isn't that kind of tied into the DHCP communications and redirects?  I guess my real question is what kind of downtime would this result in by changing the virtual?  I will test this in my lab to be sure but thought it might be a good discussion topic in this thread.  

Thanks.

Hi Rasika,

 

Links you shared does not exist.

Please advise.

I am using two 8540 WLCs in different DCs in HA.

I am cnofused about the Virtual IP, should i take the mgmt ip for my primary controller or some diff IP.

Please advise.

Thank you.

Regards,

Vimal.

Hi Vimal,

 

I think you are talking about management IP address of Active & Standby unit ? Is that correct ?

 

For Virtual Interface IP Address, it is recommend to use 192.0.2.1

 

See below example

(WLC-Primary) >show interface summary

management                   LAG  1000      10.10.0.150     Static  Yes    No  

redundancy-management        LAG  1000      10.10.0.148     Static  No     No  

redundancy-port              -    untagged  169.254.0.149   Static  No     No  

virtual                      N/A  N/A       192.0.2.1       Static  No     No 

 

(WLC-Standby) >show interface summary

management                   LAG  1000      10.10.0.150     Static  Yes    No  

redundancy-management        LAG  1000      10.10.0.149     Static  No     No  

redundancy-port              -    untagged  169.254.0.149   Static  No     No  

virtual                      N/A  N/A       192.0.2.1       Static  No     No   

 

HTH

Rasika

*** Pls rate all useful responses **

Hi Rasika,

 

Thank you very much for your reply.

 

I have few queries within your reply.

 

1. How come primary and secondary wlc has same Management IP?

2. Virtual IP: is this something I have to initialise locally to the controller or it should be advertised to the network (APs).

 

Regards,

Vimal.

Review Cisco Networking for a $25 gift card