© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 46 of 70
wireless mobility controller ip 20.1.3.2 public-ip 20.1.3.2
wireless management interface Vlan602
wlan Predator 1 Predator
aaa-override
client association limit 2000
client vlan 500
security wpa wpa2 ciphers tkip
security dot1x authentication-list ise
no shutdown
ap cdp
where 20.1.3.2 is the switch/wireless management IP address of the mobility controller switch, Vlan 602 is the
switch/wireless management interface, and Vlan 500 is the client VLAN that is spanned across from the mobility
controller switch.
Relevant similar configuration is done on the other member of the SPG1 on the MA2 switch, as seen in the
following:
wireless mobility controller ip 20.1.3.2 public-ip 20.1.3.2
wireless management interface Vlan603
wlan Predator 1 Predator
client vlan 500
security wpa wpa2 ciphers tkip
security dot1x authentication-list ise
no shutdown
ap cdp
where 20.1.3.2 is the switch/wireless management IP address of the mobility controller switch, VLAN 603 is the
wireless management interface, and VLAN 500 is the client VLAN that is spanned across from the mobility
controller switch.
Notice that the SPG definitions and the SPG membership are configured only on the mobility controller switch.
Only the mobility controller definition is configured on the actual mobility agent switches.
The SPG membership defined on the mobility controller is irrespective of the connectivity between the mobility
controller and mobility agent switches. The access network might be Layer 2 connected to the distribution and/or
operating in routed access design to the distribution. (See Figure 15.)