Solved: WLAN with no IP configured on the controller

vladakoci · ‎01-31-2013

I need to configure a WLAN that would be associated with a specific VLAN, but need to have L2 only on the controller.

Means I need !no IP address! configured on the interface on the controller.

Here is an example

config interface create test 71

config interface vlan test 71

config interface address dynamic-interface test 10.1.1.100 255.255.255.0 10.1.1.1

I can't create a corresponding WLAN without configuring an IP address on the interface through the above line. The controller does not allow me to do it.

Because of security I need no IP on the controller.

Does anyone know is this possible ?

Thank you.

Vlad

Scott Fella · ‎02-01-2013

No... The WLC bridges traffic so having an IP address on an interface doesn't affect a pure layer 2 VLAN unless for some reasons your devices don't need IP address. The wlc can't router and only bridges traffic. If its a security policy that you have, we'll that makes it tough. I just had a customer call regarding the same thing and they were eventually fine with doing it since we can place an ACL'S on the wlc to block traffic to any internal network. Other than that, they to wanted that layer 2 functionality

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎01-31-2013

It is not possible.... the WLC requires an ip address on all dynamic interfaces in order to communicate to that subnet. So even though you might have a layer 2 vlan with no svi, the WLC needs an address along with any other devices on that layer 2 subnet to communicate.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

vladakoci · ‎02-01-2013

Thank you Scott,

what I realized later, not only the controller needs IP address on the interface but also DHCP server ( relay ) needs to be configured in case one needs to use DHCP within WLAN.

So something like pure L2 WLAN does not exist. I guess this is a just a question of controller OS, does anyone know is there a plan to have it implemented in future version ?

Vlad

Scott Fella · ‎02-01-2013

No... The WLC bridges traffic so having an IP address on an interface doesn't affect a pure layer 2 VLAN unless for some reasons your devices don't need IP address. The wlc can't router and only bridges traffic. If its a security policy that you have, we'll that makes it tough. I just had a customer call regarding the same thing and they were eventually fine with doing it since we can place an ACL'S on the wlc to block traffic to any internal network. Other than that, they to wanted that layer 2 functionality

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

vladakoci · ‎02-01-2013

Thanks Scott, yes, we know we can apply ACL and that there is no routing on the controller. I just needed to hear what you said.

Scott Fella · ‎02-01-2013

oh okay.... one thing you might look at is the 3850 or the 5760 which is the new IOS WLC's. As far a s I know, you have a mangement address but might work in your case. Not 100% sure since i'm still testing that out and learning it:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***