Cisco Wireless LAN Controller Configuration Guide, Release 7.5
Configuring Dynamic Interfaces
Downloads: This chapterpdf (PDF - 1.22MB) The complete bookPDF (PDF - 17.88MB) | The complete bookePub (ePub - 4.41MB) | Feedback

Configuring Dynamic Interfaces

Configuring Dynamic Interfaces

Information About Dynamic Interface

Dynamic interfaces, also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wireless LAN clients. A controller can support up to 512 dynamic interfaces (VLANs). Each dynamic interface is individually configured and allows separate communication streams to exist on any or all of a controller’s distribution system ports. Each dynamic interface controls VLANs and other communications between controllers and all other network devices, and each acts as a DHCP relay for wireless clients associated to WLANs mapped to the interface. You can assign dynamic interfaces to distribution system ports, WLANs, the Layer 2 management interface, and the Layer 3 AP-manager interface, and you can map the dynamic interface to a backup port.

You can configure zero, one, or multiple dynamic interfaces on a distribution system port. However, all dynamic interfaces must be on a different VLAN or IP subnet from all other interfaces configured on the port. If the port is untagged, all dynamic interfaces must be on a different IP subnet from any other interface configured on the port.

This table lists the maximum number of VLANs supported on the various controller platforms.

Table 1 Maximum number of VLANs supported on Cisco Wireless Controllers

Wireless Controllers

Maximum VLANs

Cisco Virtual Wireless Controller

512

Cisco Wireless Controller Module for ISR G2

16

Cisco 2500 Series Wireless Controllers

16

Cisco 5500 Series Wireless Controller

512

Cisco Catalyst 6500 Series Wireless Services Module2 (WiSM2)

512

Cisco Flex 7500 Series Cloud Controller

4,096

Cisco 8500 Series Controller

4,096

Pre - requisites for Configuring Dynamic Interfaces

While configuring on the dynamic interface of the controller, you must ensure the following:

  • You must use tagged VLANs for dynamic interfaces.

Restrictions for Configuring Dynamic Interfaces

The following restrictions apply for configuring the dynamic interfaces on the controller:

  • You must not configure a dynamic interface in the same subnetwork as a server that is reachable by the controller CPU, such as a RADIUS server, as it might cause asymmetric routing issues.
  • Wired clients cannot access management interface of the Cisco WLC 2500 series using the IP address of the AP Manager interface – when Dynamic AP Management is enabled on a dynamic VLAN.
  • For SNMP requests that come from a subnet that is configured as a dynamic interface, the controller responds but the response does not reach the device that initiated the conversation.
  • If you are using DHCP proxy and/or a RADIUS source interface, ensure that the dynamic interface has a valid routable address. Duplicate or overlapping addresses across controller interfaces are not supported.

Configuring Dynamic Interfaces (GUI)


    Step 1   Choose Controller > Interfaces to open the Interfaces page.
    Step 2   Perform one of the following:
    • To create a new dynamic interface, click New. The Interfaces > New page appears. Go to Step 3.
    • To modify the settings of an existing dynamic interface, click the name of the interface. The Interfaces > Edit page for that interface appears. Go to Step 5.
    • To delete an existing dynamic interface, hover your cursor over the blue drop-down arrow for the desired interface and choose Remove.
    Step 3   Enter an interface name and a VLAN identifier, as shown in the figure above.
    Step 4   Click Apply to commit your changes. The Interfaces > Edit page appears.
    Step 5   Configure the following parameters:
    • Guest LAN, if applicable
    • Quarantine and quarantine VLAN ID, if applicable
      Note   

      Select the Quarantine check box if you want to configure this VLAN as unhealthy or you want to configure network access control (NAC) out-of-band integration. Doing so causes the data traffic of any client that is assigned to this VLAN to pass through the controller.

    • Physical port assignment (for all controllers except the 5500 series)
    • NAT address (only for Cisco 5500 Series Controllers configured for dynamic AP management)
      Note   

      Select the Enable NAT Address check box and enter the external NAT IP address if you want to be able to deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT). NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller’s intranet IP addresses to a corresponding external address. The controller’s dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.

      Note   

      The NAT parameters are supported for use only with one-to-one-mapping NAT, where each private client has a direct and fixed mapping to a global address. The NAT parameters do not support one-to-many NAT, which uses source port mapping to enable a group of clients to be represented by a single IP address.

    • Dynamic AP management
      Note   

      When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.

      Note   

      Set the APs in a VLAN that is different than the dynamic interface configured on the controller. If the APs are in the same VLAN as the dynamic interface, the APs are not registered on the controller and the “LWAPP discovery rejected” and “Layer 3 discovery request not received on management VLAN” errors are logged on the controller.

    • VLAN identifier
    • Fixed IP address, IP netmask, and default gateway
    • Primary and secondary DHCP servers
    • Access control list (ACL) name, if required
      Note   

      To ensure proper operation, you must set the Port Number and Primary DHCP Server parameters.

    Step 6   Click Save Configuration to save your changes.
    Step 7   Repeat this procedure for each dynamic interface that you want to create or edit.

    Configuring Dynamic Interfaces (CLI)


      Step 1   Enter the show interface summary command to view the current dynamic interfaces.
      Step 2   View the details of a specific dynamic interface by entering this command: show interface detailed operator_defined_interface_name.
      Note   

      Interface names that contain spaces must be enclosed in double quotes. For example: config interface create "vlan 25"

      Step 3   Enter the config wlan disable wlan_id command to disable each WLAN that uses the dynamic interface for distribution system communication.
      Step 4   Enter these commands to configure dynamic interfaces:
      • config interface create operator_defined_interface_name {vlan_id | x}
      • config interface address interface ip_addr ip_netmask [gateway]
      • config interface vlan operator_defined_interface_name {vlan_id | o}
      • config interface port operator_defined_interface_name physical_ds_port_number
      • config interface ap-manager operator_defined_interface_name {enable | disable}
        Note   

        Use the config interface ap-manager operator_defined_interface_name {enable | disable} command to enable or disable dynamic AP management. When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.

      • config interface dhcp operator_defined_interface_name ip_address_of_primary_dhcp_server [ip_address_of_secondary_dhcp_server]
      • config interface quarantine vlan interface_name vlan_id
        Note   

        Use the config interface quarantine vlan interface_name vlan_id command to configure a quarantine VLAN on any interface.

      • config interface acl operator_defined_interface_name access_control_list_name
      Step 5   Enter these commands if you want to be able to deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT):
      • config interface nat-address dynamic-interface operator_defined_interface_name {enable | disable}
      • config interface nat-address dynamic-interface operator_defined_interface_name set public_IP_address

      NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller’s intranet IP addresses to a corresponding external address. The controller’s dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.

      Note   

      These commands are supported for use only with one-to-one-mapping NAT, whereby each private client has a direct and fixed mapping to a global address. These commands do not support one-to-many NAT, which uses source port mapping to enable a group of clients to be represented by a single IP address.

      Step 6   Enter the config wlan enable wlan_id command to reenable each WLAN that uses the dynamic interface for distribution system communication.
      Step 7   Enter the save config command to save your changes.
      Step 8   Enter the show interface detailed operator_defined_interface_name command and show interface summary command to verify that your changes have been saved.
      Note   

      If desired, you can enter the config interface delete operator_defined_interface_name command to delete a dynamic interface.