WLC Configuration

A Cisco WLC has several types of interfaces that are used for various purposes. Perhaps the most difficult part of configuring a WLC is deciding how to lay out and connect the interfaces.

Regardless of the hardware model, a WLC has the following interface types. Refer to Figure 19-14, which depicts the interfaces as they are commonly used in a network.

■ Management—An interface with a static IP address used for in-band management traffic; you connect to this interface for web, Secure Shell (SSH), or Telnet sessions with the WLC.

■ AP Manager—An interface with a static IP address that all LAPs use to terminate their LWAPP tunnels; the WLC also listens on this interface for subnet broadcasts from LAPs trying to discover controllers.

■ Virtual—A logical interface used to relay DHCP requests from wireless clients.

A bogus (but unique) static IP address is assigned to this interface, so that clients will see the virtual address as their DHCP server. All WLCs within a mobility group must use the same virtual interface address.

■ Service port—An out-of-band Ethernet interface used on Cisco 4100 and 4400 series WLCs, only when the controller is booting or a network problem is preventing other types of access; the Catalyst 6500 Wireless Services Module (WiSM) has an internal service port that connects to the chassis supervisor.

■ Distribution system port—An interface that connects the WLC to a switch in the campus network; this interface is usually a trunk that carries the VLANs that will appear on LAPs for wireless clients.

■ Dynamic—An interface that is automatically created, as needed, for VLANs that are extended to LAPs through the LWAPP tunnels. A dynamic interface is sometimes called a user interface.

Dynamic interfaces have IP addresses that belong to the subnets used on the wireless client VLANs or SSIDs.

Normally, you can set aside a management VLAN and subnet for WLC and LWAPP use. You can assign an address to the management interface and to the AP management interface from the same management subnet. All management traffic (web-based, Telnet, SSH, or AAA) and LWAPP tunnel traffic will come to these addresses from external sources. Remember that LAPs will be positioned in various places in the network—even in different switch blocks, so you should consider the LAP traffic to be external.

The LAPs will receive IP addresses that are not necessarily on the AP manager subnet. In a small network, you might have LAPs and WLCs located on the same subnet so that they are Layer 2 adjacent. In larger networks, LAPs will be distributed across switch blocks. Their IP addresses will vary because they are not Layer 2 adjacent, and they will not be located in the AP management subnet.

Figure 19-14 shows a sample scenario, with each type of WLC interface, along with the respective VLANs and IP addresses. The WLC's distribution system port is actually a trunk link carrying both the WLC and AP management subnet (VLAN 10) and the wireless client subnet (VLAN 100). Notice that the APs are located on access layer switch ports elsewhere in the network, and that they use a unique subnet (VLAN 200) that is set aside for APs within a switch block.

Figure 19-14 Sample WLC Interface Layout

VLAN 10: (Default Gateway)

VLAN 100: (Default Gateway)

Distribution Switch

Management Interface VLAN 10:

AP Manager Interface VLAN 10:

Dynamic Interface VLAN 100: "main building'

AP 1

VLAN 200:

VLAN 100: SSID: "InternalStaff"

Distribution Switch

Distribution System Port Trunk: VLANs 10, 100

Service Port (Out-of-band)

Virtual Interface

Figure 19-14 Sample WLC Interface Layout

VLAN 10: (Default Gateway)

VLAN 100: (Default Gateway)

Distribution System Port Trunk: VLANs 10, 100

Service Port (Out-of-band)

Virtual Interface

Management Interface VLAN 10:

AP Manager Interface VLAN 10:

AP 1

VLAN 200:

VLAN 100: SSID: "InternalStaff"

SSID: "InternalStaff"

AP 2

VLAN 200:

SSID: "InternalStaff"

Initial WLC Configuration

The WLC must be configured with some initial information so that it can join the network. You can connect to the WLC's console port and use the Startup Wizard to enter parameters through the CLI. Once the WLC boots up and runs its code image, the CLI will begin interactively prompting for the following information:

1. The system name, consisting of a text string that identifies the WLC (up to 32 characters).

2. Administrative username and password (the default is admin and admin, respectively).

3. Service port IP address (DHCP or static address).

If a static address is selected, you are prompted for the IP address, subnet mask, default gateway, and the VLAN number for the management interface. If the management VLAN is untagged (the native VLAN on a trunk), enter VLAN number 0.

4. DHCP server address, from which wireless clients will receive their IP addresses.

5. IP address of the AP Manager interface.

6. IP address of the virtual interface (a bogus address, usually

7. Mobility group name (must be identical on all WLCs in a mobility group).

8. Default SSID which is used for LAPs when they join a controller; the WLC will push other SSIDs down to the LAPs after they join.

9. Require clients to obtain IP addresses from a DHCP server?

Enter yes to force clients to use a DHCP server; otherwise, enter no to allow clients to have statically configured addresses.

10. Configure a RADIUS server? (You can enter no and configure any RADIUS server from the web front-end.)

11. Country code. (Type help to see a list.)

12. Enable or disable 802.11a, 802.11b, and 802.11g on all APs managed by the WLC. (As you are prompted for each WLAN type, enter yes to enable it or no to disable it.)

13. Enable or disable radio resource management (RRM) auto-RF feature. (Enter yes to enable automatic RF parameter adjustments, or no to disable it.)

After this information has been entered, the WLC saves its configuration and reboots. From this point on, you can manage the WLC from its web interface.

Further WLC Configuration

The WLC uses dynamic interfaces to extend VLANs on the distribution system ports to the SSIDs on wireless LANs. You can use the following steps to configure the WLC for each WLAN:

Step 1 Create a dynamic interface for wireless clients. Step 2 Create a WLAN that is bound to the dynamic interface.

Using the sample interface locations and address assignments from Figure 19-14, you would first create a dynamic interface for the client VLAN 100. You can do this by selecting the Controller tab on the WLC task bar. Then click on the Interfaces category in the left column. Clicking on the New button takes you to the screen shown in Figure 19-15. Here, you can give the dynamic interface a descriptive name ("Main Building") and bind it to a specific VLAN ID (VLAN 100).

Figure 19-15 Creating a Dynamic Interface on the WLC

Figure 19-15 Creating a Dynamic Interface on the WLC

Next, you have to provide addressing information for the new dynamic interface. The WLC presents the screen shown in Figure 19-16. The WLC must also have the DHCP addresses for the wireless client subnet because it acts as a DHCP relay for clients that broadcast DHCP requests.

Figure iS-i6 Assigning Address Information to the Dynamic Interface

Ha "rtr View Favoritas Tnnls Halp gjjaack • J ■ a B Ij ; Favorit«

//1521 SE.lC.ID/screens/frarnasBLhtml m[B 9 i ® "



General Inventory Interfaces Network Routes Internal DHCP Server Mobility Management Mobility Groups Mobility Statistics Spanning Tree Ports

Master Controller Mode Network Time Protocol QoS Profiles

Interfaces > Edit

General Information

Interface Name

Main Building

Interface Address

ULAN Identifier

|ÏCD 1

IP Address



| J



Physical Information

The interface is attached t

:o a LAG.



DHCP Information

Primary DHCP Server


Secondary DHCP Server


Access Control List

ACL Name [ñoñeW]

Note; Changing the Interface temporarily disabled and thu some clients.

i parameters causes the WLANs to be s may result in loss of connectivity for

J Apply I

Finally, you define a WLAN that will actually serve wireless clients that are associated with LAPs that are joined to the WLC. Select the WLANs tab on the WLC task bar, and then click the New button. On the WLANs>New screen, as shown in Figure 19-17, enter the SSID string that will be used on the WLAN.

Figure iS-i7 Defining a New WLAN

m -Inl XI

File Edit View Favorites Toi

□Is Help

1 7/

O Back ~ J -7Q El 'íiJ i

Address https:<7192.168.10.10/1:

screens/Frameset html

Ö Go Links »

Google - 1

1 |G| Search - @

\ blocked ^f Check - AutoLink - AutoFill (*_] Optioi

ris à>



9 9

■rnllMnliM monitor wlans controller wireless security management commands help




Back 1 Apply 1



1 Internal Staffj


i i i r

1 Internet

Finally, the WLC will present the WLANs>Edit screen shown in Figure 19-18. In this step, you will bind the SSID with a dynamic interface. Choose the dynamic interface from the list next to the Interface Name field. In the example, the SSID InternalStaff is bound to the main building interface.

Figure 19-18 Binding a WLAN to a Dynamic Interface

Figure 19-18 Binding a WLAN to a Dynamic Interface

TIP The BCMSN course and exam do not discuss setting the clock or date and time parameters on WLCs or LAPs. However, when you configure these devices, you should remember to set the clocks and use a Network Time Protocol (NTP) server if at all possible. The WLCs and LAPs have embedded digital certificates that are used to authenticate the devices. Digital certificates are very dependent upon accurate date and time values—NTP offers the best accuracy and scalability across a network.

Was this article helpful?

0 0

Post a comment