[cisco-voip] Voice VLANs and Multiple Switches ?

Andre Beck cisco-voip at ibh.net
Mon Dec 15 08:58:05 EST 2008 

Hi,

On Tue, Dec 09, 2008 at 12:59:11PM -0500, Jason Aarons (US) wrote:
> I'm seeing Cisco Advanced Services set the access layer 3750s to
> trunking but the native vlan is routed and wireless vlan trunked.  The
> CUWN/LWAP access point vlan is the only thing going out to all access
> layer 3750s from distribution 6500s.  I assume this allows fast secure
> wireless roaming.

In a true LWAPP installation, that wouldn't be necessary, as the WLCs
can deal perfectly with APs that are only reachable on L3. That's why
the LWAPP is a tunnel and establishes a virtual shared broadcast domain
for the wireless distribution part of the game (a single ESS is still
mapped to a single broadcast domain and allows for transparent 802.11
roaming as usual).

> In short each closet has its own data/voice vlans, but a common vlan
> across all switches for 1252 Access Points.

That would have been necessary with autonomous APs, but not with LAP
ones. As 1252s are supported only in 5.x WLC versions, where L3 mode
is not only the default but the only LWAPP operation mode, there are
not that many arguments for running a campus spanning VLAN and breaking
the whole advantage of the L3 switched core design just for wireless.
The only thing that is eased (a bit) by having just one broadacst domain
here is the APs can find the WLCs rather easy (L2 broadcast), while in
L3 mode, you have to make sure the APs are properly fed with DHCP
data that either directly promotes the WLC addresses (option 43 IIRC)
or at least with a working DNS infrastructure that can resolve the
magic name cisco-lwapp-controller.

You should push to get rid of that last spanning VLAN IMO - there is
no sense in running *some* VLANs routed when there is still one that
spans and can break STP-wise. Actually, when spanning is still an option
anyway, doing the routing separation is just painful and doesn't have
much benefit. Either spanning still scales, or it doesn't ;)

HTH,
Andre.
-- 
   Real men don't make backups of their mail. They just send it out
    on the Internet and let the secret services do the hard work.

-> Andre Beck    +++ ABP-RIPE +++      IBH IT-Service GmbH, Dresden <-

More information about the cisco-voip mailing list