Home > Cisco, LAN > Cisco WLC on ISM-SRE-300 module hosted by ISR2 router without EtherSwitch module

Cisco WLC on ISM-SRE-300 module hosted by ISR2 router without EtherSwitch module

ism-sre-300-k9

ism-sre-300-k9

To my surprise such a nice module as ISM-SRE-300-K9 comes with a very poorly written documentation when it comes to deploying it in a “non-standard” configuration. You can find it here .

Apparently, Cisco’s preferred way (and it’s indeed quite easy to do) of provisioning WLC on this module is to use a switching module within the same ISR2 chassis. In that case it’s really easy to switch necessary VLANs via MGF to an EtherSwitch module and then down to your network.

If you do not have a switching module then your options are NAT (this one is briefly explained in the aforementioned configuration guide) and bridging. I personally do not like the idea of NAT-ing packets out of WLC here as it’s Layer 3 and it is not the same thing as Layer 2, you know. I like thinking about wireless traffic as L2 frames  which get from their WLANs into relevant VLANs on the wired network. In this case you can deal with them the same way as with all other traffic – switch accordingly and then route IP encapsulated into these frames via your normal L3 device and apply all necessary security/QoS policies in the same place with all other traffic.

This leaves us with “classic” bridging option and a couple of problems associated with it. 

The idea is as follows:

  1. Interface ISM0/0 you connect as a routed interface:

    interface ISM0/0
     ip address x.x.x.x 255.255.255.252
     service-module ip address y.y.y.y 255.255.255.252
     service-module ip default-gateway x.x.x.x

    This is what your CAPWAP tunnel from APs to the WLC management interface will be coming through. I’ll leave it to you to configure a routing protocol to advertise this P2P subnet along with the management interface.

  2. Interface ISM 0/1 you connect as a switched interface (switching will be done via MGF)
    interface ISM0/1
     description Internal switch interface connected to Internal Service Module
     switchport mode trunk
     no ip address
  3. You enable bridging and configure relevant virtual interfaces. Let’s assume you have 2 VLANs for your SSIDs on WLC – 10 and 11:
    bridge irb
    bridge 10 protocol ieee
    bridge 10 route ip
    bridge 11 protocol ieee
    bridge 11 route ip
    
    interface BVI10
    ip address 192.168.10.2 255.255.255.0
    ip ospf shutdown
    
    interface BVI11
    ip address 192.168.11.2 255.255.255.0
    ip ospf shutdown
  4. You configure those VLANs on WLC and on the router and configure relevant virtual interfaces. I omit WLC configuration here (is it’s quite easy to do so in the WLC GUI) and list only the router side:
    interface Vlan10
     no ip address
     no autostate
     bridge-group 10
     bridge-group 10 spanning-disabled
    
    interface Vlan11
     no ip address
     no autostate
     bridge-group 11
     bridge-group 11 spanning-disabled
  5. Then you dedicate one of your router interfaces for WLC connectivity and do your normal dot1q trunk for the VLANs you’ve just created:
    interface GigabitEthernet0/2.10
     encapsulation dot1Q 10
     bridge-group 10
     bridge-group 10 spanning-disabled
    
    interface GigabitEthernet0/2.11
     encapsulation dot1Q 11
     bridge-group 11
     bridge-group 11 spanning-disabled

This is it. You should now be able to get your traffic from the air into your switched network.

A couple of comments to the above configuration. I assume you run OSPF and you do not want it on your router interface mapped to WLC (gi0/2). There is no point in STP either. Also, if you do not do “no autostate” your VLANs will be going down as you reboot the WLC and you will have to do “no shutdown” for them after each reboot of the WLC – thanks to Cisco TAC for the tip. Finally, in the DHCP configuration, for your APs to find the controller, you will need to specify Option 60 (not just Option 43), i.e.:

ip dhcp pool WiFi-APs
 network 192.168.12.0 255.255.255.0
 default-router 192.168.12.254 
 option 43 hex f104.xxxx.xxxx
 option 60 ascii Cisco AP c1104

where xxxx.xxxx is IP address of your WLC management interface in HEX and Option 60 contains the string for AIR-LAP1142N-E-K9  (I understand it’s different for different AP series).

Advertisements
Categories: Cisco, LAN Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: