What would be the topology if multiple VNS exist on same interface of identifi controller


What would be the topology if multiple VNS exist on same interface of identifi controller, is it same as multiple vlans passing on trunk port ?

Controller will be having one L3 ipaddress on that interface ( for GUI access from network)

I want to switch traffic locally at AP......

9 replies

Userlevel 2
Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

Ok say if I want to have 20 VNS, with same SSID, with multiple vlans , I only have 4 ports then what would we need to do ? i want to use only one interface of the controller, which will be having route to management IP default gateway (on core).
Userlevel 6
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

Saiprasad

If you are only using B@AP then there is no need to use more than 1 port on the controller if you do not wish to. Once authenticated, user traffic does not need to reach the controller with B@AP.

There are different ways to place traffic into different topologies, the most elegant would be to use NAC (or radius) to return a role that maps to the required topology, that way you could potentially have just 1 SSID (wireless service), 1 VNS, 20 topologies + 20 roles (mapped to appropriate topology depending on location.)

You can then manage the AP's in a separate vlan as required.

Hope this helps.

-Gareth
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

Oh great got it. finally one question......if I keep access points in different vlan how will the ap's know the controller.....as far as I know it is a better practice to keep ap's and controller in same vlan.

and what about switch port to which ap is connected. ap vlan as tagged and user vlan as untagged will do right !
Userlevel 6
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

For each scope in DHCP (for each vlan) you need to define the controllers IP, that's all you need to do, after that normal IP routing will do the rest. Once the AP learns the controller it will remember it, but it's still best practice to define dynamic discovery, this makes for easier adds/moves/changes.

As you say, tagged for ap, untagged for user, is fine, keep in mind when provisioning the AP you will need to define the vlan before deployment; for that reason, often it's easier to do things the other way round, untagged for ap, tagged for user, either method is fine.
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

OK got it.

But what if there are 2 controllers in availability.how will the above dhcp scope part work.

Does "but it's still best practice to define dynamic discovery" mean not to define controller IP in dhcp scope....

Is the above procedure (dhcp part) applicable even when both ap and controller are in same vlan or not necessary.......
Userlevel 6
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

But what if there are 2 controllers in availability.how will the above dhcp scope part work.


With availability enabled and the default setting of approve all AP's set, then the AP would register on the controller defined, with manual approval enabled, you would see the AP on both controllers and could approve it on your chosen controller (this mode is my preferred configuration as it gives maximum control.) Additionally, in dhcp options you can specify 2 controllers IP's.

Does "but it's still best practice to define dynamic discovery" mean not to define controller IP in dhcp scope....

No, it means you should define the controller IP(s) in the scope.

Is the above procedure (dhcp part) applicable even when both ap and controller are in same vlan or not necessary.......

That's correct.

Please see page 111 of the current Wireless user guide for an in depth explanation of the AP discovery process (requires Extreme extranet login) https://extranet.extremenetworks.com/downloads/Pages/WirelessControllers.aspx
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

ok! understood

with your method of manual approval, will the ap's failover to the other controller if one of the controller goes down.....
Userlevel 6
Mohanakrishnan, Karthikeyan wrote:

Hi Saiprasad,

Its recommended to use separate Admin interface for GUI access from network.
You may find default topology with B@AP configuration for switching traffic locally at AP. You can make use of that topology.
Extreme doesn't use the term "trunk". Create one topology for each VLAN IDs and assign it to esa0/1/2 or 3. Assume topology as a VLAN with an egress port. While creating B@AP topology assigning controller's physical interface is not needed as VLAN are going to be at AP.

For more info about topologies, Pl read IdentiFi wireless user guide, Chapter 5. Configuring topologies. Link here: https://extranet.extremenetworks.com/downloads/Pages/dms.ashx?download=c2513a5a-1186-4e25-ae97-dc9e1...

-Karthikeyan M

Assuming availability link is up yes, if you have fast failover (FF) enabled, you can see in the availability reports that the AP would have 2 tunnels, 1 active to the home controller and 1 backup to the foreign controller.

Reply