Solved: Re: Yes, you should use 192.0.2.x

Peter Boerjesson · ‎02-02-2017

I know a lot of documentation says the virtual ip should be 1.1.1.1 and that's what I've used previously. But I recall a friend of mine saying the 1.1.1.1 had been allocated and would actually be used on the internet hence that's a bad address to use now. I know cisco recommended another one (which also is public but would never be used). I've totally forgotten what the new recommended IP address should be, could someone help me out here?

Br

//Peter

johnlloyd_13 · ‎02-04-2017

hi,

per my WIFUND notes, the virtual interface is used for certain client management functions such as DHCP request and mobility/roaming functions (every controller in the same mobility group should be configured with identical virtual address).

best practice is to use the RFC 1918 address space or RFC 5737 (192.0.2.0/24).

View solution in original post

Rasika Nayanajith · ‎02-05-2017

Yes, you should use 192.0.2.x range as it is the recommended best practice (no longer 1.1.1.1)

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html#pgfId-380525

HTH

Rasika

View solution in original post

Francesco Molino · ‎02-02-2017

Hi

This IP wouldn't be routed and just local to the wlc. If you use 1.1.1.1 it doesn't matter. It will be used only for the guest redirection internally to the wlc.

However if you gonna import a trusted certificate, you will need to add the wlc name with this IP in your dns and for that i would like to suggest to use 1 of your internal ip like you do when you create a loopback on your routers.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Peter Boerjesson · ‎02-03-2017

I know you're correct from a technical point of view and I could use any rfc1918 address i would like to without any issues. Anyway I managed to get a hold of a friend who knew it and new recommendations are 192.0.2.x/24 (by that I assume most people will use .1).

Br

//Peter

Scott Fella · ‎02-03-2017

Just to add... VIP doesn't matter what you use unless you import a certificate like Francesco mentioned. Some still use 1.1.1.1 or 2.2.2.2 or 10., 172. 192.. They all work. With a cert, sometimes you have to use a public IP address to resolve the fqdn is your ISP host the dns servers.

i have used the 192.0. The last two octets of the controllers ip.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

Peter Boerjesson · ‎02-06-2017

In general I just want "right to be right" (not sure that translates good from Swedish. But I prefer to do as much as best practice. But RFC5737 in combination with what cisco recommends that was what I was after. In this particular case certificates is involed as well though. Case closed and thanks for all the help.

Br

//Peter

luceroc · ‎10-03-2017

Scott, Are you saying that if youhave 2 WLCs in a RF group or providing access to a building, that you have two different virtual interface IPs? Are they both unique 192.0.x.y? I thought they were supposed to be the same across all controllers ina group?

jham1992 · ‎07-17-2018

How does importing a cert effect affect the Virtual IP? I have this issue on multiple controllers. Android devices won't connect. Some have certs that were imported. It was recommended that I get a cert, but another party recommended I change the virtual IP. The current VIP is 1.1.1.1

quintinellis · ‎08-06-2019

Hi Scott,

So my understanding of the virtual IP is that it is globally used from WLC perspective for all configured SSID clients (DHCP, roaming mobility)?

So if you need to change this to a public IP for DNS resolution from ISP (BYOD SSID on anchor WLC's), how does this affect the "safety" of the private/corporate internal SSID's?

Or is this where the cert comes in?

Where do you install the cert, only on anchor side?

Thanks

Quintin

johnlloyd_13 · ‎02-04-2017

hi,

per my WIFUND notes, the virtual interface is used for certain client management functions such as DHCP request and mobility/roaming functions (every controller in the same mobility group should be configured with identical virtual address).

best practice is to use the RFC 1918 address space or RFC 5737 (192.0.2.0/24).

danweav · ‎05-08-2017

Just note that in 8.3, the Spartan dashboard's Best Practice tab will flag it as not following best practices if you are using RFC 5737 addressing. So it appears per the BU, that has changed.

Rasika Nayanajith · ‎02-05-2017

Yes, you should use 192.0.2.x range as it is the recommended best practice (no longer 1.1.1.1)

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html#pgfId-380525

HTH

Rasika

luceroc · ‎10-03-2017

Hello Rasika et all, I too have all of my controllers set to use the "old best practice" of 1.1.1.1. In trying to sync up with current best practices do you happen to know how this will affect the users? Isn't that kind of tied into the DHCP communications and redirects? I guess my real question is what kind of downtime would this result in by changing the virtual? I will test this in my lab to be sure but thought it might be a good discussion topic in this thread.

Thanks.

mendiratta_vimal · ‎05-14-2018

Hi Rasika,

Links you shared does not exist.

Please advise.

I am using two 8540 WLCs in different DCs in HA.

I am cnofused about the Virtual IP, should i take the mgmt ip for my primary controller or some diff IP.

Please advise.

Thank you.

Regards,

Vimal.

Rasika Nayanajith · ‎05-14-2018

Hi Vimal,

I think you are talking about management IP address of Active & Standby unit ? Is that correct ?

For Virtual Interface IP Address, it is recommend to use 192.0.2.1

See below example

(WLC-Primary) >show interface summary

management LAG 1000 10.10.0.150 Static Yes No

redundancy-management LAG 1000 10.10.0.148 Static No No

redundancy-port - untagged 169.254.0.149 Static No No

virtual N/A N/A 192.0.2.1 Static No No

(WLC-Standby) >show interface summary

management LAG 1000 10.10.0.150 Static Yes No

redundancy-management LAG 1000 10.10.0.149 Static No No

redundancy-port - untagged 169.254.0.149 Static No No

virtual N/A N/A 192.0.2.1 Static No No

HTH

Rasika

*** Pls rate all useful responses **

mendiratta_vimal · ‎05-16-2018

Hi Rasika,

Thank you very much for your reply.

I have few queries within your reply.

1. How come primary and secondary wlc has same Management IP?

2. Virtual IP: is this something I have to initialise locally to the controller or it should be advertised to the network (APs).

Regards,

Vimal.

what virtual IP should i use on a cisco WLC