Post on 30-Oct-2019
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-1
Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation
Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-2
Lesson Overview & Objectives
Overview - This lesson provides an overview of the Cisco Unified Wireless Network controller ports and interfaces used for connectivity into the wired network and communications with CUWN access points.
Objectives - Upon completing this lesson, you will be able to identify the types of ports and interfaces to configure for WLAN network connectivity. This ability includes being able to meet these objectives:
– Define Ports, Interfaces, and WLANs
– Describe the Distribution System Port and its configuration
– Describe Link Aggregation, its features and its benefits
– Describe five controller interface types and the role of each
– Explain the purpose of AP management interface
– Explain the purpose of AP-Manager interface
– Explain the purpose of the service port interface
– Explain the purpose of dynamic interfaces
– List the requirements for interface for mobility groups
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-3
DistributionSystem
PortsControlPorts
WLANs
Interfaces
Terminology
Port 1
managementinterfacevlan0
AP-managerinterfacevlan0
dynamicinterfacevlan1
Port 8
WLAN1―SSID1‖
Service Port Console Port
virtualinterface
dynamicinterfacevlan2
dynamicinterfacevlanx…
WLAN2―SSID2‖
WLAN3―SSID3‖
WLAN4―SSID4‖
WLANx―SSIDx‖…
…
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-4
Ports
Control ports are used to configure and control the WLC
– Console port
– Service port
Distribution ports are used for the following features:
– Control and data transfer to and from associated Cisco wireless APs
– Distribution system between the WLANs and the enterprise VLAN network
WLAN
Ports
Interface Interface…
WLAN…
VLAN
SSID
CAPWAP header contains client WLAN information, which is then translated into VLAN tags on a distribution port.
WLAN
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-5
Distribution System Port
A distribution system (DS) port is the physical port through which the Cisco Wireless LAN Controller communicates to networks and appliance mode APs.
– The Management Interface will be associated with a VLAN on a DS port at a minimum.
– AP-Manager interfaces (if used) will each be associated with a VLAN on a DS port
– Dynamic interfaces will each be associated with a VLAN on a DS port
The Cisco 2100/4400/5500 Series WLCs can have as many DS ports as physical ports.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-6
Distribution System Port Topologies
Multiple DS ports are supported and only require tagging if a DS port is connected to multiple VLANs (a trunk port on the switch).
Untagged Traffic
GreenWLAN
Blue VLAN
Green VLAN
Tagged Traffic
BlueWLAN
RedWLAN
Red VLAN
GE DS Port 1
GE DS Port 2
802.1Q
Trunk
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-7
Configuring Ports on the Controller
Click on the Port Number to configure the port.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-8
Link Aggregation
Link Aggregation (LAG) allows up to eight DS ports on a Cisco 5508; four ports on a Cisco 4404; or two ports on a Cisco 4402 to be bundled into a single logical link.
Any single physical link can go down, and traffic will pass through the remaining active ports/links. Only one functional physical port is needed for the Controller to pass client traffic.
A single, static, Link Aggregation bundle is supported.
Single logical link - consisting of multiple physical links – between the controller and the LAN switch
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-9
Benefits of Link Aggregation
For as long as at least one physical link remains active, all APs remain connected to the switch, and data service for users continues uninterrupted.
Eliminates the need to configure primary and backup ports for each interface.
It removes the requirement to support multiple AP-Manager interfaces, also reducing the number of IP addresses used.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-10
Link Aggregation—Description
Link Aggregation is off by default on the 5508 and 4400 Controllers.
Link Aggregation is on by default on the Cisco WiSM and 3750G Integrated WLC.
4404
Link AggregationBundle
5508
Link AggregationBundle
4402
Link AggregationBundle
4404 subsystem
Link Aggregation
Bundles
WiSM
4404 subsystem
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-11
Notes on Link Aggregation
Any change to the LAG configuration will require the system to be rebooted.
When LAG is enabled or disabled, existing interfaces are modified, and administrators will need to make changes for the system to function.
The mechanism used to load-balance traffic across the links is determined by the Ethernet switch that the Controller connects to.
– The controller simply sends a packet out on the same port that it received the packet on.
Port Aggregation mode on the LAN switch should be set to ―on.‖
– No PAgP or LACP negotiation occurs.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-12
Link Aggregation Switch Configuration
Configure a range of interfaces to be in a channel-group
Ensure that physical interfaces in the channel-group have the mode set to be ―on‖ (no PAgP or LACP negotiation)
Trunking configuration must be identical on the physical interfaces and the port-channel interface representing the channel-group
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-13
Link Aggregation—GUI Configuration
In Controller>General, set the LAG Mode to either Enabled or Disabled
The controller will need to be rebooted for the change to take effect
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-14
Link Aggregation Enabled
Once the configuration is saved and controller rebooted, LAG will show as enabled.
Interfaces will no longer have primary and secondary port options.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-15
Controller Interfaces
Five different interface types:
AP Manager (Not required in Cisco 5508 Controller)
Management
Dynamic
Service Port
Virtual
Management InterfaceIn-band Management traffic
Dynamic Interface(s)Bridge for Client Traffic to/from Wired Network
802.1Q
Service Port InterfaceOut of Band Management traffic
AP-Manager Interface(s)AP Control and AssociationVirtual
Interface
802.1Q
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-16
Interface Roles
Management interface: Used for in-band management, connectivity to AAA, and other enterprise services, and for Layer 2 (and Layer 3 on the 5508) AP auto-discovery and association.
AP-manager interfaces: Source IP address used for AP to controller communication and Layer 3 AP auto-discovery and association.
– Note: AP-manager interfaces are not required on the 5508 WLAN controller.
Service port interface: Provides out-of-band management of the controller (GUI access to Controller Web)
Virtual interface: Used for DHCP Relay, Layer 3 security authentication, and mobility management
Dynamic interface: Supplies mapping of WLANs to VLANs on the wired network
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-17
List of Interfaces on the Controller
Choose Controller > Interfaces to view the list of interfaces.
Choose an interface name to edit.
– Only dynamic interfaces can be removed.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-18
Management Interface
Default interface for in-band management (HTTP/HTTPS/SNMP) of the Cisco WLC and connectivity for enterprise services such as mobility and AAA.
– The management interface must be in a different VLAN/subnetwork from the service port interface.
The 5508 WLC also uses the management interface for CAPWAP control and data transmission between the Cisco WLC and APs.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-19
Management Interface Configuration
1. Set the 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.
2. Identify the physical DS port number to which the management interface will connect.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-20
AP-Manager Interfaces
Non-5508 wireless controllers have an AP-Manager interface:
Listens for messages through Layer 3 network to auto-discover, associate, and communicate with Cisco AP.
Can be in the same VLAN (and on the same DS port) as the management interface (but with a different IP address).
One AP-Manager interface can manage up to 48 APs.
Unless using LAG, create additional AP-Manager interfaces for every port to which APs will connect.
On the 5508 controller, the Management Interface acts as an AP-Manager Interface.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-21
AP-Manager Interface Configuration
1.The physical DS port number.
2.Enables AP control and communications on this interface, effectively making this an AP-Manager Interface.
3.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-22
Service Port Interface
The service port interface—associated only with the service port on the Cisco WLC front panel—is dedicated to out-of-band management in the event of network failure.
– Must be in a different VLAN/subnetwork from the management port interface
Do not assign a gateway to the service port interface.
– Instead, set up static routes to connect to the service port from remote networks.
The service port is not auto-sensing.
– Use a straight-through Ethernet cable to connect to controllers and LAN switches.
– Use a crossover Ethernet cable to connect to routers and PCs.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-23
Virtual Interface
The virtual interface is used to support:
Mobility management.
– Mobile Client uses same virtual IP address across multiple controllers.
DHCP relay.
– Client uses virtual IP address as DHCP server address.
Layer 3 security.
– Web authentication.
Must be an unassigned and unused (non-routable) IP address.
All virtual interfaces must be assigned the same IP address to all Cisco WLCs in a mobility group to allow seamless roaming.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-24
Service Port Interface and Virtual Interface Configuration
The service port interface and virtual interface require only IP address configuration.
On a new controller, the service port interface is preconfigured to 192.168.1.1.
Service Port Interface Virtual Interface
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-25
Dynamic Interfaces
Created by the administrator as needed:
– To be an additional AP-Manager interface, or
– To dynamically link one or more WLANs to one VLAN on a DS port
Each dynamic interface must be mapped to one (and only one) VLAN on a distribution port.
Multiple WLANs can be mapped to a single dynamic interface.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-26
Mapping WLANs to VLANs
When mapping a dynamic interface to a single-VLAN distribution port, or to the native VLAN on a trunked distribution port, use VLAN ID 0.
When mapping a dynamic port to one of the 802.1Q tagged VLANs on a trunked distribution port, use the 802.1Q VLAN ID (value 1-4095).
– Multiple dynamic interfaces (each mapped to a different VLAN) can be mapped to a single distribution port.
Building 1
Back Office
Dynam1 0 1Building 2
802.1Q
Dynam3 3 2Back Office
Campus
WLANs Interfaces Ports VLANs
Front Office
Dynam2 2 2Front Office
VLAN 2
VLAN 3
Non-trunk
Name VLAN Port
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-27
Dynamic Interface Configuration
1.Indicates that this interface connects to a guest LAN (guest access) or a Quarantine VLAN (NAC) or to both.
2.The physical DS port number.
3.Enables AP control and communications on this interface—effectively sets this interface to be an AP-management interface.
4.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-28
Interface Requirements for Mobility Groups
Mobility Groups allow client roaming between APs that are controlled by different Cisco WLCs.
Interface Requirements for Mobility Groups:
IP connectivity must exist between the management interfaces of all controllers.
All controllers must be configured with the same virtual interface IP address.
– If all the controllers within a mobility group are not using the same virtual interface, inter-controller roaming may appear to work, but the hand-off does not complete, and the client loses connectivity for a period of time.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-29
Summary
Many different components must be configured on the Cisco Wireless
LAN Controller.
Control ports are used exclusively to control and configure the
controller.
Link aggregation creates a high-speed connection between the Cisco
Wireless LAN Controller and the network infrastructure.
Five different controller interface types are used.
The management interface is the main interface for the controller to
the network.
The AP-manager interfaces are used for controlling APs in Layer 3
mode.
The service port interface ties to the physical Service Port on the
controller.
Dynamic interfaces are user-defined interfaces that connect to a
VLAN on a distribution port.
Two interface requirements must be met for a mobility group to
function.
© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-30