Thanks for the input.
I knew about the conversion from autonomous to lightweight, and have
the manual that describes the process, as noted below.
I already have in place the necessary VLANs - one each for management
(which is shared among all switches), production wireless and guest
wireless. VoIP never touches the WAPs - that's on another VLAN
entirely. I'm assuming that the current management VLAN is a
reasonable choice for managing the WLC and WAPS.
I'm just talking aloud for the rest of this - it's wandering pretty
far OT for the list, though some might not mind...
Unfortunately I can't do the lag for the WLC directly on our L3 switch
- it's a 48 port HP 3400cl, and it's completely full, including the
three PoE switches used for the WAPs. However, I have a 48 port gb
switch that sits between the L3 switch and the firewall that has
plenty of ports free, though, so that might be where I place the lag
for the WLC.
This presents another set of choices:
o- I can leave the PoE switches on the L3 switch, and put the WLC in
the intermediary switch - this seems less than ideal, as it would
force a round trip for the wireless data, since all WAP traffic passes
through the WLC
or
o- I could move the PoE switches to the intermediary switch along with
the WLC and either
o- Limit connectivity for the WAPs to the current single gb
connection between the L3 switch and the intermediary switch.
or
o- After moving the three PoE switches off of the L3 to the
intermediary switch, reconfigured the connection between the L3 switch
and the intermediary as a 3-port lag
Also, according to the manuals, I'm have to set up a new DHCP scope
for the management VLAN - prior to this all of the equipment on that
VLAN has had their IP addresses set statically (including the WAPs).
I'm not entirely happy with that, but I haven't yet seen a way around
it.
Kurt
On Tue, Feb 26, 2013 at 6:50 AM, Glen Johnson <[email protected]> wrote:
> We did this a few years back with a 5508 controller and several aps.
> Basically, you will need one vlan for the aps to talk to the controller.
> You will have to convert the access points to light weight aps.
> That wasn't very intuitive, so here is a link.
> http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp1345331
>
> The controller handles the routing between the ap vlan and the other vlan's
> that the clients will use.
> What we did is set 4 ports on the controller in a lag, connected to 4 ports
> on our core switch. You will need 7.4 or higher code on the 2504 to support
> lag with its 4 ports.
> The allowed vlans on this port group are, the controller to ap vlan, data
> vlan for laptops, open access vlan for the public and voice vlan for ip
> phones.
> Good luck.
>
>
> -----Original Message-----
> From: Kurt Buff [mailto:[email protected]]
> Sent: Monday, February 25, 2013 9:00 PM
> To: NT System Admin Issues
> Subject: SemiOT: Cisco 2504 WLC tips?
>
> All,
>
> I'm the happy recipient of this beastie, and I'm reading through a bunch of
> manuals for it, trying to figure out a good approach for transforming our 15
> x 1240AG WAPs into a cohesive group, rather than managing them individually.
>
> The WAPs are spread across three HP 2800 PWR switches, and carry three VLANs
> each (one is the management VLAN (wired side only) and two are broadcast with
> different SSIDs - a guest network and a production network, both using WPA
> PSK).
>
> First step is to get one of the WAPs talking to the WLC, then once that's
> working, change over the rest, and then I'm going to introduce 802.1x in a
> new SSID, and start switching all of the production wireless to it, and (I
> hope, depending on whether or not our barcode scanners will support 802.1x)
> eliminate the extra SSID.
>
> But, I'm finding I have some questions that the manuals aren't addressing.
> For instance, the unit has two standard 1g ports and 2 PoE 1g ports. One
> needs to be the management port, but should I connect the other ports to each
> of my three switches? Each of the switches has a connection to my layer3
> switch. Should I connect the management port to the L3 switch, and out the
> WLC between the switches and the L3 switch, or should I just connect the 3
> non-management ports to the switches?
>
> Does anyone have some pointers on setting this up?
>
> So far, I've found and read most or all of each of these:
>
> Cisco2500SeriesWirelessControllerDeploymentGuide
> Cisco2500SeriesWirelessControllerGettingStartedGuide
> CiscoWirelessLANControllerConfigurationGuide7_2
> ConvertAutonomousWAPstoLightweightMode7_2
>
> I have browsed through these:
>
> CiscoWirelessControlSystemConfigurationGuide_Release7.0.172.0
> CiscoLocationApplianceConfigurationGuide_Release6.0
>
>
> Haven't touched these yet:
> CiscoLocationApplianceConfigurationGuide_Release6.0
> Cisco_SBA_BN_WirelessLANCleanAirDeploymentGuide-Aug2012
>
> Any thoughts, on or off list, would be appreciated - even if it's a pointer
> to a Cisco list or forum.
>
> Thanks,
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
