Cisco Wireless Controller Configuration Guide, Release 7.6

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: July 11, 2014

Chapter: Configuring Dynamic Interfaces

Configuring Dynamic Interfaces
Dynamic Interface
Prerequisites for Configuring Dynamic Interfaces
Restrictions for Configuring Dynamic Interfaces
Configuring Dynamic Interfaces (GUI)
Configuring Dynamic Interfaces (CLI)

Configuring Dynamic Interfaces

Dynamic Interface

Dynamic interfaces are created by users and designed to be analogous to VLANs for wireless LAN clients. In a LAG setup, the dynamic interface on a controller is conceptually analogous to an SVI on a switch or router associated with a single VLAN and single subnet, although the controller does not have any routing capabilities. A controller can support up to 512 dynamic interfaces (VLANs). Each dynamic interface is individually configured and allows separate communication streams to exist on any or all of a controller’s distribution system ports. A dynamic interface is a Layer 3 interface on the controller to map a WLAN to a particular VLAN and subnet. If DHCP relay is enabled on the controller, then the applicable dynamic interface is used as the relay address. The dynamic interface will also be the interface through which network communication to and from the controller will occur if the destination address is in the same subnet assigned to a dynamic interface. Alternatively, a dynamic interface can also be configured as an AP management interface as well, in place of the default management interface on a separate port in a non-LAG setup. You can assign dynamic interfaces to distribution system ports, WLANs, the Layer 2 management interface, and the Layer 3 AP-manager interface, and you can map the dynamic interface to a backup port.

Management traffic such as Telnet or SSH, HTTP or HTTPS, and so on, can use a dynamic interface as their destination address if management by dynamic interface option is enabled.

You can configure zero, one, or multiple dynamic interfaces on a distribution system port. However, all dynamic interfaces must be on a different VLAN or IP subnet from all other interfaces configured on the port. If the port is untagged, all dynamic interfaces must be on a different IP subnet from any other interface configured on the port.

For information about maximum number of VLANs supported on a controller platform, see the respective controller platform's datasheet.

Note

You must not configure a dynamic interface in the same network as that of Local Mobility Anchor (LMA). If you do so, the GRE tunnel between the controller and LMA does not come up.

This section contains the following subsections:

Prerequisites for Configuring Dynamic Interfaces

While configuring on the dynamic interface of the , you must ensure the following:

You must use tagged VLANs for dynamic interfaces.

Restrictions for Configuring Dynamic Interfaces

The following restrictions apply for configuring the dynamic interfaces on the controller:

Wired clients cannot access management interface of the Cisco WLC 2500 series using the IP address of the AP Manager interface .
For SNMP requests that come from a subnet that is configured as a dynamic interface, the controller responds but the response does not reach the device that initiated the conversation.
If you are using DHCP proxy and/or a RADIUS source interface, ensure that the dynamic interface has a valid routable address. Duplicate or overlapping addresses across controller interfaces are not supported.
You must not use ap-manager as the interface name while configuring dynamic interfaces as ap-manager is a reserved name.

Configuring Dynamic Interfaces (GUI)

Procedure

Step 1

Choose Controller > Interfaces to open the Interfaces page.

Step 2

Perform one of the following:

To create a new dynamic interface, click New. The Interfaces > New page appears. Go to Step 3.
To modify the settings of an existing dynamic interface, click the name of the interface. The Interfaces > Edit page for that interface appears. Go to Step 5.
To delete an existing dynamic interface, hover your cursor over the blue drop-down arrow for the desired interface and choose Remove.

Step 3

Enter an interface name and a VLAN ID.

Note

You cannot enter ap-manager as the interface name while confiiguring a dynamic interface as ap-manager is a reserved name.

Step 4

Click Apply to commit your changes. The Interfaces > Edit page is displayed.

Step 5

Configure the following parameters:

Guest LAN, if applicable

Quarantine and quarantine VLAN ID, if applicable

Note

Select the Quarantine check box if you want to configure this VLAN as unhealthy or you want to configure network access control (NAC) out-of-band integration. Doing so causes the data traffic of any client that is assigned to this VLAN to pass through the controller.

Physical port assignment (for all controllers except the Cisco 5508 controller)

NAT address (only for Cisco 5508 controllers configured for dynamic AP management)

Note

Check the Enable NAT Address check box and enter the external NAT IP address if you want to be able to deploy your controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT). NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller’s intranet IP addresses to a corresponding external address. The controller’s dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.

The NAT parameters are supported for use only with one-to-one-mapping NAT, where each private client has a direct and fixed mapping to a global address. The NAT parameters do not support one-to-many NAT, which uses source port mapping to enable a group of clients to be represented by a single IP address.

Dynamic AP management

Note

When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface.

Set the APs in a VLAN that is different than the dynamic interface configured on the controller. If the APs are in the same VLAN as the dynamic interface, the APs are not registered on the controller and the “LWAPP discovery rejected” and “Layer 3 discovery request not received on management VLAN” errors are logged on the controller.

VLAN identifier

Fixed IP address, IP netmask, and default gateway.

Note

Enter valid IP addresses in these fields.

Primary and secondary DHCP servers

Access control list (ACL) name, if required

Note

To ensure proper operation, you must set the Port Number and Primary DHCP Server parameters.

Step 6

Click Save Configuration to save your changes.

Step 7

Repeat this procedure for each dynamic interface that you want to create or edit.

Configuring Dynamic Interfaces (CLI)

Procedure

Step 1

Enter the show interface summary command to view the current dynamic interfaces.

Step 2

View the details of a specific dynamic interface by entering this command:

show interface detailed operator_defined_interface_name .

Note

Interface names that contain spaces must be enclosed in double quotes. For example: config interface create "vlan 25"

Step 3

Enter the config wlan disable wlan_id command to disable each WLAN that uses the dynamic interface for distribution system communication.

Step 4

Enter these commands to configure dynamic interfaces:

config interface create operator_defined_interface_name {vlan_id | x}
config interface address interface ip_addr ip_netmask [gateway]
config interface vlan operator_defined_interface_name {vlan_id | o}
config interface port operator_defined_interface_name physical_ds_port_number

config interface ap-manager operator_defined_interface_name {enable | disable}

Note

Use the config interface ap-manager operator_defined_interface_name {enable | disable} command to enable or disable dynamic AP management. When you enable this feature, this dynamic interface is configured as an AP-manager interface (only one AP-manager interface is allowed per physical port). A dynamic interface that is marked as an AP-manager interface cannot be used as a WLAN interface. You cannot use ap-manager as the operator_defined_interface_name while configuring a dynamic interface as ap-manager is a reserved name.

config interface dhcp operator_defined_interface_name ip_address_of_primary_dhcp_server [ip_address_of_secondary_dhcp_server]

config interface quarantine vlaninterface_name vlan_id

Note

Use the config interface quarantine vlan interface_name vlan_id command to configure a quarantine VLAN on any interface.

config interface acl operator_defined_interface_name access_control_list_name

Step 5

Enter these commands if you want to be able to deploy your controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT):

config interface nat-address dynamic-interface operator_defined_interface_name {enable | disable}
config interface nat-address dynamic-interface operator_defined_interface_name set public_IP_address

NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller’s intranet IP addresses to a corresponding external address. The controller’s dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.

Note

These commands are supported for use only with one-to-one-mapping NAT, whereby each private client has a direct and fixed mapping to a global address. These commands do not support one-to-many NAT, which uses source port mapping to enable a group of clients to be represented by a single IP address.

Step 6

Enter the config wlan enable wlan_id command to reenable each WLAN that uses the dynamic interface for distribution system communication.

Step 7

Enter the save config command to save your changes.

Step 8

Enter the show interface detailed operator_defined_interface_name command and show interface summary command to verify that your changes have been saved.

Note

If desired, you can enter the config interface delete operator_defined_interface_name command to delete a dynamic interface.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)