cisco unified wireless network administration: aggregationai3.itb.ac.id/~basuki/private/cisco wlan...

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

© 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0—3-1

Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation

Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation


Lesson Overview & Objectives

Overview - This lesson provides an overview of the Cisco Unified Wireless Network controller ports and interfaces used for connectivity into the wired network and communications with CUWN access points.

Objectives - Upon completing this lesson, you will be able to identify the types of ports and interfaces to configure for WLAN network connectivity. This ability includes being able to meet these objectives:

– Define Ports, Interfaces, and WLANs

– Describe the Distribution System Port and its configuration

– Describe Link Aggregation, its features and its benefits

– Describe five controller interface types and the role of each

– Explain the purpose of AP management interface

– Explain the purpose of AP-Manager interface

– Explain the purpose of the service port interface

– Explain the purpose of dynamic interfaces

– List the requirements for interface for mobility groups



DistributionSystem

PortsControlPorts

WLANs

Interfaces

Terminology

Port 1

managementinterfacevlan0

AP-managerinterfacevlan0

dynamicinterfacevlan1

Port 8

WLAN1―SSID1‖

Service Port Console Port

virtualinterface

dynamicinterfacevlan2

dynamicinterfacevlanx…

WLAN2―SSID2‖

WLAN3―SSID3‖

WLAN4―SSID4‖

WLANx―SSIDx‖…

…


Ports

Control ports are used to configure and control the WLC

– Console port

– Service port

Distribution ports are used for the following features:

– Control and data transfer to and from associated Cisco wireless APs

– Distribution system between the WLANs and the enterprise VLAN network

WLAN

Ports

Interface Interface…

WLAN…

VLAN

SSID

CAPWAP header contains client WLAN information, which is then translated into VLAN tags on a distribution port.

WLAN



Distribution System Port

A distribution system (DS) port is the physical port through which the Cisco Wireless LAN Controller communicates to networks and appliance mode APs.

– The Management Interface will be associated with a VLAN on a DS port at a minimum.

– AP-Manager interfaces (if used) will each be associated with a VLAN on a DS port

– Dynamic interfaces will each be associated with a VLAN on a DS port

The Cisco 2100/4400/5500 Series WLCs can have as many DS ports as physical ports.


Distribution System Port Topologies

Multiple DS ports are supported and only require tagging if a DS port is connected to multiple VLANs (a trunk port on the switch).

Untagged Traffic

GreenWLAN

Blue VLAN

Green VLAN

Tagged Traffic

BlueWLAN

RedWLAN

Red VLAN

GE DS Port 1

GE DS Port 2

802.1Q

Trunk



Configuring Ports on the Controller

Click on the Port Number to configure the port.


Link Aggregation

Link Aggregation (LAG) allows up to eight DS ports on a Cisco 5508; four ports on a Cisco 4404; or two ports on a Cisco 4402 to be bundled into a single logical link.

Any single physical link can go down, and traffic will pass through the remaining active ports/links. Only one functional physical port is needed for the Controller to pass client traffic.

A single, static, Link Aggregation bundle is supported.

Single logical link - consisting of multiple physical links – between the controller and the LAN switch



Benefits of Link Aggregation

For as long as at least one physical link remains active, all APs remain connected to the switch, and data service for users continues uninterrupted.

Eliminates the need to configure primary and backup ports for each interface.

It removes the requirement to support multiple AP-Manager interfaces, also reducing the number of IP addresses used.


Link Aggregation—Description

Link Aggregation is off by default on the 5508 and 4400 Controllers.

Link Aggregation is on by default on the Cisco WiSM and 3750G Integrated WLC.

4404

Link AggregationBundle

5508


4402


4404 subsystem

Link Aggregation

Bundles

WiSM

4404 subsystem



Notes on Link Aggregation

Any change to the LAG configuration will require the system to be rebooted.

When LAG is enabled or disabled, existing interfaces are modified, and administrators will need to make changes for the system to function.

The mechanism used to load-balance traffic across the links is determined by the Ethernet switch that the Controller connects to.

– The controller simply sends a packet out on the same port that it received the packet on.

Port Aggregation mode on the LAN switch should be set to ―on.‖

– No PAgP or LACP negotiation occurs.


Link Aggregation Switch Configuration

Configure a range of interfaces to be in a channel-group

Ensure that physical interfaces in the channel-group have the mode set to be ―on‖ (no PAgP or LACP negotiation)

Trunking configuration must be identical on the physical interfaces and the port-channel interface representing the channel-group



Link Aggregation—GUI Configuration

In Controller>General, set the LAG Mode to either Enabled or Disabled

The controller will need to be rebooted for the change to take effect


Link Aggregation Enabled

Once the configuration is saved and controller rebooted, LAG will show as enabled.

Interfaces will no longer have primary and secondary port options.



Controller Interfaces

Five different interface types:

AP Manager (Not required in Cisco 5508 Controller)

Management

Dynamic

Service Port

Virtual

Management InterfaceIn-band Management traffic

Dynamic Interface(s)Bridge for Client Traffic to/from Wired Network

802.1Q

Service Port InterfaceOut of Band Management traffic

AP-Manager Interface(s)AP Control and AssociationVirtual

Interface

802.1Q


Interface Roles

Management interface: Used for in-band management, connectivity to AAA, and other enterprise services, and for Layer 2 (and Layer 3 on the 5508) AP auto-discovery and association.

AP-manager interfaces: Source IP address used for AP to controller communication and Layer 3 AP auto-discovery and association.

– Note: AP-manager interfaces are not required on the 5508 WLAN controller.

Service port interface: Provides out-of-band management of the controller (GUI access to Controller Web)

Virtual interface: Used for DHCP Relay, Layer 3 security authentication, and mobility management

Dynamic interface: Supplies mapping of WLANs to VLANs on the wired network



List of Interfaces on the Controller

Choose Controller > Interfaces to view the list of interfaces.

Choose an interface name to edit.

– Only dynamic interfaces can be removed.


Management Interface

Default interface for in-band management (HTTP/HTTPS/SNMP) of the Cisco WLC and connectivity for enterprise services such as mobility and AAA.

– The management interface must be in a different VLAN/subnetwork from the service port interface.

The 5508 WLC also uses the management interface for CAPWAP control and data transmission between the Cisco WLC and APs.



Management Interface Configuration

1. Set the 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.

2. Identify the physical DS port number to which the management interface will connect.


AP-Manager Interfaces

Non-5508 wireless controllers have an AP-Manager interface:

Listens for messages through Layer 3 network to auto-discover, associate, and communicate with Cisco AP.

Can be in the same VLAN (and on the same DS port) as the management interface (but with a different IP address).

One AP-Manager interface can manage up to 48 APs.

Unless using LAG, create additional AP-Manager interfaces for every port to which APs will connect.

On the 5508 controller, the Management Interface acts as an AP-Manager Interface.



AP-Manager Interface Configuration

1.The physical DS port number.

2.Enables AP control and communications on this interface, effectively making this an AP-Manager Interface.

3.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.


Service Port Interface

The service port interface—associated only with the service port on the Cisco WLC front panel—is dedicated to out-of-band management in the event of network failure.

– Must be in a different VLAN/subnetwork from the management port interface

Do not assign a gateway to the service port interface.

– Instead, set up static routes to connect to the service port from remote networks.

The service port is not auto-sensing.

– Use a straight-through Ethernet cable to connect to controllers and LAN switches.

– Use a crossover Ethernet cable to connect to routers and PCs.



Virtual Interface

The virtual interface is used to support:

Mobility management.

– Mobile Client uses same virtual IP address across multiple controllers.

DHCP relay.

– Client uses virtual IP address as DHCP server address.

Layer 3 security.

– Web authentication.

Must be an unassigned and unused (non-routable) IP address.

All virtual interfaces must be assigned the same IP address to all Cisco WLCs in a mobility group to allow seamless roaming.


Service Port Interface and Virtual Interface Configuration

The service port interface and virtual interface require only IP address configuration.

On a new controller, the service port interface is preconfigured to 192.168.1.1.

Service Port Interface Virtual Interface



Dynamic Interfaces

Created by the administrator as needed:

– To be an additional AP-Manager interface, or

– To dynamically link one or more WLANs to one VLAN on a DS port

Each dynamic interface must be mapped to one (and only one) VLAN on a distribution port.

Multiple WLANs can be mapped to a single dynamic interface.


Mapping WLANs to VLANs

When mapping a dynamic interface to a single-VLAN distribution port, or to the native VLAN on a trunked distribution port, use VLAN ID 0.

When mapping a dynamic port to one of the 802.1Q tagged VLANs on a trunked distribution port, use the 802.1Q VLAN ID (value 1-4095).

– Multiple dynamic interfaces (each mapped to a different VLAN) can be mapped to a single distribution port.

Building 1

Back Office

Dynam1 0 1Building 2

802.1Q

Dynam3 3 2Back Office

Campus

WLANs Interfaces Ports VLANs

Front Office

Dynam2 2 2Front Office

VLAN 2

VLAN 3

Non-trunk

Name VLAN Port



Dynamic Interface Configuration

1.Indicates that this interface connects to a guest LAN (guest access) or a Quarantine VLAN (NAC) or to both.

2.The physical DS port number.

3.Enables AP control and communications on this interface—effectively sets this interface to be an AP-management interface.

4.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link.


Interface Requirements for Mobility Groups

Mobility Groups allow client roaming between APs that are controlled by different Cisco WLCs.

Interface Requirements for Mobility Groups:

IP connectivity must exist between the management interfaces of all controllers.

All controllers must be configured with the same virtual interface IP address.

– If all the controllers within a mobility group are not using the same virtual interface, inter-controller roaming may appear to work, but the hand-off does not complete, and the client loses connectivity for a period of time.



Summary

Many different components must be configured on the Cisco Wireless

LAN Controller.

Control ports are used exclusively to control and configure the

controller.

Link aggregation creates a high-speed connection between the Cisco

Wireless LAN Controller and the network infrastructure.

Five different controller interface types are used.

The management interface is the main interface for the controller to

the network.

The AP-manager interfaces are used for controlling APs in Layer 3

mode.

The service port interface ties to the physical Service Port on the

controller.

Dynamic interfaces are user-defined interfaces that connect to a

VLAN on a distribution port.

Two interface requirements must be met for a mobility group to

function.


cisco unified wireless network administration: aggregationai3.itb.ac.id/~basuki/private/cisco wlan...

Documents