Cisco 4400 with lightweight APs topology question

[professorguy]

I am configuring a 4402 Wireless Controller and I have set up a management address and vlan so I can configure it via my browser. I am at the point where I am setting up the AP-manager interface. This is the channel through which APs negotiate settings and share monitoring info with the controller.

The controller wants a vlan identifier for that interface. That'd be fine except that the APs are on many different subnets. One vlan cannot get to the entire network since it is routed between the core and the various wiring closets. All the APs will be able to see the ap-manager IP address, but not a particular vlan.

How do I lash this together with APs on different network segments?

 

[ADB100]

The AP's don't need to be on the same VLAN, they can literally be anywhere as long as they have IP connectivity between them. You need to configure DHCP to provide the Controller's IP address (or multiple controller addresses for redundancy). The VLAN Tag is just the 802.1q identifier between the Controller and the switchport it is connected to.

Some good information here:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

HTH

Andy

 

[professorguy]

OK, I think I get this. It will be a few days before I can get all this tested, but I'll soldier on with this good info.

The dot1q trunks from the neighbor switch obviously work (at least a little) since I can get the https server from my desktop. I have the controller in Link aggregate (LAG) mode and the 2 dist ports are connected to 2 different physical switches within a single stack. The trunk ports on the stack are bound in an ehterchannel. So if any GBIC fails, either of the patches fail, if any port or an entire switch in the stack goes down, the controller will still be on the network. Nice!

Thanks again. I'll report back when I've gotten further along.

 

[ADB100]

There are some issues with using LAG/EtherChannel but I can't remember what..... I will have a look on CCO and see if I can did them out - some functionality doesn't work I think.

Andy

 

[ADB100]

I think this was it:

When you use LAG, the controller relies on the switch for the load balancing decisions on traffic that comes from the network. It expects that traffic that belongs to an AP (LWAPP or network to wireless user) always enters on the same port. Use only ip-src or ip-src ip-dst load balancing options in the switch EtherChannel configuration. Some switch models might use unsupported load balancing mechanisms by default, so it is important to verify.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

HTH

Andy

 

[professorguy]

I did see that as I was configuring the neighbor switch (a stack of 3750s). I tried to set the load balancing for the etherchannel, but no go. Turns out the load balance algorithm is a GLOBAL setting (all etherchannels must use the same method). I set it for ip-dst-src, but that line doesn't appear in the configuration which leads me to believe it is the default for the 3750.

 

[ADB100]

Yes I think you are correct. I seem to remember that failover isn't seemless if one of the ports fails in the EtherChannel since the Controller can't handle the change of ports (or something like that....). probably worth testing once you have a couple of AP's live and you can verify the physical link in the EtherChannel they will use.

Good luck

Andy