CCIE or Null!

My journey to CCIE!

Cisco WLC Interfaces.

with 5 comments

If you have ever worked with a Cisco WLC or have looked through any configurations for a WLC, then you have no doubt seen the interfaces that make it work. You’ve probably also seen that diagram concerning how these interfaces relate to the physical interfaces on a Cisco WLC.

Now their are only five different types of interfaces (Management, AP-Manager, Virtual, Service-Port, and Dynamic Interfaces), I figured I would just take some time to quickly touch on them.

  1. Management Interface – As you can suspect this interface is for in-band management and handles any communication with AAA servers. This interface will also handle the layer 2 communication between the controller and any APs. Needless to say the configuration of this interface is mandatory and can not be skipped.
  2. AP-Manager – If you want to have APs on different subnets other then the subnet the WLC is on then this interface must be configured, it’s a requirement for Layer 3 LWAPP transport mode. So as you would suspect this interface handles all layer 3 traffic between the WLC and the APs. Since higher end WLCs can have multiple AP-Managers only 1 AP-Manager interface can be configured per physical port.
  3. Virtual Interface – Another mandatory interface that must be configured (once again like the management interface you don’t get the option to skip the configuration of this interface). This interface handles any mobility management, VPN Termination, Web authentication, and is also a DHCP relay for WLAN clients. You really want to give this interface a bogus type address (Like 1.1.1.1 or something) since it’s only accessed and used by the WLC, the APs and WLAN clients will not interact with this interface. (Other then it’s purpose as the DHCP relay, but it’s all in done within the controller unknown to the AP’s or clients)
  4. Service-Port – This is also a physical port for out of band management, so it’s configuration is optional. The port doesn’t even support 802.1Q, so you can’t use it for anything other then accessing the controller. (Note: This is only physical port that is active while the controller is booting)
  5. Dynamic Interface – Now these are the interfaces you can create and use to link specific SSID’s to specific VLAN’s on the wire. So this is where and how you can separate your wireless client traffic, this interface will also double as the DHCP relay for it’s subnet/VLAN (Note: A WLC can have up to 512 dynamic interfaces)

Written by Stephen J. Occhiogrosso

March 28, 2011 at 11:51 AM

5 Responses

Subscribe to comments with RSS.

  1. In the web authentication process the virtual interface ip is used; it looks as if the client is redirected to that IP.

    If operating in a layer-3 environment which of the remaining interfaces should you route the redirect traffic towards?

    stuart manderson

    April 13, 2011 at 5:40 PM

  2. You are correct the client is redirected to the virtual IP, however the traffic should not need to be routed. The virtual IP should only remain local to the controller and should not appear on any routing tables anywhere.

    This might be helpful: http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a38c11.shtml

    Depending on the model WLC you are working with a pre-authentication ACL might need to be configured.

    steveocch

    April 14, 2011 at 2:14 AM

  3. […] Cisco WLC Interfaces with 656 views […]

  4. […] Cisco WLC Interfaces with 2,137 views. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: