Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation Cisco Unified Wireless Network Administration: Controller Ports, Interfaces, and Link Aggregation
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-1
Lesson Overview & Objectives Overview - This lesson provides an overview of the Cisco Unified Wireless Network controller ports and interfaces used for connectivity into the wired network and communications with CUWN access points. Objectives - Upon completing this lesson, you will be able to identify the types of ports and interfaces to configure for WLAN network connectivity. This ability includes being able to meet these objectives: – Define Ports, Interfaces, and WLANs – Describe the Distribution System Port and its configuration – Describe Link Aggregation, its features and its benefits – Describe five controller interface types and the role of each – Explain the purpose of AP management interface – Explain the purpose of AP-Manager interface – Explain the purpose of the service port interface – Explain the purpose of dynamic interfaces – List the requirements for interface for mobility groups © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-2
Terminology Control Service Port Ports
Interfaces virtual interface
Console Port
management interface vlan0
Port 1
AP-manager interface vlan0
…
Distribution System Ports
Port 8
dynamic interface vlan1
dynamic interface vlan2
…
dynamic interface vlanx
WLAN4 ―SSID4‖
…
WLANx ―SSIDx‖
WLANs WLAN1 ―SSID1‖
WLAN2 ―SSID2‖
WLAN3 ―SSID3‖
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-3
Ports Control ports are used to configure and control the WLC – Console port – Service port
Distribution ports are used for the following features: – Control and data transfer to and from associated Cisco wireless APs – Distribution system between the WLANs and the enterprise VLAN network Ports CAPWAP header contains client WLAN information, which is then translated into VLAN tags on a distribution port.
VLAN SSID
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
Interface
…
Interface
WLAN … WLAN
WLAN CUWN v7.0—3-4
Distribution System Port A distribution system (DS) port is the physical port through which the Cisco Wireless LAN Controller communicates to networks and appliance mode APs. – The Management Interface will be associated with a VLAN on a DS port at a minimum.
– AP-Manager interfaces (if used) will each be associated with a VLAN on a DS port – Dynamic interfaces will each be associated with a VLAN on a DS port The Cisco 2100/4400/5500 Series WLCs can have as many DS ports as physical ports.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-5
Distribution System Port Topologies Red WLAN Blue WLAN
Green WLAN
Red VLAN
Blue VLAN
GE DS Port 1 802.1Q Trunk Tagged Traffic
GE DS Port 2
Green VLAN
Untagged Traffic
Multiple DS ports are supported and only require tagging if a DS port is connected to multiple VLANs (a trunk port on the switch). © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-6
Configuring Ports on the Controller
Click on the Port Number to configure the port.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-7
Link Aggregation Single logical link - consisting of multiple physical links – between the controller and the LAN switch
Link Aggregation (LAG) allows up to eight DS ports on a Cisco 5508; four ports on a Cisco 4404; or two ports on a Cisco 4402 to be bundled into a single logical link. Any single physical link can go down, and traffic will pass through the remaining active ports/links. Only one functional physical port is needed for the Controller to pass client traffic. A single, static, Link Aggregation bundle is supported.
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-8
Benefits of Link Aggregation For as long as at least one physical link remains active, all APs remain connected to the switch, and data service for users continues uninterrupted. Eliminates the need to configure primary and backup ports for each interface.
It removes the requirement to support multiple AP-Manager interfaces, also reducing the number of IP addresses used.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-9
Link Aggregation—Description Link Aggregation is off by default on the 5508 and 4400 Controllers.
Link Aggregation Bundle
5508
Link Aggregation Bundle
4404
Link Aggregation Bundle
4402
Link Aggregation is on by default on the Cisco WiSM and 3750G Integrated WLC. Link Aggregation Bundles
4404 subsystem
4404 subsystem
WiSM © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-10
Notes on Link Aggregation Any change to the LAG configuration will require the system to be rebooted. When LAG is enabled or disabled, existing interfaces are modified, and administrators will need to make changes for the system to function.
The mechanism used to load-balance traffic across the links is determined by the Ethernet switch that the Controller connects to. – The controller simply sends a packet out on the same port that it received the packet on. Port Aggregation mode on the LAN switch should be set to ―on.‖ – No PAgP or LACP negotiation occurs.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-11
Link Aggregation Switch Configuration
Configure a range of interfaces to be in a channel-group Ensure that physical interfaces in the channel-group have the mode set to be ―on‖ (no PAgP or LACP negotiation) Trunking configuration must be identical on the physical interfaces and the port-channel interface representing the channel-group © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-12
Link Aggregation—GUI Configuration
In Controller>General, set the LAG Mode to either Enabled or Disabled The controller will need to be rebooted for the change to take effect © 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-13
Link Aggregation Enabled
Once the configuration is saved and controller rebooted, LAG will show as enabled. Interfaces will no longer have primary and secondary port options. © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-14
Controller Interfaces Five different interface types: AP Manager (Not required in Cisco 5508 Controller) Management Dynamic
Service Port Virtual AP-Manager Interface(s)
Virtual Interface
AP Control and Association
802.1Q
Management Interface In-band Management traffic
Dynamic Interface(s) Service Port Interface
Bridge for Client Traffic to/from Wired Network
Out of Band Management traffic
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-15
Interface Roles Management interface: Used for in-band management, connectivity to AAA, and other enterprise services, and for Layer 2 (and Layer 3 on the 5508) AP auto-discovery and association. AP-manager interfaces: Source IP address used for AP to controller communication and Layer 3 AP auto-discovery and association. – Note: AP-manager interfaces are not required on the 5508 WLAN controller. Service port interface: Provides out-of-band management of the controller (GUI access to Controller Web) Virtual interface: Used for DHCP Relay, Layer 3 security authentication, and mobility management Dynamic interface: Supplies mapping of WLANs to VLANs on the wired network © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-16
List of Interfaces on the Controller
Choose Controller > Interfaces to view the list of interfaces. Choose an interface name to edit. – Only dynamic interfaces can be removed.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-17
Management Interface Default interface for in-band management (HTTP/HTTPS/SNMP) of the Cisco WLC and connectivity for enterprise services such as mobility and AAA. – The management interface must be in a different VLAN/subnetwork from the service port interface. The 5508 WLC also uses the management interface for CAPWAP control and data transmission between the Cisco WLC and APs.
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-18
Management Interface Configuration
1. Set the 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link. 2. Identify the physical DS port number to which the management interface will connect. © 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-19
AP-Manager Interfaces Non-5508 wireless controllers have an AP-Manager interface: Listens for messages through Layer 3 network to auto-discover, associate, and communicate with Cisco AP. Can be in the same VLAN (and on the same DS port) as the management interface (but with a different IP address). One AP-Manager interface can manage up to 48 APs. Unless using LAG, create additional AP-Manager interfaces for every port to which APs will connect. On the 5508 controller, the Management Interface acts as an APManager Interface.
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-20
AP-Manager Interface Configuration
1.The physical DS port number. 2.Enables AP control and communications on this interface, effectively making this an AP-Manager Interface. 3.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link. © 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-21
Service Port Interface The service port interface—associated only with the service port on the Cisco WLC front panel—is dedicated to out-of-band management in the event of network failure. – Must be in a different VLAN/subnetwork from the management port interface Do not assign a gateway to the service port interface. – Instead, set up static routes to connect to the service port from remote networks. The service port is not auto-sensing. – Use a straight-through Ethernet cable to connect to controllers and LAN switches. – Use a crossover Ethernet cable to connect to routers and PCs.
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-22
Virtual Interface The virtual interface is used to support: Mobility management. – Mobile Client uses same virtual IP address across multiple controllers. DHCP relay. – Client uses virtual IP address as DHCP server address. Layer 3 security. – Web authentication. Must be an unassigned and unused (non-routable) IP address. All virtual interfaces must be assigned the same IP address to all Cisco WLCs in a mobility group to allow seamless roaming.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-23
Service Port Interface and Virtual Interface Configuration Service Port Interface
Virtual Interface
The service port interface and virtual interface require only IP address configuration. On a new controller, the service port interface is preconfigured to 192.168.1.1. © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-24
Dynamic Interfaces Created by the administrator as needed: – To be an additional AP-Manager interface, or – To dynamically link one or more WLANs to one VLAN on a DS port Each dynamic interface must be mapped to one (and only one) VLAN on a distribution port. Multiple WLANs can be mapped to a single dynamic interface.
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-25
Mapping WLANs to VLANs Building 1
Name
VLAN Port
Dynam1
0
Front Office
Campus
1
Building 2
Non-trunk
Dynam2
2
2
VLAN 2
Front Office
802.1Q
Back Office WLANs
Dynam3
3
Interfaces
2
VLAN 3
Back Office
Ports
VLANs
When mapping a dynamic interface to a single-VLAN distribution port, or to the native VLAN on a trunked distribution port, use VLAN ID 0. When mapping a dynamic port to one of the 802.1Q tagged VLANs on a trunked distribution port, use the 802.1Q VLAN ID (value 1-4095). – Multiple dynamic interfaces (each mapped to a different VLAN) can be mapped to a single distribution port. © 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-26
Dynamic Interface Configuration
1.Indicates that this interface connects to a guest LAN (guest access) or a Quarantine VLAN (NAC) or to both. 2.The physical DS port number. 3.Enables AP control and communications on this interface—effectively sets this interface to be an AP-management interface. 4.The 802.1Q VLAN ID, or leave at 0 for the native VLAN or a non-trunk link. © 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-27
Interface Requirements for Mobility Groups Mobility Groups allow client roaming between APs that are controlled by different Cisco WLCs. Interface Requirements for Mobility Groups: IP connectivity must exist between the management interfaces of all controllers. All controllers must be configured with the same virtual interface IP address. – If all the controllers within a mobility group are not using the same virtual interface, inter-controller roaming may appear to work, but the hand-off does not complete, and the client loses connectivity for a period of time.
© 2010 Cisco Systems, Inc. All rights reserved.
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
CUWN v7.0—3-28
Summary Many different components must be configured on the Cisco Wireless LAN Controller. Control ports are used exclusively to control and configure the controller. Link aggregation creates a high-speed connection between the Cisco Wireless LAN Controller and the network infrastructure. Five different controller interface types are used. The management interface is the main interface for the controller to the network. The AP-manager interfaces are used for controlling APs in Layer 3 mode. The service port interface ties to the physical Service Port on the controller. Dynamic interfaces are user-defined interfaces that connect to a VLAN on a distribution port. Two interface requirements must be met for a mobility group to function. © 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-29
© 2010 Cisco Systems, Inc. All rights reserved.
CUWN v7.0—3-30
© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.
