Cisco 4402 Configuration Guide - Page 9

The WCS, MSE and LA administration software - wireless controller

Get Cisco 4402 - Wireless LAN Controller PDF manuals and user guides
UPC - 882658039997
View all Cisco 4402 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

established by means of the Management address. The Management and AP Manager addresses should be located in the same subnet. It does not matter which IP addresses in a subnet are used for this purpose, but the addresses should be located in a subnet which is protected against general access, designated "Admin Network" in Figure 1. Strict data filter rules must apply to Admin Network, with access only for specific purposes. The controller must also be represented in all the VLANs it is to serve via the wireless network. Traditionally, the first network address in the subnet is used as the router address. It does not matter which address is used for the controller, but as a matter of form we recommend using an address located immediately after the router. Management IP address: In a restricted administration network AP Manager IP address : In the same restricted administration network NB: For 5500 series controllers, it is not necessary to configure an AP Manager address. The Management interface acts as an AP Manager interface by default and the APs will associate themselves with this interface. WCS's address in the service VLAN - Near the beginning of the address space in the relevant VLAN Filter: - If CAPWAP(*): UDP 5246 and UDP 5247 to/from access point VLAN - If LWAPP(*): UDP 12222 and UDP 12223 to/from access point VLAN In addition: - UDP 1812 to RADIUS - UDP 1813 to RADIUS - UDP 161 and 162 to/from WCS and any other management tools - TCP 443 or 80, 22 or 23 from units for administration (*) Beginning with controller software version 5.2, CAPWAP is used instead of LWAPP for communication between access pointaccess points and controller. 1.4 The WCS, MSE and LA administration software WCS runs under either Windows Server or Red Hat Linux. This can be on a virtual server. MSE and LA are separate hardware platforms which can be located on any subnet as long as they can communicate with WLC using SNMP, but access to these applications must, for security reasons, be restricted. Ideally they should be located on a subnet restricted to administrative use. This is represented by the "Operational Network" in Figure 1. WCS address: In a restricted administration network MSE/LA address: In a restricted administration network Filter: - UDP 161 and 162 to/from WCS 9

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
9
established by means of the Management address. The Management and AP Manager addresses
should be located in the same subnet.
It does not matter which IP addresses in a subnet are used for this purpose, but the addresses should
be located in a subnet which is protected against general access, designated “Admin Network” in
Figure 1. Strict data filter rules must apply to Admin Network, with access only for specific purposes.
The controller must also be represented in all the VLANs it is to serve via the wireless network.
Traditionally, the first network address in the subnet is used as the router address. It does not matter
which address is used for the controller, but as a matter of form we recommend using an address
located immediately after the router.
1.4
The WCS, MSE and LA administration software
WCS runs under either Windows Server or Red Hat Linux. This can be on a virtual server. MSE and
LA are separate hardware platforms which can be located on any subnet as long as they can
communicate with WLC using SNMP, but access to these applications must, for security reasons, be
restricted. Ideally they should be located on a subnet restricted to administrative use. This is
represented by the “Operational Network” in Figure 1.
Management IP address: In a restricted administration network
AP Manager IP address : In the same restricted administration network
NB: For 5500 series controllers, it is not necessary to configure an AP Manager
address. The Management interface acts as an AP Manager interface by
default and the APs will associate themselves with this interface.
WCS’s address in the service VLAN
- Near the beginning of the address space in the relevant VLAN
Filter:
- If CAPWAP(*): UDP 5246 and UDP 5247 to/from access point VLAN
- If LWAPP(*): UDP 12222 and UDP 12223 to/from access point VLAN
In addition:
- UDP 1812 to RADIUS
- UDP 1813 to RADIUS
- UDP 161 and 162 to/from WCS and any other management tools
- TCP 443 or 80, 22 or 23 from units for administration
(*) Beginning with controller software version 5.2, CAPWAP is used instead
of
LWAPP for communication between access pointaccess points and controller.
WCS address: In a restricted administration network
MSE/LA address: In a restricted administration network
Filter:
- UDP 161 and 162 to/from WCS