Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1090
Views
0
Helpful
6
Replies

WLC and ap vlan communication

luthierone
Level 1
Level 1

‎11-01-2007 05:34 AM - edited ‎07-03-2021 02:52 PM

Hi,

I have a need to vlan tag traffic between my wlc and aps. I see where you can set this under controller -> interfaces -> management and ap-manager interfaces and vlan identifier. My question is...once this is done, how does the ap know to tag its traffic bound for the wlc? Is there a command I need to run on the ap? Or is there something I can do in the wlc software?

thanks,

Labels:
0 Helpful
6 Replies 6

dennischolmes
Level 7
Level 7

‎11-01-2007 08:32 AM

I would use a separate vlan identifier for the APs from my client SSID/WLANs. For the WLANs add a dynamic interface for each in the subnet it exists. Make sure to tag the appropriate vlan tag here. You can do the same thing for the APs on the mgt and AP mgr interfaces. Make sure all ports on the switches are trunked for appropriate vlans. oOnce this is done the APs get their configuration from the controller. You only must insure that they can discover the controller. You can achieve this through the use of option 43, DNS discovery, or priming the APs.

0 Helpful

luthierone
Level 1
Level 1
In response to dennischolmes

‎11-01-2007 10:17 AM

Thanks,

That's what I gathered from cisco's site when they said that lwapp ap's dont understand vlan tagging. So I just set them up in another subnet and used dns to find the CISCO-LWAPP-CONTROLLER. I have two wlans, one is a guest wlan that uses the cisco controller to authenticate. That one is working great with the new ap's. The other..however uses a microsoft ias server for auth. and that doesn't seem to be working with the new ap's in the other subnet. It does work fine with the other ap's though. Is there something I overlooked?

0 Helpful

cweatherford
Level 1
Level 1
In response to luthierone

‎11-01-2007 11:17 AM

I do not know IAS but in Cisco ACS you need to add the network device and setup the secret key, this has been done?

Back to your original question: you do have your WCS, WLC and access points all on different VLAN's? Your clients should be on their own VLANS

0 Helpful

santosengineer
Level 1
Level 1
In response to cweatherford

‎11-03-2007 09:26 PM

are you using laps in reap mode or hreap? To my understanding you cant do multiple vlans with reap laps.

0 Helpful

luthierone
Level 1
Level 1
In response to santosengineer

‎11-07-2007 07:37 AM

Actually it does work...just seems to connect slower on the different subnet.

thanks,

0 Helpful

erikszewczyk
Level 1
Level 1
In response to luthierone

‎11-07-2007 08:08 AM

You should be connecting your APs to access ports, not trunks; so VLAN tagging is irrelevant (even if you were to tag it the switch would overwrite). The VLANs where clients are terminated are all defined on the WLCs (which is the client data ingress/egress point).

I'd double-check your RADIUS and IAS configuration, you should have only a single client for each WLC defined in your RADIUS server, and need only one RADIUS server defined on any given WLC (although once you have it working you should setup a secondary for redundancy). Remember, it's not the APs that are performing authentication, it's the WLCs.

Erik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card