WLC Physical COnnection and security

janet.maxwell · ‎06-21-2007

Currently our wireless environment inclued 1200ap and a wds. we have maxed our and want to upgrade to a more conrolled environment. I am suggesting and putting togather a diag. for 4404 wlc and the ap will work with the version 12.3.7 version. My question is about the physical design. Will all 4 ethernet port on the WLC connect to the switch? all on the same vlan as the AP's? also we are using eap-tls Want to migrate to eap-Fast does this require a foot print on the client laptop?

ericgarnel · ‎06-22-2007

The ports on the 4404 will trunk with the switch. You can put them in LAG mode which is the equivilent of ehterchannel. You will have to put the switch ports in trunk mode either way.

You don't have to connect all 4 ports, but it is recommended for failover & maximum possible AP support. You will need assign the management interface on the 4404 (ap-management interface if operating Layer-3 mode) to a vlan/subnet that

the APs will reside in. All other dynamic interfaces that you create on the controller to bind with wlans will reside in other vlans that get pushed thru the trunk links between the 4404 & the switch(s). be sure to prune out any vlans that you don't need or want to cross the trunk to the 4404. for lwapp APs assign the switch-ports that the APs connect to the same vlan as the management ports on 4404. Not sure about your 1200s. It will work if you trunk the interfaces to the APs as well, but that is more of a shotgun approach for lwapps APs. the last time I had to work with an autonomous AP, it was a stand alone unit and not combined with a WLC. That scenario required a trunk link.

have you confirmed that you can convert your 1200s to lwapp mode?

Correct me if I am wrong, but I believe you will need to place a cert on the client laptops for eap-tls. I did this a while back using XP & freeradius and got it to work, but it has been a while.