Search This Blog

Friday, 31 December 2010

Routing a Cisco WLC 'service' port.

We have an almost 100% Cisco VoIP Wireless installation (apparently when it was installed the biggest in Europe) with 300 7921 handsets all hooked up to 4400 Wireless LAN controllers and a Wireless Control System.  Installed by TouchBase.


Once tuned this has worked pretty flawlessly and has pretty much been left alone.


We've recently started to implement Zenoss enterprise running out of our North American data centre and wanted to obviously add the WLC appliances.


Problem.  Our enterprise uses an RFC1918 10.0.0.0 subnet which is WAN routable.  The WLC's are configured as per the Cisco doc with the management port using a 172.16.0.0 subnet, not WAN routable.  or not a subnet we want to route.  The 172.16 was only ever intended as the isolated network for the WLC and AP's.



I looked into changing the MGT port IP - got scared as the AP's need to use it for the initial LWAPP b'cast, they then switch to using the AP-Manager port, also on the same subnet.  What about using the service port ?


The APs & Management interface are on 172.16.##.0/24.  The Service port on 10.##.##.0/24.  Reading the documentation the rules are: 'Management' port for in band and 'service' for out of band management.  The Service port is by default not routable.  Which is fine for London as the core switches route 172.16.##.0 and we've historically used that interface.  But not if we wanted to use Zenoss without routing 172 across the WAN and as that subnet was only ever designed to be isolated thats not an option.

I found in the doc that you can add static routes which the service port will use.  I first tried assigning this using WCS, which would only apply the route to one controller.  Claiming the route already existed when you applied to the second - gotta love Cisco managment software, it always does 'most' of what you need, never all.  So I static routes on EACH WLC (ie : not the recommended way).  But this works.  The service ports are now accessible across the WAN and so far work fine.

I've reset a couple of APs and they also seem fine.  Fingers crossed.