Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1743
Views
0
Helpful
5
Replies

WLC configuration topology

fb_webuser
Level 6
Level 6

‎09-04-2012 12:38 AM - edited ‎07-03-2021 10:36 PM

I have CISCO 2911 with SRE module for Wireless Lan controller software. also between my local network and CISCO router is a firewall, CISCO router is an edge router so router and my Lan are in different subnets. i want Wlan and Lan to be in a same subnet is it possible? In other words, can WLC and Access points be in different subnets? the case is that wireless devices should be behind the firewall.

---

Posted by WebUser Nika Pitskhelauri from Cisco Support Community App

Labels:
0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎09-04-2012 04:22 AM

Yes you can have the wlc and APs on a different subnet. You need to make sure you have udp 5245 & 5247 (capwap) or udp 12222 & 12223 (lwapp) allowed between the wlc and the APs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni

‎09-07-2012 10:47 PM

You can use wireless LAN to be on same VLAN as wired one. You can also use the APs on different VLAN.

If there is a firewall between the APs and the WLAN then jsut like Scott mentioned you need to make sure specific ports are allowd.

Here is a wireless ports doc that shows you what ports need to be opened to/from the APs:

http://tiny.cc/89xakw

HTH

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"
0 Helpful

zhenningx
Level 4
Level 4
In response to Amjad Abdullah

‎09-08-2012 11:49 AM

Yes the WLC and ap can be in different subnet. But how can the WLAN and LAN in the same subnet in this case? As the WLC is integrated with the router, the wlan's L3 will be terminated on the router. The LAN and router are in different subnets and there is a firewall in the middle. I can't think of how we can make them in the same subnet.

Sent from Cisco Technical Support iPad App

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to zhenningx

‎09-08-2012 12:23 PM

You have to use bridge groups to accomplish this.  You configure a bridge-group under the sub-interface, then the same under the interface that connects to the lan.

as an example

bridge-group 10 protocol ieee

bridge-group 10 route IP.

interface gig0/0.10

ip address 10.10.10.1 255.255.255.0

bridge-group 10

interface SRE1/0.10

bridge-group 10

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

zhenningx
Level 4
Level 4
In response to Stephen Rodriguez

‎09-09-2012 06:22 PM

As i understand, the router does not have a interface connects to LAN. There is a firewall between the router and the LAN. Will this solution still work across the firewall? How can you make the L2 cross the firewall? I assume the firewall is not running in L2 mode.

Sent from Cisco Technical Support iPad App

0 Helpful
Review Cisco Networking for a $25 gift card
Top