WLAN Controllers

KEY POINT

Despite being called a wireless LAN controller, a WLC is connected to the wired LAN and to the lightweight APs by wires. The WLC does not have any wireless connections.

WLC Terminology

The following are three important WLC terms:

■ Ports: A WLC port is a physical connection on the WLC that connects to its neighboring switch in the wired campus infrastructure. Each WLC port is by default an 802.1Q VLAN trunk port; the WLC forwards information received from the WLANs, via the APs, over a trunk port to the campus network. There may be multiple physical ports on a WLC.

Some Cisco WLCs support link aggregation (LAG), which is based on the IEEE 802.3ad port aggregation standard and allows aggregation of all the ports on a WLC into a single portchannel, called an EtherChannel. The WLC uses LAG to dynamically manage traffic load balancing and port redundancy.

Some WLCs also have a 10/100 copper service port, which is reserved for out-of-band management of the WLC, for system recovery and maintenance. Use of the service port is optional.

■ Interfaces: A WLC interface is a logical connection on the WLC that maps to a VLAN on the wired network. There are several kinds of WLC interfaces, as detailed in the next section.

An interface has multiple parameters associated with it, including IP address, default gateway (for the IP subnet), primary physical port, secondary physical port, VLAN tag, and DHCP server.

When LAG is not used, each interface is mapped to at least one primary physical port and an optional secondary port. Multiple interfaces can be mapped to a single WLC port. When LAG is used, the system dynamically maps the interfaces to the aggregated port-channel. A WLC can have static and dynamic interfaces, as detailed in the next section.

■ WLANs: A WLAN is a logical entity that maps an SSID to an interface on the WLC. A WLAN is configured with security, QoS, radio policies, and other wireless network parameters. Up to 16 WLANs can be configured per WLC.

WLC Interfaces

The following interfaces might be present on a WLC:

■ Management interface: A mandatory static interface, configured at setup time. The management interface is the default interface for in-band management of the WLC and for connectivity to enterprise services such as AAA servers. If the service port is in use, the management interface must be on a different subnet than the service port. The management interface is also used for Layer 2 communications between the WLC and the APs. The management interface is the only in-band interface IP address on the WLC that can be consistently pinged from the APs.

■ AP-manager interface: A static interface, configured at setup time, an AP-manager interface is mandatory when using Layer 3 LWAPP transport mode. A WLC uses one or more AP-manager interfaces for all Layer 3 communications between the WLC and the lightweight APs after the APs discover the controller. The AP-manager IP address is used as the tunnel source for LWAPP packets from the WLC to the AP, and as the tunnel destination for LWAPP packets from the AP to the WLC. Each AP-manager interface must have a unique IP address, which is usually (but not necessarily) on the same subnet as the management interface.

■ Virtual interface: A mandatory static interface, configured at setup time. The virtual interface supports mobility management, DHCP relay, and embedded Layer 3 security such as guest web authentication and virtual private network (VPN) termination. The virtual interface must be configured with an unassigned and unused gateway IP address; a typical virtual interface address is 1.1.1.1. The virtual interface address cannot be pinged and should not exist in any routing table in the network. If multiple WLCs are configured in a mobility group (which is described in the "Mobility Groups" section later in this chapter), the virtual interface IP address must be the same on all WLCs to allow seamless roaming.

■ Service-port interface: An optional static interface, configured at setup time. The serviceport interface is statically mapped by the system to the physical service port. The service-port interface must have an IP address on a different subnet from the management, AP-manager, and any dynamic interfaces. The service-port interface can obtain an IP address via DHCP, or it can be assigned a static IP address, but a default gateway cannot be assigned to the serviceport interface. Static routes can be defined in the WLC for remote network access to the service-port. The service-port interface is typically reserved for out-of-band management in the event of a network failure. It is also the only port active when the controller is in boot mode. The physical service port is a copper 10/100 Ethernet port and is not capable of carrying 802.1Q tags, so it must be connected to an access port on the neighboring switch.

■ Dynamic interfaces: Dynamic interfaces are created by the network administrator and are for carrying the WLAN client data traffic into different VLANs; thus, they are analogous to VLANs for WLAN client devices. The WLC supports up to 512 dynamic interface instances. Each dynamic interface must be assigned to a unique IP subnet and VLAN and acts as a DHCP relay for wireless clients associated to WLANs mapped to the interface.

Table 9-4 summarizes the WLC interfaces. Table 9-4 WLC Interfaces

Interface

Static or Dynamic

Number of Interfaces

Use

802.1Q VLAN support

Management

Static

1 per WLC

In-band management

Native VLAN

AP-manager

Static

1 or more (1 per port)

Layer 3 LWAPP

Native VLAN

Virtual

Static

• Layer 3 security

No

Service-port

Static

1 (optional)

Out-of-band management

No

Dynamic

Dynamic

0 or more (1 per VLAN)

WLAN client data

Yes, VLANs

Figure 9-15 illustrates the relationships among WLANs, interfaces, and ports on a WLC. Interfaces must be assigned to a port for connectivity to the enterprise network. Multiple WLANs can be assigned to an interface. Multiple interfaces can be assigned to the same port, but an interface can be assigned to only one port. The service-port interface is associated only with the physical service port. The virtual interface is not associated with any port. The AP-manager interface and the management interface can be in the same subnet.

WLC Platforms

A variety of Cisco WLC platforms are available—as standalone appliances or integrated on a module within another device—to support a range of APs. The WLC appliances connect to the wired network over an 802.1Q trunk; the integrated controllers support Layer 2 connections internally and can use Layer 2 or Layer 3 connections to the wired network.

Figure 9-15 WLC WLANs, Interfaces, and Ports

WLAN 1 SSID<name>

WLAN 2 SSID<name>

WLAN 1e SSID<name>

Cisco WLAN Controller

Dynamic Interface 1 <name>

Dynamic Interface 2 <name>

Dynamic Interface n <name>

Virtual Interface

VLAN a

VLAN b

VLAN n

Virtual Interface

AP Manager Interface

VLAN x

Management Interface

VLAN x

Service-port

Service Port

VLAN a

VLAN b

VLAN n

VLAN x

VLAN q

The Cisco 2000 Series WLC manages up to six lightweight APs. The Cisco WLC module (WLCM) for Cisco 2800 and 3800 series Integrated Services Routers (ISR) also manages up to six Cisco lightweight APs.

The Cisco Catalyst 3750G Integrated WLC integrates WLC functions into the Cisco Catalyst 3750G Series switches. The following two models are supported:

■ The Cisco Catalyst WS-C3750G-24WS-S25, with 24 10/100/1000 PoE ports, two small form-factor pluggable (SFP) transceiver-based Gigabit Ethernet ports, and an integrated Cisco WLC supporting up to 25 Cisco lightweight APs

■ The Cisco Catalyst WS-C3750G-24WS-S50, with 24 10/100/1000 PoE ports, two SFP transceiver-based Gigabit Ethernet ports, and an integrated Cisco WLC supporting up to 50 Cisco lightweight APs

The Cisco 4400 Series WLCs are designed for medium-to-large enterprise facilities. The Cisco 4400 Series is available in the following two models:

■ The Cisco 4402 WLC with two Gigabit Ethernet ports comes in configurations that support 12, 25, and 50 lightweight APs

■ The Cisco 4404 WLC with four Gigabit Ethernet ports supports 100 lightweight APs

The Cisco Catalyst 6500 Series Wireless Services Module (WiSM) supports up to 300 lightweight APs. These WLCs and the number of APs supported on them are detailed in Table 9-5.

NOTE The number of APs supported might change as products are updated, products are replaced, and other products become available. Refer to http://www.cisco.com/ for the latest product information.

Table 9-5 Cisco WLCs and the Number of APs Supported on Them

Name/Part Number

Number of APs Supported

Cisco WLC Appliance: AIR-WLC2006-K9

6

Cisco WLCM for ISRs: NM-AIR-WLC6-K9

6

Cisco Catalyst 3750G Integrated WLC: WS-C3750G-24WS-S25

25

Cisco Catalyst 3750G Integrated WLC: WS-C3750G-24WS-S50

50

Cisco WLC Appliance: AIR-WLC4402-12-K9

12

Cisco WLC Appliance: AIR-WLC4402-25-K9

25

Cisco WLC Appliance: AIR-WLC4402-50-K9

50

Cisco WLC Appliance: AIR-WLC4404-100-K9

100

Cisco Catalyst 6500 Series WiSM

Up to 300

Access Point Support Scalability

KEY POINT

Cisco 440x-based WLC platforms normally support no more than 48 APs per port. This limitation applies to the 440x WLC appliances (4402, 4404), the Cisco Catalyst 3750G Integrated WLCs, and the Cisco Catalyst 6500 Series WiSM.

There are two ways to scale beyond 48 APs on these WLCs:

■ Use multiple AP-manager interfaces: With this option, supported only on 440x appliance WLCs, the LWAPP algorithm load-balances APs across the AP-manager interfaces.

■ Use LAG: This option is supported on the 440x appliance controllers. It is the default and only option on the Cisco Catalyst 3750G Integrated WLCs and the Cisco Catalyst 6500 Series WiSM. With LAG enabled, one AP-manager interface load-balances traffic across one EtherChannel interface.

The 440x appliance controllers can use LAG or multiple AP-manager interfaces. With LAG enabled, the logical port on a Cisco 4402 controller supports up to 50 APs, and the logical port on a Cisco 4404 controller supports up to 100 APs. The following sections detail these two options.

Multiple AP-Manager Interfaces

As shown in Figure 9-16, two or more AP-manager interfaces can be created on a 440x appliance controller. Each AP-manager interface is mapped to a different physical port. All AP-manager IP addresses are included in the LWAPP Discovery Response message from a WLC to an AP, along with information about how many APs are currently using each AP-manager IP address. The AP selects an AP-manager IP address to use for the LWAPP Join Request, preferring the least-loaded AP-manager interface. Therefore, the AP load is dynamically distributed across the multiple AP-manager interfaces.

Figure 9-16 Using Multiple AP-Manager Interfaces to Increase the Number of APs Supported

4402-50 WLAN ControIIer

Management

AP Manager

AP Manager 2

Interface

Interface

Interface

Primary Port i

Primary Port i

Primary Port 2

Backup Port 2

Backup Port 2

Iii Iii

/ i

Port 1

/ ; i / / i

Multiple AP-manager interfaces can exist on the same VLAN and IP subnet, or they can be configured on different VLANs and IP subnets. Cisco recommends that you configure all AP-manager interfaces on the same VLAN and IP subnet. One advantage of using the multiple AP-manager interface solution is that the WLC platform can be connected to more than one neighbor device.

Using multiple AP-manager interfaces affects port and WLC redundancy engineering. For example, the 4402-50 WLC supports a maximum of 50 APs and has two ports. To support the maximum number of APs, you have to create two AP-manager interfaces. A problem arises, though, if you want to support port redundancy. For example, consider if the first static AP-manager is assigned port 1 as its primary port and port 2 as its secondary port, and the second AP-manager interface is assigned port 2 as its primary port and port 1 as its secondary port. If either port fails, the WLC would try to support 50 APs on a port that supports only 48 APs. In this situation, two APs will be unable to communicate with the WLC and will be forced to look for an alternative WLC.

LAG with a Single AP-Manager Interface

As illustrated in Figure 9-17, when LAG is enabled, the WLC dynamically manages port redundancy and transparently load-balances APs across an EtherChannel interface. The 48-APs-per-port limitation does not apply when LAG is enabled.

Figure 9-17 Using LAG to Increase the Number of APs Supported

- 4402-50 WLAN Controller -

Management

AP Manager

Interface

Interface

iiitii i i i i i i ill ill ill ill ill ill

Using LAG simplifies controller configuration, because primary and secondary ports for each interface do not need to be configured. If any controller port fails, traffic is automatically migrated to one of the other ports. As long as at least one controller port is functioning, the system continues to operate, APs remain connected to the network, and wireless clients can continue to send and receive data.

One limitation with LAG is that the WLC platform supports only one LAG group per controller. There is only one logical port; all the physical ports, excluding the service port, are included in the EtherChannel bundle. Therefore, packets may be forwarded out of the same port on which they were received, and a WLC in LAG mode cannot be connected to more than one neighbor device.

KEY POINT

When possible, Cisco recommends using LAG to support AP scaling, rather than using multiple AP-manager interfaces.

Was this article helpful?

+1 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Responses

  • leonard
    Why service port interface is used in cisco controller?
    1 year ago

Post a comment