Powered by Squarespace
Popular Categories
Blog Posts
Discussion Activity
Cisco Live 365
« Cisco WLC (Wireless LAN Controller) Series - IP & VLAN Planning | Main | Cisco WLC (Wireless LAN Controller) Series - Introduction »

Cisco WLC (Wireless LAN Controller) Series - Building Blocks

In this part II of the Cisco WLC Series, I’ll attempt to show the relationships between the basic building blocks in a concise and meaningful way.  We’ll cover:

  1. Ports
  2. Interfaces (Service, Management, Dynamic)
  3. Interface Groups
  4. WLANs

To jump to the beginning of this series, see the Introduction.


The ports on the Wireless LAN Controller (WLC) consist of the physical (PHY) ethernet interfaces that tie into the upstream L2 or L3 switchports.  These are usually configured to be in a Link Aggregation Group (LAG) for redundancy on the same upstream switch unless you running VSS or equivalent to have a channel group across switch chassis.


Interfaces are logical constructs that overlay the Ports.  Most of your Wireless LAN (WLAN) configuration involves various VLANs.  These VLANs are expressed in dynamic Interfaces where the VLAN ID is defined.  VLAN 19, for example, could get tied to an interface named Employees.  Other interfaces include the Service interface for out-of-band management, using the dedicated service port, or the Management interface for administrative control.  Note the Service and Management interfaces must use different VLANs.

Interface Groups

Interface Groups allow two or more dynamic interfaces to be grouped together.  This permits a WLAN configuration — see below — to be able to use more than one VLAN for clients on a given WLAN.  For example, VLAN 19 and 29 could be grouped together.

WLANs (Wireless LANs)

WLANs pull most of the WLC componenst together.  Here, SSIDs are defined along with their L2 and L3 security policies, and bound to either an Interface or Interface Group.  Note that the Interface can be overridden with Access Point groups that are discussed later in this series.  L2 security is often WPA2 with 802.1X for enterprises.  L3 security is usually not defined except for guest access requiring web authentication. SSID broadcasting also gets enabled here.  One WLAN could define Employees and another WLAN could define Guests.

In subsequent sections in this series, we’ll touch topics on:

  1. IP and VLAN Planning for wireless
  2. DHCP Proxy
  3. AP Groups
  4. Guest wireless (without an auto-anchor)
  5. Mobility Group & Domain


Sections in this series (completed):

  1. Introduction
  2. Building Blocks (this article)
  3. IP & VLAN Planning



Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Textile formatting is allowed.