Map-Server Per-Site Support

Map server per site support

A map server per site support is a network feature that

  • selects the map server based on the client’s subnet to enable per-site segmentation. The controller supports multiple sites and segregates each site's traffic

  • allows both Enterprise and Guest sites to use dedicated or shared map servers, and

  • enables flexible virtual network assignment using the Layer 2 Virtual Network Identifier (VNID) selection.

This list shows the map server selection order for AP query and client registration:

  • Per-L3 VNID map server.

  • Per site (ap-group) map server.

  • Default or global map server.

Benefits

Some of the benefits of using the map server per site feature are:

  • You can use a single large site with horizontal-scaling of the map server and border nodes.

  • You can share the controller across multiple sites. Each site can have its own map server and virtual network (VNID), and traffic can still be segmented from each site.

  • You can share the guest map server across multiple sites while keeping the enterprise map server separate.

  • You can use the same SSID across different sites. Within a site, the SSIDs can belong to different virtual network domains.

Configure the default map server (GUI)

Set up the default map server to manage control plane operations within the wireless fabric.

Procedure

Step 1

Choose Configuration > Wireless > Fabric.

Step 2

On the Fabric page, click the Control Plane tab.

Step 3

In the Control Plane Name list, click default-control-plane.

Step 4

In the Edit Control Plane window that is displayed, click Add.

Step 5

Enter the IP address of the map server.

Step 6

Set the Password Type as either Unencrypted or AES.

Step 7

Enter the Pre Shared Key.

Step 8

Click Save.

Step 9

Click Update & Apply to Device.

Configure the default map server (CLI)

To configure a wireless fabric control-plane with a specified map server and pre-shared key for LISP control-plane redundancy and secure AP/client join processes.

Before you begin

  • The global map server is the default map server that is used for both AP query (when an AP joins) as well as for client registration (when a client joins).

  • We recommend that you configure map servers in pairs to ensure redundancy because the LISP control-plane does not support redundancy inherently.

  • To share a map server set, create a map server group, which can be shared across site profiles, fabric profiles, Layer 2 and Layer3 VNID, as well with the default map server.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure the control plane name.

Example:

Device(config)# wireless fabric control-plane control-plane-name test-map

If you do not provide a control plane name, the default-control-plane that is auto generated is used.

Step 3

Configure the IP address and the key for the control plane.

Example:

Device((config-wireless-cp)# ip address 10.12.13.14 key pre-shared-key secret

Configure a map server per site (GUI)

Configure the primary and backup map server controllers for a specific site using the GUI.

Before you begin

Ensure you have configured an AP Join Profile before setting up the primary and backup controllers.

Procedure

Step 1

Choose Configuration > Tags & Profiles > AP Join.

Step 2

On the AP Join Profile page, click the AP Join Profile name.

Step 3

In the Edit AP Join Profile window, click the CAPWAP tab.

Step 4

In the High Availability tab under Backup Controller Configuration, check the Enable Fallback check box.

Step 5

Enter the primary and secondary controller names and IP addresses.

Step 6

Click Update & Apply to Device.

Configure a map server per site (CLI)

Set up a map server for each site or AP group.

Before you begin

You can configure map server for each site or each AP group. If a map server is not configured for each VNID or subnet, per-site map server is used for AP queries and client registration.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a site tag and enter the site tag configuration mode.

Example:

Device(config)# wireless tag site site-tag test-site

Step 3

Associate a fabric control plane name with a site tag.

Example:

Device(config-wireless-site)# fabric control-plane map-server-name test-map

Create a map server for each VNID (GUI)

Configure map servers for Layer 2 VNIDs to enable secure fabric communication.

Procedure

Step 1

Choose Configuration > Wireless Plus > Fabric > Fabric Configuration.

Step 2

In the Profiles tab, click Add to add a new Fabric Profile.

Step 3

In the Add New Profile window that is displayed, enter a name and description for the profile.

Step 4

Specify the L2 VNID and SGT Tag details.

Step 5

In the Map Servers section, specify the IP address and preshared key details for Server 1.

Step 6

Optionally, you can specify the IP address and preshared key details for Server 2.

Step 7

Click Save & Apply to Device.

Create a map server for each VNID (CLI)

Follow the procedure given below to configure map server for each VNID in Layer 2 and Layer 3 or a map server for a client VNID.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a map server for each VNID in Layer 2 and Layer 3 or a map server for a client VNID. Use one of the following:

Example:

Device(config)# wireless fabric name vnid-map test1 l2-vnid l2-vnid l3-vnid l3vnid 10 ip network-ip subnet-mask 10.8.6.2 255.255.255.236 control-plane control-plane-name cp1

Example:

Device(config)# wireless fabric name vnid-map test1 l2-vnid l2-vnid control-plane control-plane-name cp1

Create a fabric profile and associate a tag and VNID (GUI)

Use these steps to create a fabric profile in the Cisco wireless GUI and associate it with a tag and VNID.

Procedure

Step 1

Choose Configuration > Wireless > Fabric.

Step 2

In the Profiles tab on Fabric Configuration page, click Add to add a new profile.

Step 3

In the Add New Profile window that is displayed, enter a name and description for the profile.

Step 4

Specify the L2 VNID and SGT Tag details.

Step 5

Click Save & Apply to Device.

Create a fabric profile and associate a tag and VNID (CLI)

Follow the procedure given below to create a fabric profile and associate the VNID to which the client belongs and the SGT tag to this profile.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a fabric profile.

Example:

Device(config)# wireless profile fabric fabric-profile-name test-fabric

Step 3

Configure an SGT tag.

Example:

Device(config-wireless-fabric)# sgt-tag value 5

Step 4

Configure a client Layer 2 VNID.

Example:

Device(config-wireless-fabric)# client-l2-vnid vnid 10

Verify the map server configuration

Use the following commands to verify the map server configuration:

Device# show wireless fabric summary 

Fabric Status      : Enabled


Control-plane: 
Name                             IP-address        Key                              Status
--------------------------------------------------------------------------------------------
test-map                         10.12.13.14       test1                            Down 


Fabric VNID Mapping:
  Name               L2-VNID        L3-VNID        IP Address             Subnet        Control plane name
----------------------------------------------------------------------------------------------------------------------
  test1               12             10             10.6.8.9            255.255.255.236    test2                            



Device# show wireless fabric vnid mapping
 
Fabric VNID Mapping:
  Name               L2-VNID        L3-VNID        IP Address             Subnet      Control Plane Name              
--------------------------------------------------------------------------------------------------------------------
  fabric1             1              0              9.6.51.0            255.255.255.0         	map-server-name


Device# show wireless profile fabric detailed profile-name 

Profile-name      : fabric-ap
VNID              : 1
SGT               : 500
Type              : Guest

Control Plane Name       Control-Plane IP   Control-Plane Key 
--------------------------------------------------------------------------------
 Ent-map-server           5.4.3.2                 guest_1    
                     

Device# show ap name ap-name config general 

Fabric status                                   : Enabled
RLOC                                            : 2.2.2.2
Control Plane Name		: ent-map-server


Device# show wireless client mac mac-address detail 

Fabric status : Enabled
RLOC                   : 2.2.2.2
Control Plane Name		: ent-map-server


Device# show wireless tag site detailed site-tag 

Site Tag Name        : default-site-tag
Description          : default site tag
----------------------------------------
AP Profile           : default-ap-profile
Local-site           : Yes
Fabric-control-plane: Ent-map-server