Cisco Cisco 2504 Wireless Controller トラブルシューティングガイド
The management interface is the default interface for in-band management of the controller and
connectivity to enterprise services such as Authentication, Authorization, and Accounting (AAA)
servers. The management interface is also used for communications between the controller and
APs. The management interface is the only consistently "pingable" in-band interface IP address on
the controller. The management interface acts like an AP manager interface by default.
connectivity to enterprise services such as Authentication, Authorization, and Accounting (AAA)
servers. The management interface is also used for communications between the controller and
APs. The management interface is the only consistently "pingable" in-band interface IP address on
the controller. The management interface acts like an AP manager interface by default.
The dynamic interface with the "Dynamic AP Management" option enabled on it is used as the
tunnel source for packets from the controller to the AP, and as the destination for CAPWAP
packets from the AP to the controller. The dynamic interfaces for AP manager must have a unique
IP address. Typically, this is configured on the same subnet as the management interface, but this
is not necessarily a requirement. In the case of the Cisco 2500 Series Wireless Controller, a single
dynamic AP manager can support any number of APs. However, as a best practice, it is
suggested to have 4 separate dynamic AP manager interfaces and associate them to the 4
Gigabit interfaces. By default, the management interface acts like an AP-manager interface as well
and it is associated to one Gigabit interface. As a result, if you use the management interface, you
need to create only 3 more dynamic AP manager interfaces and associate them to the remaining 3
Gigabit interfaces.
tunnel source for packets from the controller to the AP, and as the destination for CAPWAP
packets from the AP to the controller. The dynamic interfaces for AP manager must have a unique
IP address. Typically, this is configured on the same subnet as the management interface, but this
is not necessarily a requirement. In the case of the Cisco 2500 Series Wireless Controller, a single
dynamic AP manager can support any number of APs. However, as a best practice, it is
suggested to have 4 separate dynamic AP manager interfaces and associate them to the 4
Gigabit interfaces. By default, the management interface acts like an AP-manager interface as well
and it is associated to one Gigabit interface. As a result, if you use the management interface, you
need to create only 3 more dynamic AP manager interfaces and associate them to the remaining 3
Gigabit interfaces.
Note: If you use AP manager interfaces, the CAPWAP DISCOVERY packet that is sent
initially by the APs in order to discover the WLC is still sent towards the management
interface IP address. The management interface replies with a CAPWAP DISCOVERY
RESPONSE in order to give the list of AP manager interfaces of the WLC. This means that
the APs always need UDP 5246 and 5247 reachability to the controller management
interface and that the DHCP option 43 must mention only the management interface
IP address, not the AP manager IP addresses.
initially by the APs in order to discover the WLC is still sent towards the management
interface IP address. The management interface replies with a CAPWAP DISCOVERY
RESPONSE in order to give the list of AP manager interfaces of the WLC. This means that
the APs always need UDP 5246 and 5247 reachability to the controller management
interface and that the DHCP option 43 must mention only the management interface
IP address, not the AP manager IP addresses.
The virtual interface is used to support mobility management, DHCP relay, and embedded Layer
3 security like guest web authentication and VPN termination. The virtual interface must be
configured with an unassigned and unused gateway IP address. A typical virtual interface is
1.1.1.1. The virtual interface address is not pingable and should not exist in any routing table in
your network.
3 security like guest web authentication and VPN termination. The virtual interface must be
configured with an unassigned and unused gateway IP address. A typical virtual interface is
1.1.1.1. The virtual interface address is not pingable and should not exist in any routing table in
your network.
Dynamic interfaces are created by users and are designed to be analogous to VLANs for
wireless LAN client device. The Cisco 2500 Series Wireless Controller will support up to 16
dynamic interfaces. Dynamic interfaces must be configured on a unique IP network and VLAN.
Each dynamic interface acts as a DHCP relay for wireless clients associated to wireless LANs
(WLANs) mapped to the interface. A WLAN associates a Service Set Identifier (SSID) to an
interface and is configured with security, QoS, radio policies, and other wireless network
parameters. There can be up to 16 WLANs configured per controller. Management servers, such
as a radius server and NTP server, should not be in a dynamic interface subnet but should be
either in the management interface subnet or any other subnet not added to the WLC.
wireless LAN client device. The Cisco 2500 Series Wireless Controller will support up to 16
dynamic interfaces. Dynamic interfaces must be configured on a unique IP network and VLAN.
Each dynamic interface acts as a DHCP relay for wireless clients associated to wireless LANs
(WLANs) mapped to the interface. A WLAN associates a Service Set Identifier (SSID) to an
interface and is configured with security, QoS, radio policies, and other wireless network
parameters. There can be up to 16 WLANs configured per controller. Management servers, such
as a radius server and NTP server, should not be in a dynamic interface subnet but should be
either in the management interface subnet or any other subnet not added to the WLC.
Note: LAG is supported on the Cisco 2500 Series Wireless Controller only on Release 7.4
software code and later.
software code and later.
Configure the Neighbor Switch
By default, all four ports on the Cisco 2500 Series Wireless Controller are 802.1Q trunk ports. The
controller is always connected to a Gigabit Ethernet port on the neighboring switch. The neighbor
switch port is configured as an 802.1Q trunk and only the appropriate VLANs are allowed on the
controller is always connected to a Gigabit Ethernet port on the neighboring switch. The neighbor
switch port is configured as an 802.1Q trunk and only the appropriate VLANs are allowed on the