Chapter 3 Configuring Ports and Interfaces

Overview of Ports and Interfaces

Note If the service port is in use, the management interface must be on a different subnet from the service-port interface.

AP-Manager Interface

A controller has one or more AP-manager interfaces, which are used for all Layer 3 communications between the controller and lightweight access points after the access points have joined the controller. The AP-manager IP address is used as the tunnel source for LWAPP packets from the controller to the access point and as the destination for LWAPP packets from the access point to the controller.

The static (or permanent) AP-manager interface must be assigned to distribution system port 1 and must have a unique IP address. It cannot be mapped to a backup port. It is usually configured on the same VLAN or IP subnet as the management interface, but this is not a requirement. The AP-manager interface can communicate through any distribution system port as follows:

Sends Layer 3 messages through the network to autodiscover and communicate with other controllers.

Listens across the network for Layer 3 lightweight access point LWAPP polling messages to autodiscover, associate to, and communicate with as many lightweight access points as possible.

Note Refer to the “Using Multiple AP-Manager Interfaces” section on page 3-31for information on creating and using multiple AP-manager interfaces.

Note When LAG is disabled, you must assign an AP-manager interface to each port on the controller.

Virtual Interface

The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication and VPN termination. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.

Specifically, the virtual interface plays these three primary roles:

Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.

Serves as the redirect address for the Web Authentication Login window.

Note See Chapter 5 for additional information on web authentication.

Acts as part of the IPSec configuration when the controller is used to terminate IPSec tunnels between wireless clients and the controller.

The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and

Cisco Wireless LAN Controller Configuration Guide

3-6

OL-8335-02

 

 

Page 62
Image 62
Cisco Systems 3.2 manual AP-Manager Interface, Virtual Interface