WLC design question

Hello NetPros,

I really need someone to clarify a few things about ssid/interfaces/VLAN!

I would like to put a wlc to a central site and have the lwapps installed in remote locations.

There is layer 3 between the central site and remote sites connectivity.

Suppose that the management interface of the WLC is vlan 10 on HQ site. Then I have 2 LANs wireless VLAN 20 and 30.I have created interfaces in WLC under separate subnets and their partner to the SSID.

My concern is this: VLAN 10,20, and 30 is created on the L3 switch that is directly connected to the WLC via trunk port. I create a VLAN 20.30 on the remote switches as well in order for the clients to connect to wireless LANs?

To be more precise, what configuration is required on the side of switches (site HQ / remote) in order to implement?

Thank you people!

If you want to * ALL * your wireless traffic to your remote sites to go back through your WLC to your HQ then yes it is correct, you will not need to build each VLAN on each switch on remote sites.  Wireless traffic will be placed in a tunnel secure LWAPP/CAPWAP and travel on your back layer 3 to your HQ and put an end to the WLC.  The WLC will then pass the traffic on its ports the to your HQ switches.

However, if you configure REAP H access points to your remote offices, then the configuration should be different.  REAP: allows to switch the traffic to the remote desktop on the remote desktop instead of tunneling switch it all back to the front controller is done move to the network.  It is local vs. centralized switching of switching. Maybe that remote users will have access to their remote cable network from the wireless remote (maybe they have a local storage device in the office and want to be able to connect wireless without having to have ALL that data travel back at the HQ of routing office).  In this scenario, you would have to create all the VLANS on remote sites like you for the first time.

See the attached photo, which shows how REAP H works.  If you have both your AP radio wireless LANs, we can be a switched local WLAN REAP H and the other can be switched to the Center to the WLC (perhaps for customers who do not require local access)

Tags: Cisco Wireless

Similar Questions

  • ISE design question

    I have a few design questions about ISE v.1.0.4.573

    1. The ISE 3395 gigabit ports are supported on the aggregation of links?  How can I use all 4 ports uplink?
    2. When you perform an installation of 2 x 3395 HA, is there a connection of heart rate between the two ISE or they will use the same link to the network of pulsing and synchronization?
    3. I'm designing ISE with WLC. My setup WLC (5508) looks like 5 floors with different VLAN but same SSID. How can I do ISE authenticate in this scenario because WGB AP is not supported in ISE v.1.0. Is there a work around for this type of WiFi to the ISE configuration?
    4. Continuous configuration above, roaming from one floor to another floor after changing of Vlan, the user will be re - authenticate or use the same session?

    Thanks for the help.

    Kind regards

    Zohaib

    1. the current version does not support the aggregation of links...

    2. they use the same link to the network of pulsing and synchronization.

    3. my suggestion is to assign your SSID, a group of interfaces, containing all interfaces belonging to your VLAN, on your WLC and set AAA replacement. And then, at ISE, create authorization profiles include the appropriate VLAN. Use the Called-Station-ID RADIUS attribute with your MAC address of the AP as a condition.

    4. they use the same session.

  • Upgrade for the WLC code questions

    We 6.0.132 (lastest) WCS and our controllers are on 4.2.130, we now to upgrade to deal with sometimes, but don't want to capwap yet.

    Question 1: what is the last exit LWAPP code?

    Question2:Whats the differences between 4.2.207 (support page for cisco said it's the latest version), but it has same releases with ie 6.0 how it works it is very confusing workout a way to upgrade to higher versions

    See you soon

    Hi Tyrone,

    I'm not an expert on the management of versions, but here are some basic in response details

    at your request

    4.2.207 is the last version on the Train of 4.2 and is without doubt an excellent choice

    If you are avoiding CAPWAP for now. You will see in the link below which

    There are several 'simultaneous' for the WLC Trains (and most of the Cisco product). People

    were not big fans of the first Trains 5.x (quite buggy) and was introduced to CAPWAP

    in 5.2 and the attacker thus is why 4.2.207 seems to be a good choice for you

    In the later version or 5.2 controller software version, Cisco lightweight access points use the IETF control and commissioning of Access Points (CAPWAP) standard protocol to communicate between the controller wireless and other points of light access on the network. Versions software controller before 5.2 use the Lightweight of Point access (LWAPP) Protocol to these communications.

    CAPWAP, which is based on LWAPP, is a standard and interoperable protocol that allows a controller manage a collection of wireless access points. CAPWAP is implemented in version 5.2 software controller for these reasons:

    *

    To provide a path for upgrade of Cisco products that use LWAPP generation Cisco products that use CAPWAP
    *

    To manage RFID readers and similar devices
    *

    To allow controllers to interoperate with third party access points in the future

    LWAPP compatible access points can discover and join a CAPWAP controller, and conversion to a controller of CAPWAP is transparent. For example, the process of discovery of controller and firmware download process when using CAPWAP are the same as when you are using LWAPP. The only exception is for layer 2 deployments, which are not supported by CAPWAP.

    You can deploy CAPWAP and LWAPP controllers on the same network. The CAPWAP compatible software allows access points join to be a controller running CAPWAP-LWAPP. The only exception is the Access Point Cisco Aironet 1140 series, which takes in charge only CAPWAP and joined so only controllers that run CAPWAP. For example, 1130 series access point can reach a controller running CAPWAP or LWAPP considering that access of series 1140 point can join only a controller running CAPWAP.

    http://www.Cisco.com/en/us/products/ps6366/products_qanda_item09186a008064a991.shtml

    4.2.207 was released on July 24, 2009 which makes the new second version available on any train.

    http://www.Cisco.com/en/us/products/ps6366/prod_release_notes_list.html

    See you soon!

    Rob

  • vSphere 5.0 and 5.5 SSO design question

    Hi all

    Currently we have a configuration with two virtual center servers installed.  One at our Production site and one on our site of Dr.  Our site of Production and the location of the DR are in a different location in the city, they are currently on a dish network, but this is subject to change to treat us like a totally different place.  We also currently do not use vCenter Linked Mode because we don't have two vCenters and like separation, however if its requried we can install it.

    The plan is to upgrade the DR site first to iron out everything before the upgrade of the production, with that said we where thinking about install SSO as such:

    http://www.VMware.com/files/PDF/vCenter/VMware-vCenter-Server-5.5-technical-whitepaper.PDF

    Page 11: I joined the design image

    We think where to install the first SSO on the site of DR and when completely modernize us our production site install an another SSO as another site to keep the replcatio SSO in place aka option:

    vCenter Single Sign-On for an additional vCenter server with a new site

    The end config looks like the second ssoconfig2 of attachment

    I wanted to just a few oppinons on this choice and if this is the best way to go with what we design.


    Any help is greatly appricated,


    Thank you

    Hello

    I mean, this is Option 3 will be necessary if you want to use related modes.

    With regard to your questions:

    1. Yes, you can keep the two separate vCenter and a simple installation or see option 1 install both

    2 linked Mode requires option 3 works. But you can still use Option 3 without related modes if you want to have the replication of single-domain SSO (means that if you create a user in SSO VC1, it is replicated to the other SSO).

    Let's say you do not use option 3 for your second vCenter, subsequently if you decide to use bound mode, you must uninstall and reinstall SSO for your second vCenter to shape Option 1 to 3 Option replication of your first vCenter

  • Fashion design question (several sites)

    Hello

    I test View5 to vSphere5 and I have a question of design across multiple locations. See the image below. We have two locations, each has its own data center. Unfortunately, these two specific locations are currently connected only via an internet VDSL 20/20 Mbit connection and it is now improving.

    The LOCATION 2 is actually an office with many clients and also its own small data center (also based in vSphere5). The primary data center is in LOCATION 1 and is where I would put all my workstations virtual (not only for LOCATION 2, but for all the other places as well) and where the view connection manager will be. The problem is that on the LOCATION 2 (office) there are some servers of files users on this site using heavily.

    Question No. 1:

    (a) selling virtual offices on LOCATION 1-> in this case PCoIP will provide me with a pretty good connection, the problem is to access the file is used on 1 LOCATION of virtual desktops (it's GREEN Lane).

    (b) selling virtual desktops on the LOCATION 2-> in this case will have to go through the Manager connections, then the Virtual Office on the 2 LOCATION and to the customer... no idea no how this work (it's the PURPLE path)... it seems like a heavy network load? However, that could result in a quick access to files on the LOCATION 2 servers.

    Another solution is to put the Connection Manager view also in LOCATION 2, but that would make me administer another system, and I want to keep things simple.

    What do you suggest me?

    Question No. 2:

    I have to route traffic to LOCATION 2 to 1 of the LOCATION where the view connection manager lives by VPN or is the PCoIP traffic encrypted by itself and is OK to put it in the DMZ (controlled)?

    Thanks for the help!

    1986788.png

    The Orange path in the attached picture would be more precise if secure tunneling has been disabled?

  • Blackberry design question

    Hi all

    I developed Blackberry application development using native blackberry.  In what I have to add several resolution devices supported.  In the design point of view I fill and margins to the fields in my screen. So I think that's not good programming.

    Please someone tell me any way to write code in blackberry supports all resolutions (i.e. jre 6 and 7).

    After going through many links I got information about LWUIT components. So please someone tell me what is the best use of coding or LWUIT native blackberry to blackberry.

    Thanks in advance

    Simon suggested, I wrote some of my thoughts as part of a number of tutorials, see here:

    http://supportforums.BlackBerry.com/T5/Java-development/tutorials-for-new-developers-part-1/m-p/1621...

    I think the user interface of one is 10 tutorial.

    As Simon said, the thing with the user interface is either:

    (a) the creation of a specific Interface for the form factor, you post (so it comes to take into account the size of the screen (pixels), resolution (DPI) and orientation)

    (b) creating a General UI that is appropriate at run time to match the form factor.

    For most applications where you don't need pixel perfect poster, I think that (b) works very well, there are a variety of approaches you can use.  Take a look at this tutorial.

    For example, Simon chooses the UI (such as icons) in assets based on the screen resolution, so choose icons of different size according to the screen (Android does something similar, and you can do this same sort of thing in BB10).  Otherwise, I'm trying to understand the bigger picture in construction and he adapts the device.  My experience is that the scale on the device works OK, but I suspect that some will say an image of 96 x 96 pixels scaled down the device to 64 x 64 pixels could not look as good as the image 64 x 64 prepackaged, try and see.

  • Nexus 5600 HSRP design question for VLAN stretched between 2 areas of vPc.

    To our new data center network, I have 4 5672UP Nexus in two data centers. Between data centers is a redundant vPc with fiber 2x10Gb. I have configured two areas VPC, one for each data center. I read that HSRP within a VPC domain is active/inactive, but I wonder what would be the right way to configure the HSRP configuration for the VLAN tense because they are two areas different vPc?

    If you need isolation of FHRP between sites, this can be achieved by configuring the HSRP authentication in the same place so stop the HSRP Hellos between the treatment sites and allow each site to act in active / standby. Due to the HW on the 5600 Nexus architecture, control plane packets multicast are punted to the CPU, ignoring any PACL or MAC - ACL. So with a PACKAGE, you will not be able to filter the Hellos HSRP, ARP, BPDU, etc. that need to go to the CPU, because there is an ACL predefined to redirect traffic to control CPU and this ACL that overrides the ACL configured by the user. It is advisable to set up "no arp ip free hsrp duplicate" to repress unnecessary GARPs at each location in this design as well. Note 4-way HSRP is supported only on the latest versions of NX - OS, see also CSCuy89705.

    Another solution is to run FabricPath DCI with Anycast HSRP, which will allow all the 5600 to act as an active gateway by default, refer to page 22 of the FabricPath Cisco best practices.

    -Jeffords Tyler

  • Sip Trunk design question

    Hello

    I have a requirement to pass an h323 to SIP environment environment. I'm looking for good practices, especially around security. I have 2 servers CUCM (8.5) in cities separated for redundancy. I have also 2 voice gateways which, at the present time, h323 to the PSTN, are each located in different cities.

    My requirements are:

    1. create a sip trunk instead of the supplier of the use of PRI.

    2 If the Wan link fails on a gateway provider, router replacing in the other location should be able to receive installation messages and if a user connects via extension mobility, should be able to answer the call.

    Is there a simplified design docos on for this? I hesitate to create a SIP trunk directly to the supplier for safety, thus thinking to end the call on the routers of voice with the CUBE. I am sure that it is managed from the factory and would appreciate comments.

    See you soon!

    Pieter

    Simple answer use ALWAYS the CUBE.  With IOS 15.1 T and more you have security against fraud free of charge that you can use to restrict which can address IP contacted the CUBE, that's all you need.

    HTH,

    Chris

  • Double firewall, config VPN design question?

    All,

    I'm looking to implement a design of double firewall with different suppliers, i.e. Cisco at the front and another seller behind that. The Cisco ASA will manage the ends of the VPN. It's a design recommended to us.

    The reason was the front towards the firewall (cisco) will block most of the noise, and then the second firwall will make inspection of the IPS etc. Apparently, this is also done incase there are vulnerabilities with the first provider. The DMZ interface will in fact come the second firewall.

    I am currently working, what if all remote users terminate their VPN at the edge of the ASAs, what is the best way have to move towards the second firwall, then again on the internet so we can apply the policy to users / and inspection?

    There are no facilities on the front to ASAs IPS inspection, just a bog without visibility L7 stock Firewall (as this responsibility will lie with the second firewall).

    Looking for information so that I can start looking...

    The MCV is a great place to start.

    http://www.Cisco.com/en/us/solutions/ns340/ns414/ns742/ns1128/landing_iEdge.html

  • Newbie design question

    Try to understand how it works under the covers, so I can make better design decisions.

    I understand that phonegap is basically web browser running your application on the phone. When you build your installation iphone (I've never done that), is that basically take all your web stuff (files, html, images, js, etc) and wrap them as an "application" and put them on the phone of the person (in your "app") and run the whole thing locally (via phonegap) as a web server? That means that when you load index.html, it loads a local copy (on the phone) and not a http://mywebsite/index.html version.

    If this is the case, then I guess that means php calls are made via ajax or something, to my external Web server, and I guess I have to whitelist (I read that somewhere) or something.

    but the main key, I guess, is that the app on the phone seems to work a browser and small database web server too?

    Not quite.

    Assets (html, js, css, graphics) is stored in the app bundle and displayed in a native Webview component.

    There is no local server involved.

    PhoneGap is just the tool. It prepares your hybrid application signed .apk, .ipa, etc.

    PhoneGap is not active at run time! There is just a piece of javascript, which is included in your assets, to act as a bridge between your local native javascript and plugins.

    Scripts on the server side are to perform on a remote server on communication ajax (or via a socket). You design your app server MVC - ish.

  • Database design question

    Hello, I have a one-to-many relationship problem when designing a store management system. Each store can have several names, but there at least a name. Any suggestion? Thank you

    Try this:

    CREATE TABLE MyStores

    (

    --E t c...

    , Store_Name_Id VARCHAR2 (7) NOT NULL

    CONSTRAINT Fk_Store_name

    REFERENCES Store_Names_Tab (Name_Id)

    -- ...

    )

  • vCenter Expansion Design Question

    Hi all


    Currently, I have a relatively small environment with 4 guests in our location of companies in the United States and two guests to a second place in Europe.  I find that the number of virtual machines running in our environment Europe develops more and more.  I've been actively weighing the merits of adding a vCenter Server Appliance to our environment in Europe.  I have a few questions which I hope are simple which you can help with.  If you experience of the best that I look at the documentation for my answers, links to documentation would be very useful!

    1. If I add a vCenter Server Appliance to our VMWare Cluster in Europe, it connects to the database of vCenter running in our business location?  Alternatively, the vCenter device would simply manage the cluster in our European office location?
    2. If the answer to 1 above is that the device will manage vCenter only clusters in Europe, does that mean that I will be able to see an environment at a time when I opened my vSphere client?
    3. Require the device vCenter vCenter another license?

    This will be it.  Thanks in advance for your advice!


    S

    Hi Sean,.

    If I add a vCenter Server Appliance to our VMWare Cluster in Europe, it connects to the database of vCenter running in our business location?  Alternatively, the vCenter device would simply manage the cluster in our European office location?

    vCSA comes with a database (vpostgres) built-in and you can also link it with externam oracle DB (MSSQL is not supported). And NO, he won't already existing DB.

    If the answer to 1 above is that the device will manage vCenter only clusters in Europe, does that mean that I will be able to see an environment at a time when I opened my vSphere client?

    Yes, you need to connect individually as related modes is not supported on vCSA.

    Require the device vCenter vCenter another license?

    VCSA Yes you have to purchase another license to manage the two hosts.

  • DW CC - Responsive Design: Questions about properties inherited from CSS

    Hey all.

    I learn a lot, but I've only been designing web sites for a short time now.  I use Dreamweaver CC and use sensitive design patterns.

    Here's the long and short of it:

    The delicate design model uses 3 @media CSS selectors in the following hierarchy:

    -Global: (less than broad 481px)

    -Tablet: (between 481-wide 768px)

    -Desktop computer: (above 769px, 980px wide max)

    As you can see, overall is 'Mobile' design, but it is at the top of the hierarchy.

    I'm trying to display: no the .header h1, h2, p ONLY in the .header of mobile display.

    (No media selector: IE: overall)

    .header h1, h2, p {
          display: none;
}

    The problem is all h1, h2, and p in the css elements all have disappeared.  Even those of other classes in the other views.

    I did something wrong?  How can I create a selector for the (global) .header class it will affect, say, .other_class ?

    Get it; If I change something in the world, nothing further down in the hierarchy must be attached.  That is done through the display: xxxx ?

    Example:

    /* Global Settings: Mobile format (less than 481px wide)*/

.header h1, h2, p {
     display: none;
}


/* Tablet Layout: 481px to 768px. Inherits styles from: Mobile Layout. */
@media only screen and (min-width: 481px) {

.header h1, h2, p {
     display: compact;
}
}

    Any help is appreciated.  I can post full CSS / HTML if necessary.   I thought that these excerpts should be sufficient to demonstrate, though.

    Hello

    To change the display only in the mobile layout, you will need to use a media query, otherwise it will apply to all screen sizes-

    @media only screen and (max-width: 480px){

    .header h1, h2, p {
         display: none;
    }

    }

    PZ

  • Simple analysis of design Question before designing dimensions and facts

    Hi I have a simple question... (I think its simple)

    Suppose I have the following intermediate table with the following columns:

    ---------------------------------------------------------------------------
    Student_Name | RollNo. Test_Date | Object-plug
    --------------------------------------------------------------------------
    with data such as
    Kevin | 123 | 04/12/2010 | Physics

    Now suppose I want to create a cube based on the above table so that I can successfully get the result of a query like

    List the names of all of those students who took the test b & w 04/12/2010 on 2010-12-05 of Physics of matter

    Here, what I need to know what size/levels would be u together and what would be our doing?

    I think that one dimension would be time ( , but I don't know how I would like to welcome and manage duration... no idea )
    would it not be wise to make each column a dimension? for example the student_nanme dimension and the details of the student attribute?

    in any case the key is what bothers look me at the query, we see that we are required to 3 things the name of the student and the TestDate, subject pulled so if I do 3 columns the size I'm still not sure that I would be able to accommodate the request properly... any ideas on how to address and manage these situations

    Published by: Johnacandy on December 14, 2010 09:26

    Dimensions: STUDENT, TEST_DATE (role of TIME dimension) and OBJECT/CLASS.

    Yet you did not mention the measures, perhaps TEST_RESULT? If this isn't the case, it's a factless fact table.

  • New LiveCycle form design Question

    I'm a LIveCycle v8.2.1 help. We currently have several Word Perfect forms that are built out of macros. The user opens the Word Perfect form & a box will appear asking different questions, such as name, address, location, etc. once the issues are all the answers to these questions are dumped in some areas of the shape with the pre-written words.

    My question is, can I do the same with Adobe LiveCycle? I know I can insert menu drop-down boxes & stuff with LiveCycle but is the pop up boxes so that users can enter their name, for, of, etc. possible?

    Basically, I just want to be able to create something for the user to open a form named memo.pdf. As soon as they open it, it get a pop up box asking them their names, what will this memo, and the subject. As soon as they enter the last item (subject) and click Next or OK, all these information in unrolling boxes are filled to the memo in the areas of effect... is it possible?

    You can use an app.response (documenteed in Acrobat javascript API) questions from popup and return responses in variables.

    something like this:

    var response = app.response ("what is your name?")

    After that the user answers the question the answer is contained in the response variable. They can choose different options can be tested to ensure that they don't leave your question. See the documentation for the correct codes for each possible answer.

    Paul

Maybe you are looking for