can I plug port 2 of my WLC 4404 into my dmz for guest user access

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: can I plug port 2 of my WLC 4404 into my dmz for guest user access

Re:can I plug port 2 of my WLC 4404 into my dmz for guest user access

by Guest » Fri Jan 07, 2011 7:55 pm

Carl, Glad to hear you got it working! Lee

Re:can I plug port 2 of my WLC 4404 into my dmz for guest user access

by Guest » Fri Jan 07, 2011 7:24 pm

Hi This now works fine thanks for your help Carl

Re:can I plug port 2 of my WLC 4404 into my dmz for guest user access

by Guest » Fri Jan 07, 2011 7:22 pm

Carl, You need to have two AP-manager interfaces becuase you are physically connecting two distribution ports on the WLC.  When you do that, you must either use LAG (which you cannot do in the case because you are connecting to two different switches) or have an ap-manager assigned to each port (this is how you can have switch redundancy).  So yes, it will let you do that. Please refer to the config guide link I sent you for more information on using multiple ap-manager interfaces. The WLC knows to send the guest traffic out port 2 because the guest WLAN is assigned to the guest interface which in turn is assigned to port 2. Again, I would highly recommend that you open a TAC case so you can speak with an engineer and discuss this as as you can see, it can be kind of confusing  Lee

Re:can I plug port 2 of my WLC 4404 into my dmz for guest user access

by Guest » Fri Jan 07, 2011 6:32 pm

Hi there thanks for that, however I am still uncertain how to approach it Why do I need 2 ap-manager interfaces? will it let me do this? and if both traffic comes in port 1, how does it know to send the traffic out of port 2 to the DMZ ? is this because the guest users will have the gateway set at the DMZ ? also, how can I have the WLAN on 2 ports ? ie apply it to port 1 and 2 ? cheers Carl

Re:can I plug port 2 of my WLC 4404 into my dmz for guest user access

by Guest » Fri Jan 07, 2011 4:54 pm

Carl, Are you asking how to set it up with guest traffic going out port 2 to the DMZ or are you asking about how to set it up the other way I mentioned? For the way you originally inquired about:  A rule on the WLCs is that when you have more than one port physically connected you need to either use LAG or have an ap-manager interface assigned to each port.  So you need would need to create a new dynamic interface, designate it as an ap-manager interface, and assign it to port 2.  Port 1 would have the original ap-manager and management interfaces assigned to it.  You would also need to create a new dynamic interface for the guest traffic and assign that to port 2 as well.  Then under your WLAN configuration, assign the guest WLAN to the guest interface.  You internal WLAN would be configured to use an interface that is assigned to port 1.  So the internal traffic would in/out port 1 and the guest traffic would be in port 1(in the lightweight tunnel), and then out port 2. Port 1 on the WLC will be connected to a port on a switch on the trusted side of the FW and port 2 will be connected to a switch in the DMZ. For the way I mentioned, you can have a port-channel on the switch and LAG configured on the WLC and all client traffic is going to go into and out of that port.  Then the VLAN setup on the switches will take it from there. You can reference chapt 3 of the WLC configuration guides for more information on LAG and mulitple ap-managers  http://www.cisco.com/en/US/docs/wireles ... #wp1277659 I would suggest that you open a TAC case regardless of which method you are considering as I think it would be easier to go over all the variables and explain how the WLC functions on the phone as opposed to here. Thanks, Lee

Top