I thought I’d share some example configuration for a scenario where you may have Cisco WLCs connecting to either one or two Advanced Services Routers (ASR) for the Layer 3 core as opposed to a Layer 3 switch. If you’ve ever configured an ASR (in this case an ASR920) you’ll know that the configuration of VLAN interfaces and 802.1Q trunking is much different to an ISR or Catalyst switch.
In this scenario there were two 5520 WLCs in a HA pair (both in the same data centre) each with single 10Gbps uplinks to an ASR920 (primary & secondary). ‘Why no LAG?’ you might ask. The ASR920 only supports LACP with active and passive modes, it doesn’t support ‘channel-group X mode on‘ which is required for LAG.
Here is example configuration for the WLC management interface (trunked for centrally-switch wireless LANs) on one ASR 920 (the config is the same on both ASRs) with some sample VLAN numbers:
interface GigabitEthernet0/0/22
description WLC-P001|Port 1|WLC 1
no ip address
load-interval 30
negotiation auto
cdp enable
service instance 1 ethernet
description Native - VLAN 1
encapsulation untagged
l2protocol peer cdp
bridge-domain 1
!
service instance 200 ethernet
description mgmt1
encapsulation dot1q 200
rewrite ingress tag pop 1 symmetric
bridge-domain 200
!
service instance 201 ethernet
description wifi1
encapsulation dot1q 201
rewrite ingress tag pop 1 symmetric
bridge-domain 201
!
service instance 202 ethernet
description ap1
encapsulation dot1q 202
rewrite ingress tag pop 1 symmetric
bridge-domain 202
!
service instance 220 ethernet
description data1
encapsulation dot1q 220
rewrite ingress tag pop 1 symmetric
bridge-domain 220
!
service instance 221 ethernet
description gue_wifi1
encapsulation dot1q 221
rewrite ingress tag pop 1 symmetric
bridge-domain 221
!
service instance 222 ethernet
description gue_wifi2
encapsulation dot1q 222
rewrite ingress tag pop 1 symmetric
bridge-domain 222
!
service instance 660 ethernet
description data1
encapsulation dot1q 660
rewrite ingress tag pop 1 symmetric
bridge-domain 660
!
service instance 661 ethernet
description voice1
encapsulation dot1q 661
rewrite ingress tag pop 1 symmetric
bridge-domain 661
!
end
Note: you need to include bridge domain 1 as untagged for CDP and other Layer 2 protocols to work across the link.
Here is an example of an access port uplink, such as the WLC CIMC interface:interface
GigabitEthernet0/0/23
description WLC-P001|CIMC|WLC 1
no ip address
load-interval 30
negotiation auto
cdp enable
service instance 200 ethernet
description mgmt1
encapsulation default
bridge-domain 200
!
end
I hope that helps someone with a similar deployment in future!
Shout out in the comments if you need a hand with ASR bridge domain/Layer 3 interface configuration.
Wi-Fi Coops 