Re: WLC C9800 replacing 2504 - Is VLAN required?

jtrombley · ‎11-30-2022

Hello Cisco community!

We currently have a WLC 2504 that uses 1 of the 4 physical ports for both "device management" and "AP management" on the same subnet. There is no VLAN configured on the WLC nor the switch. In fact, we have a completely flat network - no VLANs. The outbound wireless traffic goes through a 2nd port on the WLC directly to our firewall, via cable, for guest internet access only. We don't have internal wireless access (though it could be turned on - it is configured but disabled). The 2504 is end of life and I am looking at the 9800. However, all the setup documentation and videos I have seen appear to require the AP management interface to be assigned a VLAN with tagging. Is that true? Is there a way to configure the 9800 so the AP management port has no, or default, VLAN assigned? APs are scattered over 7 IDFs and we would have to go to every switch group and create VLANs, including our remote site, not to mention keeping track of the ports.

Thanks! Johnny.

Leo Laohoo · ‎11-30-2022

@jtrombley wrote:
There is no VLAN configured on the WLC nor the switch.

VLAN 1

jtrombley · ‎11-30-2022

Hi Leo, thanks for the quick reply! During the setup there is a field called VLAN* and it is required. Are you saying I just need to put a 1 in that field and connect it to the switch to a normal 'Access' port? (no trunk)

jtrombley · ‎11-30-2022

Let me add: It is under the "Wireless Management Settings" section.

Scott Fella · ‎12-01-2022

That is you management interface, so depending on what vlan you want that on, you can specify the vlan or if using a trunk and native vlan, specify the native vlan. It's the same concept as the 2504 or any other model controller.

-Scott
*** Please rate helpful posts ***

jtrombley · ‎12-01-2022

Hi Scott, thanks for the information! I just want to connect the controller's Wireless Management port (for APs) to a regular 'Access' port (no VLAN) on our core switch. Going off both responses I have received, this appears to be possible by using a '1' for the VLAN* number field. Thanks to everyone for the help!

-Johnny

Scott Fella · ‎12-01-2022

There are times when you need to move away from what was done in AireOS and really how you should move forward with a model controller. Wireless management was okay, but I stoped using that design like 10+ years ago, it just doesn't scale well. That is my 2 cents, but if you want to separate your management and ap's and it works in your environment, then that design works.

-Scott
*** Please rate helpful posts ***

marce1000 · ‎12-01-2022

- The 'architectural goal' of the C9800 environment is to have different vlans for ap management and service port (management) for instance, I am not sure this can work (all-in-one-vlan) , anyway use this procedure to verify the controller configuration after trying and or for testing any configuration, before production , when needed : Use the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer. Checkout all advisories!

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

David Ritter · ‎12-01-2022

Leo said it first. VLAN1.

in the absence of any human created vlans, the system will create you ONE!.. Vlan 1. In the past vlan1 was disabled upon the creation of other vlans. Yes there is a big difference between AirOS structure and IOSxe. .One does not want client ssid traffic on the management IP or segment. Imagine 100 ap's with 16 ssids each all with one client. Heaven forbid and your trying to manage the WLC.\\ at the same tiem. It will not be pretty.