You can connect several different types of controller ports to your network:
* Service port - Used for out-of-band management, system recovery, and initial boot functions; always connects to a switch port in access mode
* Distribution system port - Used for all normal AP and management traffic; usually connects to a switch port in 802.1Q trunk mode
* Console port - Used for out-of-band management, system recovery, and initial boot functions; asynchronous connection to a terminal emulator (9600 baud, 8 data bits, 1 stop bit, by default)
* Redundancy port - Used to connect to a peer controller for redundant operation
Controllers can have a single service port that must be connected to a switched network. Usually the service port is assigned to a management VLAN so that you can access the controller with Secure Shell (SSH) or a web browser to perform initial configuration or for maintenance. Notice that the service port supports only a single VLAN, so the corresponding switch port must be configured for access mode only.
Controllers also have multiple distribution system ports that you must connect to the network. These port carry most of the data coming to and going from the controller. For example, the CAPWAP tunnels (control and data) that connect to each of a controller's APs pass across the distribution system ports. Client data also passes from wireless LANs to wired VLANs over the ports. In addition, any management traffic usin a web browser, SSH, Simple Network Management Protocol (SNMP), or Trivial File Transfer Protocol (TFTP) normally reaches the controller through the ports.
Because the distribution system ports must carry data that is associated with many different VLANs, VLAN tags and numbers become very important. For that reason, the distribution system ports always operate in 802.1Q trunking mode. When you connect the ports to a switch, you should also configure the switch ports for unconditional 802.1Q trunk mode.
The distribution system ports can operate independently, each one transporting multiple VLANs to a unique group of internal controller interfaces. For resiliency, you can configure distribution system ports in redundant pairs. One port is primarily used; if it fails, a backup port is used instead.
To get the most use out of each distribution system port, you can configure all of them to operate as a single logical group, much like an EtherChannel on a switch. Controller distribution system ports can be configured as a link aggregation group (LAG) such that they are bundled together to act as one larger link. With a LAG configuration, traffic can be load balanced across the individual ports that make up the LAG. In addition, LAG offers resiliency; if one individual port fails, traffic will be redirected to the remaining working ports instead.
You can enable Link Aggregation (LAG) on WLC 2504 ports 1 and 2 for redundant uplinks to an switch. In my wireless lab, I've connected WLC ports 1 and 2 to Sw1 ports 1 and 2 respectively.
You can use the WLC CLI command show lag summary to verify LAG status.
(Cisco Controller) >show lag ?
eth-port-hash Shows the physical port used for specific MAC addresses
ip-port-hash Shows the physical port used for specific IP addresses
summary Shows the current status of the LAG (Link Aggregation) configuration
(Cisco Controller) >show lag summary
LAG Disabled.
I've checked via CLI and the LAG was enabled but it needs a manual reboot.
(Cisco Controller) >show lag summary
LAG Enable is in transition. Pls Reboot the switch
(Cisco Controller) >reset ?
system Reset the switch.
(Cisco Controller) >reset system
The system has unsaved changes.
Would you like to save them now? (y/N) y
Configuration Saved!
System will now restart! Restarting system.
WLCNG Boot Loader Version 1.0.16 (Built on Feb 28 2011 at 13:14:54 by cisco)
Board Revision 0.0 (SN: PSZ172300U3, Type: AIR-CT2504-K9) (P)
Verifying boot loader integrity... OK.
<OUTPUT TRUNCATED>
While the WLC is rebooting, I've configured a Layer 2 EthernetChanel on the switch.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface range fastethernet0/1-2
SW1(config-if-range)#description ### L2 EtherChannel Trunk to WLC1 ###
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#
*Mar 1 01:54:48.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 1 01:54:48.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
SW1(config-if-range)#
*Mar 1 01:54:51.450: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 01:54:51.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
SW1(config-if-range)#
SW1(config-if-range)#channel-group 1 ?
mode Etherchannel Mode of the interface
SW1(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
SW1(config-if-range)#
*Mar 1 01:55:08.437: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 01:55:09.444: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
SW1(config-if-range)#interface port-channel1
% Command exited out of interface range and its sub-modes.
Not executing the command for second and later interfaces
SW1(config-if)#description ### L2 EtherChannel Trunk to WLC1 ###
SW1(config-if)#switchport mode trunk
SW1(config-if)#end
Verify the WLC LAG status either CLI or web GUI.
(Cisco Controller) >show lag summary
LAG Enabled
Go to Controller > General to see if the status changed to LAG Mode is currently enabled.
Below are some useful show commands to verify EtherChannel on a Cisco switch:
SW1#show run interface port-channel1
Building configuration...
Current configuration : 143 bytes
!
interface Port-channel1
description ### L2 EtherChannel Trunk to WLC1 ###
switchport trunk encapsulation dot1q
switchport mode trunk
end
SW1#show interface port-channel1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.c840.3583 (bia 0016.c840.3583)
Description: ### L2 EtherChannel Trunk to WLC1 ###
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa0/1 Fa0/2
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 4 packets/sec
6 packets input, 1968 bytes, 0 no buffer
Received 6 broadcasts (6 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 6 multicast, 0 pause input
0 input packets with dribble condition detected
756 packets output, 56755 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
WLC1 Fas 0/1 162 H AIR-CT250 Gig 0/0/1
WLC1 Fas 0/2 162 H AIR-CT250 Gig 0/0/2
SW1#show etherchannel ?
<1-48> Channel group number
detail Detail information
load-balance Load-balance/frame-distribution scheme among ports in
port-channel
port Port information
port-channel Port-channel information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/1(P) Fa0/2(P)
SW1#show etherchannel detail
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 8 // MAX PORTS FOR ETHERCHANNEL ON A 3560 SWITCH
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Fa0/1
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:03m:07s
Port: Fa0/2
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:03m:10s
Port-channels in the group:
---------------------------
Port-channel: Po1
------------
Age of the Port-channel = 0d:00h:15m:03s
Logical slot/port = 2/1 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/1 On 0
0 00 Fa0/2 On 0
Time since last port bundled: 0d:00h:03m:10s Fa0/2
Time since last port Un-bundled: 0d:00h:03m:16s Fa0/2
* Service port - Used for out-of-band management, system recovery, and initial boot functions; always connects to a switch port in access mode
* Distribution system port - Used for all normal AP and management traffic; usually connects to a switch port in 802.1Q trunk mode
* Console port - Used for out-of-band management, system recovery, and initial boot functions; asynchronous connection to a terminal emulator (9600 baud, 8 data bits, 1 stop bit, by default)
* Redundancy port - Used to connect to a peer controller for redundant operation
Controllers can have a single service port that must be connected to a switched network. Usually the service port is assigned to a management VLAN so that you can access the controller with Secure Shell (SSH) or a web browser to perform initial configuration or for maintenance. Notice that the service port supports only a single VLAN, so the corresponding switch port must be configured for access mode only.
Controllers also have multiple distribution system ports that you must connect to the network. These port carry most of the data coming to and going from the controller. For example, the CAPWAP tunnels (control and data) that connect to each of a controller's APs pass across the distribution system ports. Client data also passes from wireless LANs to wired VLANs over the ports. In addition, any management traffic usin a web browser, SSH, Simple Network Management Protocol (SNMP), or Trivial File Transfer Protocol (TFTP) normally reaches the controller through the ports.
Because the distribution system ports must carry data that is associated with many different VLANs, VLAN tags and numbers become very important. For that reason, the distribution system ports always operate in 802.1Q trunking mode. When you connect the ports to a switch, you should also configure the switch ports for unconditional 802.1Q trunk mode.
The distribution system ports can operate independently, each one transporting multiple VLANs to a unique group of internal controller interfaces. For resiliency, you can configure distribution system ports in redundant pairs. One port is primarily used; if it fails, a backup port is used instead.
To get the most use out of each distribution system port, you can configure all of them to operate as a single logical group, much like an EtherChannel on a switch. Controller distribution system ports can be configured as a link aggregation group (LAG) such that they are bundled together to act as one larger link. With a LAG configuration, traffic can be load balanced across the individual ports that make up the LAG. In addition, LAG offers resiliency; if one individual port fails, traffic will be redirected to the remaining working ports instead.
You can enable Link Aggregation (LAG) on WLC 2504 ports 1 and 2 for redundant uplinks to an switch. In my wireless lab, I've connected WLC ports 1 and 2 to Sw1 ports 1 and 2 respectively.
To enable Link Aggregation (LAG) on a WLC, go to Controller > General. LAG is
disabled by default (it displays LAG Mode is currently disabled). You'll also need to reboot the WLC afterwards for LAG to take effect. Click Apply > click OK twice and Save
Configuration.
You can use the WLC CLI command show lag summary to verify LAG status.
(Cisco Controller) >show lag ?
eth-port-hash Shows the physical port used for specific MAC addresses
ip-port-hash Shows the physical port used for specific IP addresses
summary Shows the current status of the LAG (Link Aggregation) configuration
(Cisco Controller) >show lag summary
LAG Disabled.
I lost remote access to the WLC after pressing OK and I
thought the WLC auto-reboots itself.
I've checked via CLI and the LAG was enabled but it needs a manual reboot.
(Cisco Controller) >show lag summary
LAG Enable is in transition. Pls Reboot the switch
(Cisco Controller) >reset ?
system Reset the switch.
(Cisco Controller) >reset system
The system has unsaved changes.
Would you like to save them now? (y/N) y
Configuration Saved!
System will now restart! Restarting system.
WLCNG Boot Loader Version 1.0.16 (Built on Feb 28 2011 at 13:14:54 by cisco)
Board Revision 0.0 (SN: PSZ172300U3, Type: AIR-CT2504-K9) (P)
Verifying boot loader integrity... OK.
<OUTPUT TRUNCATED>
While the WLC is rebooting, I've configured a Layer 2 EthernetChanel on the switch.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface range fastethernet0/1-2
SW1(config-if-range)#description ### L2 EtherChannel Trunk to WLC1 ###
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#
*Mar 1 01:54:48.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar 1 01:54:48.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
SW1(config-if-range)#
*Mar 1 01:54:51.450: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
*Mar 1 01:54:51.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
SW1(config-if-range)#
SW1(config-if-range)#channel-group 1 ?
mode Etherchannel Mode of the interface
SW1(config-if-range)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
SW1(config-if-range)#
*Mar 1 01:55:08.437: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
*Mar 1 01:55:09.444: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up
SW1(config-if-range)#interface port-channel1
% Command exited out of interface range and its sub-modes.
Not executing the command for second and later interfaces
SW1(config-if)#description ### L2 EtherChannel Trunk to WLC1 ###
SW1(config-if)#switchport mode trunk
SW1(config-if)#end
Verify the WLC LAG status either CLI or web GUI.
(Cisco Controller) >show lag summary
LAG Enabled
Go to Controller > General to see if the status changed to LAG Mode is currently enabled.
Below are some useful show commands to verify EtherChannel on a Cisco switch:
SW1#show run interface port-channel1
Building configuration...
Current configuration : 143 bytes
!
interface Port-channel1
description ### L2 EtherChannel Trunk to WLC1 ###
switchport trunk encapsulation dot1q
switchport mode trunk
end
SW1#show interface port-channel1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 0016.c840.3583 (bia 0016.c840.3583)
Description: ### L2 EtherChannel Trunk to WLC1 ###
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa0/1 Fa0/2
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 4 packets/sec
6 packets input, 1968 bytes, 0 no buffer
Received 6 broadcasts (6 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 6 multicast, 0 pause input
0 input packets with dribble condition detected
756 packets output, 56755 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
WLC1 Fas 0/1 162 H AIR-CT250 Gig 0/0/1
WLC1 Fas 0/2 162 H AIR-CT250 Gig 0/0/2
SW1#show etherchannel ?
<1-48> Channel group number
detail Detail information
load-balance Load-balance/frame-distribution scheme among ports in
port-channel
port Port information
port-channel Port-channel information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/1(P) Fa0/2(P)
SW1#show etherchannel detail
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 2 Maxports = 8 // MAX PORTS FOR ETHERCHANNEL ON A 3560 SWITCH
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Ports in the group:
-------------------
Port: Fa0/1
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:03m:07s
Port: Fa0/2
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:03m:10s
Port-channels in the group:
---------------------------
Port-channel: Po1
------------
Age of the Port-channel = 0d:00h:15m:03s
Logical slot/port = 2/1 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/1 On 0
0 00 Fa0/2 On 0
Time since last port bundled: 0d:00h:03m:10s Fa0/2
Time since last port Un-bundled: 0d:00h:03m:16s Fa0/2