Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
2
Replies

WLC 5508 configuration advice and sanity check

skysurf76
Level 1
Level 1

‎12-27-2018 08:01 PM - edited ‎07-05-2021 09:38 AM

I've been the unofficial IT guy at a bowling center for about 10 years now and previously I was just using cheap home wifi equipment for the WIFI.  It never worked very well so I embarked on a project to try make a "professional" setup.  I am an EE by training, and since starting the project have devoted a lot of time to learning about WLANs.  20 Years ago I was a network system admin, so I have a fairly thorough knowledge of networking (wired at least).

 

So here is the setup.  Three netgear gs100tp managed switches evenly spread throughout the building.  Two single mode fiber lines between all three locations going into SFP modules in the switches with RSTP configured on all the fiber ports because the fiber makes a loop.  Right now I have 3 autonomous AP's (2602i) running on the netgear gs110tp switches.  It was a stop gap measure while I worked on the larger project.

 

For the final plan I have 5 aironet 3602i's and 3 aironet 2602i's spaced throughout the building on ceiling mounts, and a WLC 5508 running 8.5.120. 

 

I've gone through the 5508 config guide, and I need some help on the VLAN/management interface configuration.  From what I have read all the AP traffic gets directed to the WLC so I won't have to worry about VLAN tagging on the AP ports on the switches, only the WLC ports and switch trunk ports to the router.  I plan on setting up an employee WLAN when setting up the 5508 on VLAN 0 (native cisco VLAN with no tagging) that will give me access to all the devices from a laptop on that WLAN.  If I make that VLAN 0 then it should be untagged and stay on the default management VLAN on the switches  Then I will setup the customer WLAN on VLAN 10 and configure the switch for VLAN 10 on the 5508 port, and do the tagging for VLAN 10 for the trunks to get it to the router.

 

Figured I would make a post before I tried to set it up in the hopes that someone who has done it before could give me some advice that might save me a few hours of head scratching.

 

Thanks in advance for the help.

 

 

0 Helpful
2 Replies 2

JB10
Level 1
Level 1

‎12-28-2018 02:06 PM

Skysurf,

 

You are correct that when you deploy APs in the lite weight fashion they will tunnel all traffic to the controller. This means the only Vlan you need to worry about dragging to your access switches is the one you want your controller and APs to talk on. This also allows your APs to be plugged directly into access ports vs trunk ports with the native being your management to talk to the AP.

 

I do not believe the untagging will work how you think it might as your APs and controller will be talking on the same network as one of the WLANs which means you are creating a tunnel for a network within the same network if you think about it logically. I feel this might cause a headache by itself. I will let someone else comment on that as it might work (I have never tried). 

 

also the port between your controller and switch should be a trunk. I read it as you were going to have it an access port for vlan 10 which wouldn't allow the APs and controller to talk.

 

Hope this helps clear things up

 

0 Helpful

skysurf76
Level 1
Level 1
In response to JB10

‎12-28-2018 02:41 PM - edited ‎12-28-2018 02:42 PM

Ok that helped alot.  I realize now that communication between the APs and the controller is not a security risk and can be run on the native VLAN, as none of the communication from the APs can go anywhere except the controller.  No matter how many WLAN/VLAN combinations you have, all traffic from the APs just comes back to the controller, and that is where the data gets split into its various WLAN/VLAN configurations and sent out of the controller.

 

I think I understand what you mean about the untagged WLAN.  My goal though is to have a secured admin WLAN that will allow me access to the untagged (default) VLAN that all my equipment management interfaces are running on so I can access/configure them all.  I am new to 802.1q VLAN tagging, but from my reading so far I have learned that any packet that enters untagged into an 802.1q switch is automatically placed on the native/default/management VLAN (assuming that port is configured to accept untagged traffic).  I will then create an additional WLAN on VLAN 10 that has no security for the customers, and that VLAN will be configured to get the traffic from the controller to the router.

 

Thank you for verification about the AP/Controller communication relationship.  That helps a ton.

 

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card