Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] WLC Interface IP requirements for a Web Portal service with a locally-switched VLAN



Article ID: KB24910 KB Last Updated: 10 Oct 2020Version: 2.0
 This article provides information about the Interface IP requirements for a WLC device, which is hosting a Web Portal authenticated Service-Profile (SSID), that has users placed on a VLAN; it is locally-switched by the WLA device.
  • One of the underlying requirements for the Web-Portal based authentication service is that the WLC must have an IP interface in the same L2 VLAN and subnet as the WLAN client.  

  • The reason for this is that the WLC must be able to communicate via the IP to both the WLAN client and the WLAN client's DNS server. 

  • When the VLAN for the Web Portal service exists locally on the WLC device, it is required for the WLC device to have an IP interface configured on this VLAN (either statically or by enabling the DHCP-client feature on the WLC device for this VLAN).  

  • However, with the local-switching feature, it may be possible that the VLAN for the WLAN client exists only at the uplink port of the WLA device, with which the client is associated.

The solution for this issue of a VLAN, which only exists at the uplink of the WLA device, is automatically handled by the WLC device. However, it may require some configuration on the customer network.  As the WLC device is required to have an IP Interface in the Web Portal VLAN, the WLC device will build a VLAN Tunnel out to the WLA device, which is hosting the locally-switched VLAN. The WLC device will then request a DHCP IP address, which it will use as its IP Interface on this VLAN.

There is nothing to configure on the WLC device for this process to work; however, it is required that the DHCP server, which is being used on the Web Portal VLAN, be configured to serve the WLC an IP address. This will require, at a minimum, that the DHCP scope allows access to the WLC device and more preferably, that the DHCP server is configured to provide the WLC device with a Fixed/Reserved IP address; so that the WLC receives a consistent IP (this is not a functional requirement; but will make troubleshooting easier).

To verify the IP address, which the WLC device has received from DHCP, the show dhcp-client command can be used via the WLC device's CLI. 

Modification History:
2020-10-10: Archived article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search