What is the fastest & easiest way to configure multiple dynamic interfaces on a WLC. If you need to do it via GUI you need to go to Controllers > Interfaces section & define it. See below two screenshots.
Now we will see how we could achieve this using CLI. To make it easy think about how you create an interface (SVI) on a layer 3 switch for a DHCP clients subnet.We all configure it like this without much trouble.
vlan 80 name data1 ! interface Vlan80 ip address 10.10.80.2 255.255.255.0 ip helper-address 10.100.1.2
You can apply the same logic when defining interfaces on WLC. Remember these logical steps
1. Create an dynamic interface
2. Assign a corresponding vlan number to interface.
3. configure IP address, subnet mask & gateway
4. Specify the DHCP address (primary/secondary)
5. Assign a physical port (or Port channel if LAG is enabled)
Here is the corresponding CLI commands to do this on a WLC. If you want to define another dynamic interface you can simply copy this with IP/vlan changes.
config interface create data1 80 <-- data1 is the interface name config interface vlan data1 80 config interface address dynamic-interface data1 10.10.80.10 255.255.255.0 10.10.80.2 config interface dhcp dynamic-interface data1 primary 10.100.1.2 config interface port data1 1 <-- WLC port 1 is connected to Switch ! config interface create data2 90 config interface vlan data2 90 config interface address dynamic-interface data2 10.10.90.10 255.255.255.0 10.10.90.2 config interface dhcp dynamic-interface data2 primary 10.100.1.2 config interface port data2 1
If you ask to create 3 dynamic interfaces in each controller (3 or 4) it should not take more than 2-3 min via CLI. Can you do the same via GUI in a such short time frame ? I doubt . Therefore get used to CLI for this sort of repetitive tasks in the exam to save your valuable time.
Now we will look at how to handle if they ask to do it with interface groups. They may not ask directly to configure interface groups, but if you see same SSID map to more than one dynamic interface/vlans or talk about VLAN Select feature you should know you have to create interface group to fulfill this task.
For this, first you have to create an interface group & then assign required dynamic interfaces to interface group. I will create an interface group called “data-int-group” & assign data1 & data2 dynamic interfaces to that. In GUI, you can do that under Controllers > Interface Group section. (see below two screenshots)
In CLI, you can do that by using following 3 lines.
config interface group create data-int-group "Int Group for Data Subnets" config interface group interface add data-intgroup data1 config interface group interface add data-intgroup data2
Finally we will look at how we can map these interfaces or interface group to a WLAN. Again logic here is to define a WLAN first & then map an interface or interface group into WLAN. I have shown “data1” & “data-int-group” in the same screenshot below, but you can select only one of these in drop-down box menu. For the simplicity I have only enabled “Broadcast SSID” feature. Once you familiar with other advanced features of WLAN you can include them in to this CLI command set before enabling the WLAN.
In CLI you can achieve this with following 4 CLI commands. In this example I have defined two basic WLANs (ID 4 & 5) & map into two dynamic interfaces
(data1 & data2) created with SSID broadcast feature. If you want to map into interface group, you can type interface group name instead of interface name.
config wlan create 4 data1 data1 <- SSID & profile name data1 config wlan interface 4 data1 config wlan broadcast-ssid enable 4 config wlan enable 4 ! config wlan create 5 data2 data2 config wlan interface 5 data2 config wlan broadcast-ssid enable 5 config wlan enable 5
Keep in mind there can be further complexities (AP groups, WLAN ID > 16, etc). My preference is do this basic repetitive tasks via CLI to save time & do more complex task (non-repetitive) via GUI.
Related Posts
1. GUI or CLI – Choice is Yours
2. Learning CLI in Quick Time
3.
4.
5.
6.
7.
mrn-cciew 
You can dont need the command config interface vlan data2 90, as the config interface create data2 90 added the vlan id. That command is to be used if you want to change the vlan later. So you can save yourself few more seconds!
Hi Oli,
Thanks a lot for highlighting this … Yes I will save few seconds in that way 🙂
Hello Again Rasika, well I have some questions here I just Started with my CCNA Wireless Path but I deployed 2 Wireless Networks already, I never use interface group before some day I asked on cisco about the best way to deploy a wireless with 2040 users, and they answered me about interface group. So… I wondering right now is bad have just one dynamic interface for /24 network? I need to use interface group always? wich is the best way to deploy a bigger network as /21?
You do not want to use “interface-gorup” always. As long as you have sufficient capacity in a given subnet you can still use single dynamic interface.
But from the scalability point of view, if you want to add more capacity down the track, use of interface group is more flexible. You can simply add another subnet to existing interface group.
Another advantage is you can combine different subnet mask interfaces to single interface group & you do not want to have continuous block of IP.
In my production environment we have 3x /21 subnets (since user count is more than 2k) pool to single interface-group. Instead of that you can go for /20 or /19, but then your broadcast domain will be too large & that is not good as well.
This feature is also known as “vlan select” & you can refer below my blog post how to configure this
https://mrncciew.com/2013/01/27/understanding-vlan-select-feature/
HTH
Rasika
If you want to use IPv6 for the clients. How do you configure this in a dynamic interface or this not necesarry at all? I’m at 8.0.120.0.
Hope this is useful
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/IPV6_DG.html
Rasika
Hello, nayarasi.
Please, tell me, in cisco wlc 5760 (ct5760-ipservicesk9.SPA.03.06.05.E.152-2.E5) interface group named is vlan group?
I try make RADIUS auth via wi-fi.
RADIUS settings like this http://wifinigel.blogspot.ru/2014/03/microsoft-nps-as-radius-server-for-wifi_18.html
and WLC settings:
Configuration – controller
layer2 vlan:
create 2 vlan – vlan 4 and vlan 18
create layer3 interface – vlan18 – ip and dhcp
create layer3 interface – vlan4 – ip and dhcp
create vlan group – test-group add 4 and 18 vlan
COnfiguration – wireless
create wlan ssid – test
choose Interface/Interface Group(G) – test-group
security level2 – wpa2 + auth key mgmt 802.1x
choose AAA server
Allow AAA Override
aaand its not work, maybe i forgotten something?
Hi Ilya,
Yes, vlan group term refer to “interface group” concept of AireOS.
In your case, would clients get given vlans IP as you map it to SSID (so even override is not working, still client should get IP from that range). I would assign different vlan to SSID and let AAA to override it.
Are you using ” interface group name” when overriding ?
HTH
Rasika
very informative…
Thanks
hi rasika,
Are the double entry in the dynamic interface for external dhcp servers load balanced or this is more a HA configuration with the 2nd entry used when primary external DHCP does not respond in 30s or less?
Based on my understanding, DHCP Proxy must be DISABLED if you are using 2 external DHCP entries in the dynamic interface of the WLC. What is the reason of that?
thanks in advance for your kindly response. I tried to find out something on cisco documentation but there is nothing there.
my understanding is if you configure primary & secondary, both get DHCP Discovery.
Not too sure about that you have to disable DHCP proxy when you configure primary & secondary dhcp on an interface. I have done it with leaving DHCP proxy mode to “global” which is the default setting.
HTH
Rasika
Looks like my question was not posted yesterday
It was, untill I have responded (or at least approved) it is not appearing there.
Rasika
Hi Nayarasi,
I am a little bit confused for LAG and this interface groups,
as far as I understand, lag means that we are bond multiple physical port on WLC in order to connect to the channel group on switch.
while the interface group seems to do the same thing but from logical level.
would you please elaborate the difference between them.
Cheers
Michael
Hi Michael, LAG is for physical port redundancy.
Interface group is useful to expand WLAN network size without changing already assigned subnet size.
Hope it clears
Rasika
Hi Rasika
can i use subnet /16 or /8 for maximum ip for client ?
So actually i would like to ask about if ip of client it a lot i think about broadcast domain like switch .
thank you
Hi Jakkapan,
In Cisco wireless by default “Broadcast Forwarding” feature is disabled. Therefore creating large subnet is not a problem at all.
HTH
Rasika
Hi Rasika,
Any good guide or success using Prime Infrastructure to configure dynamic interfaces for users using the templates in Prime? I can’t seem to find any guides that demonstrate this but the function seems to be in there.
Thanks again for all you do.