10-19-2022 01:57 AM
Hi,
I have two questions ,
1)usually where should I place the wlc , behind firewall or core
2)I have routed access layer , So the connectivity to wlc will be layer 2 or layer 3
Thanks
10-19-2022 02:48 AM
- There's no unique answer and 'behind core' is somewhat undefined, it depends where the wireless clients are , usually on the Intranet which close proximity to core , to start with.
M.
10-19-2022 06:31 AM - edited 10-19-2022 06:32 AM
Hi,
Sorry it was not behind , I mean wlc connected to the core .
Now the second question is,
Currently i am following the traditional layer2 architecture between distribution and access
I have the SSID EMPLOYEES -10.0.2.0/24
So I have a vlan 10 for employees in all edge switches and on distrubtion side gateway configured
And in the wlc added vlan 10 and one inteface with the ip 10.0.2.10/24
If I am moving from l2 to l3 , how the configuration would be
Thanks
Add vlan
10-19-2022 12:47 PM
As Marce explained answer is "it depends". I would start my day with reading the CVD's
If that gives me a high-level idea, then I will start reading the WLC configuration guides and design guides. For me there are multiple reasons which can impact the WLC placement in the network.
1. If I have AP's reaching out from the public networks (OEAP)
2. If I have APs distributed across multiple WAN sites connected over MPLS/SD-WAN/VPN etc.
3. If the role of the WLC is Anchor controller
then I would definitely consider placing them in a DMZ which has upstream firewall/IPS/IDS/DDOS protection.
Sometimes AP mode such as Local/Flex also impacts the WLC placement. If my APs are inside LAN segment, then I will definitely place it where it can be centrally accessible (Core Switch possibly) and make sure that is redundantly connected.
Now since you have routed access network, using Flex connect might become a challenge as you might have to work with multiple flex profiles and additional configuration to support the routed access network. I would suggest you go with local mode for AP's as in this case traffic is tunneled to the WLC along with Management traffic. So, from the configuration side you can reduce the complexity.
10-20-2022 05:18 AM
Hi,
This is your post in the below thread
If the AP’s are in local mode AP will build a capwap tunnel to the controller, so any wireless clients connected will egressing directly from the controller as the client data traffic will be encapsulated with capwap between AP and WLC. In the routed access world this is the preferred method for me as this will reduce complexity. Remember you need L3 reachability between AP management VLAN and WLC AP Manager interface.
If i have ssid test 10.0.2.0/24 (vlan 2 )
Are you saying to create vlan 2 on the access switch and on core 2 ,
and a vlan interface on the controller 10.0.2.10/24
then there will be stp election ?
Please clarify
Then you will create dynamic interface per VLAN in your controller (tag VLAN per said as reqd.) and then corresponding VLAN’s in the upstream switches as well.
Thanks
10-20-2022 05:39 AM
Hi Bluesea,
WLC will not participate in STP. In case you are going with local mode AP's as you said you will create the SVI for VLAN2 in Core Switch and then allow it on the trunk connecting to the WLC.
"Then you will create dynamic interface per VLAN in your controller (tag VLAN per said as reqd.) and then corresponding VLAN’s in the upstream switches as well."
Above statement is valid only if Flex AP's then you need to worry about VLAN to SSID mapping and Flex profiles etc. this method is not recommended for routed access networks.
10-20-2022 05:55 AM
In that case do I need to create the same vlan on the access layer also , or access layer do we need only ap management vlan
Thanks
10-20-2022 06:20 AM
10-25-2022 10:49 PM
10-26-2022 12:46 AM
Then you need to have APs in Flex mode, and you need to create the required Flex profiles. It will be like 1 Flex profile per access switch/stack.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide