oCisco WLC Interfaces, Ports & Their

Functionality. Understand How WLCs

Work, Connect to the Network
Infrastructure & Wi-Fi SSID/VLAN
mappings
Written by Administrator. Posted in Cisco Wireless

4.33333333333 1 1 1 1 1 Rating 4.33 (12 Votes)

inShare

Our previous article introduced Ciscos popular Wireless Controller (WLC) devices and
examined their benefits to enterprise networks, different models offered and finally took a look
at their friendly GUI interfaces. This article continues by explaining the purpose and
functionality of each WLC interface (Management interface, Virtual interface, AP-
Manager interface, Dynamic interfaces etc), WLC Port (Service port, Redundant port,
Distribution ports etc), how WLCs connect to the network infrastructure, VLAN
requirements and mapping to SSIDs.

Users can freely download Cisco's WLC product portfolio in our Cisco's Wireless Controller
Datasheets download section. The datasheets contain all currently available WLC models, brief
specification overview/comparison and much more.

WLC Interface Concepts Understanding Ports and Logical Interfaces

Every WLC is fitted with a number of ports (physical interfaces) and logical interfaces, all
critical for the devices proper operation and integration with the network infrastructure. It
is important that engineers working with WLCs, understand the purpose of each interface
and how it should be used. This will help maximize the stability and scalability of any WLC
deployment by correctly configuring all necessary interfaces and attached devices.

WLC Ports (Physical Interfaces)

We will now take a look at the different ports that can be found on WLCs and explain their
purpose. Depending on the WLC model, some ports might or might not be present. The
Console Port and Distribution System Ports are found on all WLCs.
 Figure
1. Available Ports on a Cisco WLC 5500

Redundancy Port

This port is used for High-Availability (HA) deployment designs when there are two WLCs
available. In this setup, both WLCs are physically connected with each other through the
Redundant Port using an Ethernet cable. The redundancy port is used for configuration,
operational data synchronization and role negotiation between the primary and secondary
controllers.

The redundancy port checks for peer reachability by sending UDP keepalive messages every
100 milliseconds from the standby-hot WLC to the active WLC. Finally, the first two octets
of the redundancy ports IP address is always 169.254.xxx.xxx.

Service Port

The service port is used for out-of-band management of the controller and system recovery
and maintenance in the event of a network failure. It is important to note that the service port
does not support VLAN trunking or VLAN tagging and is therefore required to connect to
an access port on the switch.

It is also recommended not to connect the service port to the same VLAN as the wired clients
network because by doing so, administrators will not be able to access the management
interface (analysed later) of the controller.

SFP/Ethernet Distribution System Ports

The distribution system ports are the most important ports on the WLC as they connect the
internal logical interfaces (analysed below) and wireless client traffic to the rest of our
network. High-end WLCs as the WLC 5500 series above, have multiple SFP-based
distribution system ports allowing engineers to connect the WLC with the network backbone
using different configurations. The SFP Ports are able to accept fiber optic or Ethernet
copper interfaces, with the use of the appropriate SFPs.
 Figure 2. Picture of Fiber & Ethernet
Copper SFPs

Lower-end WLCs such as the WLC2504 or the older WLC2100 series provide Ethernet
interfaces only, because of the limited number of access points supported. For example, the
WLC2504 provides up to 4 Gigabit Ethernet ports and can support up to 75 access points,
while the WLC2125 provides up to 8 FastEthernet ports and supports up to 25 access points.

Figure 3. Pictures of WLC2504 & WLC2124

WLC Interfaces (logical Interfaces)

In this section, we will examine the logical interfaces that can be found on all WLCs.
Understanding the functionality of each logical interface is crucial for the correct setup and
deployment of any Cisco WLC-based wireless network.

The WLCs logical interfaces are used to help manage the Wireless SSIDs broadcasted by the
access points, manage the controller, access point and user data, plus more.

The diagram below provides and visual layout of the logical interfaces and how they connect
to the physical ports of a WLC:
 Figure 4. Cisco Wireless
Controller Interfaces & Ports (click to enlarge)

The above layout shows how each Wireless SSID (WLAN 1, WLAN 2 etc), maps to a
Dynamic interface. In turn, each Dynamic interface maps to a specific VLAN. The number
of WLANs & Dynamic interfaces depend on the WLC model. The bigger the WLC model,
the more SSIDs (Wireless Networks)/Dynamic interfaces it supports.

All Dynamic interfaces and AP-Manager/Manager interfaces connect to the network

infrastructure via the Distribution ports which depending on the WLC model are SFP or
Ethernet (10/100 or Gigabit) interfaces.

Because all WLCs have multiple physical Distribution ports, it is possible to assign all
Dynamic interfaces and AP-Manager/Manager interfaces to one physical Distribution
port, as shown in the above diagram. In this case, the Distribution port is configured as an
802.1q Trunk port. Alternatively, Dynamic interfaces can also be assigned to separate
physical Distribution ports, so that a specific WLAN/Dynamic interface can tunnel its
traffic through a single Distribution port.

The dedicated Service-Port seen in the above diagram can be found only on the WLC 5500
series and 7500/8500 series which connects directly to the network.

Lets take a closer look at each logical interface and explain its purpose:

Management Interface

The management interface is the default interface used to access and manage the WLC. The
management interface is also used by the access points to communicate with the WLC. The
management interface IP address is the only ping-able IP address and is used by
administrators to manage the WLC.

Administrators can log into the WLCs configuration GUI by entering the management
interface IP address in a web browser and logging into the system.

AP-Manager Interface

A controller can have one of more AP-Manager interfaces which are used for all Layer 3
communications between the controller and lightweight access points after they have joined
the controller. The AP-Manager IP address is used as the tunnel source for
CAPWAP/LWAPP packets from the controller to the access points, and as the destination IP
address for CAPWAP/ LWAPP packets from the access points to the controller.

While the configuration and usage of the AP-Manager interfaces is optional, models such as
the WLC2504 and WLC5508, do not have a dedicated AP-Manager interface. For these
models, under the Management interface settings, there is an option labeled Enable
Dynamic AP Management, that allows the Management interface to work as an AP-
Manager interface at the same time:

Figure 5. Cisco
WL2504 - Management interface, Dynamic AP Management option (click to enlarge)

According to Cisco's documentation, each AP-Manager interface can handle up to 48 access

points, however we belieive with the latest firmware updates that this limit has been increased
to 75, because the smaller WLC model (2504) can now handle up to 75 access points with its
dual-purpose management/AP-Manager interface. If more access points are installed, then
multiple AP-Manager interfaces are required to be configured.

Virtual Interface

The virtual interface is used to manage and support wireless clients by providing DHCP
relay functionality, guest web authentication, VPN termination and other services. The
virtual interface plays the following two primary roles:

Acts as the DHCP server placeholder for wireless clients that obtain their IP address
from a DHCP server.
Serves as the redirect address for the web authentication login page (if configured).

The virtual interface IP address is only used for communications between the controller
and wireless clients. It never appears as the source or destination address of a packet that
goes out through the distribution ports and on to the local network.

Finally, the IP address of the virtual interface must be unique on the network. For this reason,
a common IP address used for the virtual interface is 1.1.1.1. All controllers within a
mobility group must be configured with the same virtual interface IP address to ensure inter-
controller roaming works correctly without connectivity loss.

Service-Port Interface

The service-port interface is used for out-of-band management of the controller. If the
management workstation is in a remote subnet, it may be necessary to add a IPv4 route on the
controller in order to manage the controller from the remote workstation.

It is important to note that the service-port IP address must not reside on the same subnet
as the Manager/AP-Manager interface.

Smaller WLC models such as the WLC2124, WLC2504 do not have a service-port interface.

Dynamic Interface

The easiest way to explain dynamic interfaces is to think of them as VLAN interfaces for
your wireless networks (SSIDs). One dynamic interface is created per wireless
network/SSID. The wireless network or SSID is mapped to a dynamic interface, which is
then mapped to a specific VLAN network.

As mentioned earlier, dynamic interfaces can be assigned to separate physical distribution

ports, so that traffic from specific WLANs, pass to the wired network via specific distribution
ports. In this scenario, each distribution port is a single access-link carrying one VLAN only.
Alternatively, all dynamic interfaces can be mapped to one distribution port, in which case
will be a trunk port so that it can carry all WLANs/VLANs. This is a common setup method
for smaller networks.

Finally, each dynamic interface must be on a different VLAN or IP subnet from all other
interfaces.

Since the WLC2504 controller can handle up to 16 SSIDs, it can have a maximum of 16
dynamic interfaces, and support a maximum of 16 VLANs.

Distribution Port - Link Aggregation

All WLCs support the aggregation of multiple distribution ports into a single port using the
802.3ad port standard. This allows an administrator to create one large link between the
WLC and the local switch.

For example, the WLC2504 provides 4 Gigabit Ethernet ports, allowing us to aggregate all
4 ports with the neighbour switch and create a 4 Gigabit Ethernet link with the wired
network. EtherChannel will have to be configured on the local switch for the link aggregation
to work.

WLCs do not support Link Aggregation Control Protocol (LACP) or Ciscos proprietary
Port Aggregation Protocol (PAgP), and therefore the switch must be set unconditionally to
LAG. Only one LAG group is supported per controller.

Conclusion

This article introduced the Cisco Wireless LAN Controller interfaces. We covered the
interfaces and ports found on WLCs, and analysed each interface's purpose, including
Ethernet distribution ports, service port, redundancy port, interfaces such as the
management interface, ap-manager interface, virtual interface and dynamic interfaces.