3-7
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 3 Configuring Ports and Interfaces
Overview of Ports and Interfaces
to distribution system port 1 and given a unique IP address. Configuring the AP-manager interface on
the same VLAN or IP subnet as the management interface results in optimum access point association,
but this is not a requirement.
Note
If LAG is enabled, there can be only one AP-manager interface. But when LAG is disabled, you must
assign an AP-manager interface to each port on the controller.
Note
If only one distribution system port can be used, you should use distribution system port 1.
The AP-manager interface communicates through any distribution system port by listening across the
Layer 3 network for access point CAPWAP or LWAPP join messages to associate and communicate with
as many lightweight access points as possible.
Note
Port redundancy for the AP-manager interface is not supported. You cannot map the AP-manager
interface to a backup port.
Note
Refer to the
“Using Multiple AP-Manager Interfaces” section on page 3-35
for information on creating
and using multiple AP-manager interfaces.
Virtual Interface
The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol
(DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the
DNS gateway host name used by Layer 3 security and mobility managers to verify the source of
certificates when Layer 3 web authorization is enabled.
Specifically, the virtual interface plays these two primary roles:
•
Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP
server.
•
Serves as the redirect address for the web authentication login page.
Note
See
for additional information on web authentication.
The virtual interface IP address is used only in communications between the controller and wireless
clients. It never appears as the source or destination address of a packet that goes out a distribution
system port and onto the switched network. For the system to operate correctly, the virtual interface IP
address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address
as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and
unused gateway IP address, such as 1.1.1.1. The virtual interface IP address is not pingable and should
not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a
backup port.