Cisco Wireless LAN Controller Configuration Guide, Release 7.4
Configuring Virtual Interfaces
Downloads: This chapterpdf (PDF - 1.17 MB) The complete bookPDF (PDF - 17.94 MB) | Feedback

Configuring Virtual Interfaces

Configuring Virtual Interfaces

Information About the Virtual Interface

The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication and VPN termination. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.

Specifically, the virtual interface plays these two primary roles:

  • Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.

  • Serves as the redirect address for the web authentication login page.

The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be, and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a physical port.


All controllers within a mobility group must be configured with the same virtual interface IP address. Otherwise, inter-controller roaming may appear to work, but the handoff does not complete, and the client loses connectivity for a period of time.

Configuring Virtual Interfaces (GUI)

    Step 1   Choose Controller > Interfaces to open the Interfaces page.
    Step 2   Click Virtual.

    The Interfaces > Edit page appears.

    Step 3   Enter the following parameters:
    • Any fictitious, unassigned, and unused gateway IP address

    • DNS gateway hostname


      To ensure connectivity and web authentication, the DNS server should always point to the virtual interface. If a DNS hostname is configured for the virtual interface, then the same DNS host name must be configured on the DNS server(s) used by the client.

    Step 4   Click Save Configuration.
    Step 5   If you made any changes to the management or virtual interface, reboot the controller so that your changes take effect.

    Configuring Virtual Interfaces (CLI)

      Step 1   Enter the show interface detailed virtual command to view the current virtual interface settings.
      Step 2   Enter the config wlan disable wlan-number command to disable each WLAN that uses the virtual interface for distribution system communication.
      Step 3   Enter these commands to define the virtual interface:
      • config interface address virtual ip-address


        For ip-address, enter any fictitious, unassigned, and unused gateway IP address.

      • config interface hostname virtual dns-host-name

      Step 4   Enter the reset system command. At the confirmation prompt, enter Y to save your configuration changes to NVRAM. The controller reboots.
      Step 5   Enter the show interface detailed virtual command to verify that your changes have been saved.