Not quite correct. As I understand it, only control and management traffic goes between the WLC & AP. Everything else (ie client traffic) goes direct.
If you have any AP's hanging off the PoE port and need to free one up think about using a power injector instead. Not ideal and may not be suitable to the location of the AP, but definitely an option. On Tue, Feb 26, 2013 at 1:11 PM, Kurt Buff <[email protected]> wrote: > Thanks for the input. > > I knew about the conversion from autonomous to lightweight, and have > the manual that describes the process, as noted below. > > I already have in place the necessary VLANs - one each for management > (which is shared among all switches), production wireless and guest > wireless. VoIP never touches the WAPs - that's on another VLAN > entirely. I'm assuming that the current management VLAN is a > reasonable choice for managing the WLC and WAPS. > > I'm just talking aloud for the rest of this - it's wandering pretty > far OT for the list, though some might not mind... > > Unfortunately I can't do the lag for the WLC directly on our L3 switch > - it's a 48 port HP 3400cl, and it's completely full, including the > three PoE switches used for the WAPs. However, I have a 48 port gb > switch that sits between the L3 switch and the firewall that has > plenty of ports free, though, so that might be where I place the lag > for the WLC. > > This presents another set of choices: > > o- I can leave the PoE switches on the L3 switch, and put the WLC in > the intermediary switch - this seems less than ideal, as it would > force a round trip for the wireless data, since all WAP traffic passes > through the WLC > or > o- I could move the PoE switches to the intermediary switch along with > the WLC and either > o- Limit connectivity for the WAPs to the current single gb > connection between the L3 switch and the intermediary switch. > or > o- After moving the three PoE switches off of the L3 to the > intermediary switch, reconfigured the connection between the L3 switch > and the intermediary as a 3-port lag > > Also, according to the manuals, I'm have to set up a new DHCP scope > for the management VLAN - prior to this all of the equipment on that > VLAN has had their IP addresses set statically (including the WAPs). > I'm not entirely happy with that, but I haven't yet seen a way around > it. > > Kurt > > > On Tue, Feb 26, 2013 at 6:50 AM, Glen Johnson <[email protected]> wrote: > > We did this a few years back with a 5508 controller and several aps. > > Basically, you will need one vlan for the aps to talk to the controller. > > You will have to convert the access points to light weight aps. > > That wasn't very intuitive, so here is a link. > > > http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp1345331 > > > > The controller handles the routing between the ap vlan and the other > vlan's that the clients will use. > > What we did is set 4 ports on the controller in a lag, connected to 4 > ports on our core switch. You will need 7.4 or higher code on the 2504 to > support lag with its 4 ports. > > The allowed vlans on this port group are, the controller to ap vlan, > data vlan for laptops, open access vlan for the public and voice vlan for > ip phones. > > Good luck. > > > > > > -----Original Message----- > > From: Kurt Buff [mailto:[email protected]] > > Sent: Monday, February 25, 2013 9:00 PM > > To: NT System Admin Issues > > Subject: SemiOT: Cisco 2504 WLC tips? > > > > All, > > > > I'm the happy recipient of this beastie, and I'm reading through a bunch > of manuals for it, trying to figure out a good approach for transforming > our 15 x 1240AG WAPs into a cohesive group, rather than managing them > individually. > > > > The WAPs are spread across three HP 2800 PWR switches, and carry three > VLANs each (one is the management VLAN (wired side only) and two are > broadcast with different SSIDs - a guest network and a production network, > both using WPA PSK). > > > > First step is to get one of the WAPs talking to the WLC, then once > that's working, change over the rest, and then I'm going to introduce > 802.1x in a new SSID, and start switching all of the production wireless to > it, and (I hope, depending on whether or not our barcode scanners will > support 802.1x) eliminate the extra SSID. > > > > But, I'm finding I have some questions that the manuals aren't > addressing. For instance, the unit has two standard 1g ports and 2 PoE 1g > ports. One needs to be the management port, but should I connect the other > ports to each of my three switches? Each of the switches has a connection > to my layer3 switch. Should I connect the management port to the L3 switch, > and out the WLC between the switches and the L3 switch, or should I just > connect the 3 non-management ports to the switches? > > > > Does anyone have some pointers on setting this up? > > > > So far, I've found and read most or all of each of these: > > > > Cisco2500SeriesWirelessControllerDeploymentGuide > > Cisco2500SeriesWirelessControllerGettingStartedGuide > > CiscoWirelessLANControllerConfigurationGuide7_2 > > ConvertAutonomousWAPstoLightweightMode7_2 > > > > I have browsed through these: > > > > CiscoWirelessControlSystemConfigurationGuide_Release7.0.172.0 > > CiscoLocationApplianceConfigurationGuide_Release6.0 > > > > > > Haven't touched these yet: > > CiscoLocationApplianceConfigurationGuide_Release6.0 > > Cisco_SBA_BN_WirelessLANCleanAirDeploymentGuide-Aug2012 > > > > Any thoughts, on or off list, would be appreciated - even if it's a > pointer to a Cisco list or forum. > > > > Thanks, > > > > Kurt > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
