Showing results for 
Search instead for 
Did you mean: 
Frequent Contributor

WLC configuration topology

I have CISCO 2911 with SRE module for Wireless Lan controller software. also between my local network and CISCO router is a firewall, CISCO router is an edge router so router and my Lan are in different subnets. i want Wlan and Lan to be in a same subnet is it possible? In other words, can WLC and Access points be in different subnets? the case is that wireless devices should be behind the firewall.


Posted by WebUser Nika Pitskhelauri from Cisco Support Community App

Scott Fella
Hall of Fame Guru

Yes you can have the wlc and APs on a different subnet. You need to make sure you have udp 5245 & 5247 (capwap) or udp 12222 & 12223 (lwapp) allowed between the wlc and the APs.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
Amjad Abdullah

You can use wireless LAN to be on same VLAN as wired one. You can also use the APs on different VLAN.

If there is a firewall between the APs and the WLAN then jsut like Scott mentioned you need to make sure specific ports are allowd.

Here is a wireless ports doc that shows you what ports need to be opened to/from the APs:



You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"

Yes the WLC and ap can be in different subnet. But how can the WLAN and LAN in the same subnet in this case? As the WLC is integrated with the router, the wlan's L3 will be terminated on the router. The LAN and router are in different subnets and there is a firewall in the middle. I can't think of how we can make them in the same subnet.

Sent from Cisco Technical Support iPad App

You have to use bridge groups to accomplish this.  You configure a bridge-group under the sub-interface, then the same under the interface that connects to the lan.

as an example

bridge-group 10 protocol ieee

bridge-group 10 route IP.

interface gig0/0.10

ip address

bridge-group 10

interface SRE1/0.10

bridge-group 10


Please remember to rate useful posts, and mark questions as answered


Please remember to rate useful posts, and mark questions as answered

As i understand, the router does not have a interface connects to LAN. There is a firewall between the router and the LAN. Will this solution still work across the firewall? How can you make the L2 cross the firewall? I assume the firewall is not running in L2 mode.

Sent from Cisco Technical Support iPad App

Recognize Your Peers
Content for Community-Ad