LAG on 1800/2800/3800 AP

Available Languages

Download Options

  • PDF     (43.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (70.9 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (64.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:July 13, 2019
Document ID:200898

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction


This document covers the steps involved in configuring 1850/2800/3800 access point (AP) in link aggregation (LAG) across Ethernet and AUX ports. The LAG protocol used can be LACP or mode ON. 

Note that as of 8.4 software version, there is no means of securing the access port if using LAG (no 802.1x and no mac address authentication).



Prerequisites

  • Access point in local mode (Flexconnect mode is supported as of 8.8 WLC software where upstream load balancing uses a combination of client mac address and destination layer4 UDP port)
  • The switch must support layer4-based load-balancing
  • Access points supporting LAG are : 1850,2802,3802


The following Cisco switching series support LAG with the APs:
• Catalyst 3850 / all models (non‐CA mode)
• Catalyst 3650 / all models (non‐CA mode)
• Catalyst 4500/Sup‐8E
• Catalyst 6500/Sup 720 or newer

• Catalyst 9000 series

• Nexus series

Note:- LAG with 3rd party switches has not been tested. AP uses same IP address but different source port to do the balancing, so the switch should be able to do load balancing based on UDP port information. For more information on LAG with 3rd party switch please refer to bug CSCvf77787 .

Note:- LAG is not supported yet for Converged Access(CA). An enhancement bug CSCvc20499 has been filed for this. 


Components Used


For this configuration example 2802 AP was used. Switch used was WS-C3650-48PQ running software version 03.06.05E. AP was joined to 2504 on 8.2.141.0

Network Diagram


2802 AP-----3650 switch-----2960 switch----2504 WLC
AP and Wireless LAN Controller (WLC) are in vlan 1
The gigabit port of the AP goes to switch port g1/0/10 and the AUX port will go to g1/0/9

Configurations

Step 1


Connect only the gig port to the switch. Configure the switch port which goes to the AP gig port i.e gig 1/0/10 (in this case)
interface GigabitEthernet1/0/10
switchport mode access
end

Step 2


Once the AP registers to the WLC, run the following commands from the WLC command line.

config ap lag-mode support enable

(This will NOT result in a reboot of the APs that support LAG)


This command enables the support for AP lag mode globally on the WLC. To check the current status of the AP lag mode support on the WLC run the command "show ap lag-mode".

To disable support for AP lag mode use "config ap lag-mode support disable" (This will result in a reboot of all the APs that support LAG)

config ap lag-mode support enable <AP name>

 (This will result in a reboot of the AP)

This command enables lag mode support on the AP itself.

When you enable this command, in the "show ap config general <AP name>" command you will see that the AP lag config status has been changed to "enabled" from "disabled".

AP LAG Configuration Status ..................... Enabled

To disable lag mode on the AP use "config ap lag-mode support disable <AP name>" (This will result in a reboot of the AP)

Step 3

For load balancing on the LAG ports to the AP and the controller, the switch should support load balancing on the layer 4 (L4) source and destination ports. Run the following command from the switch config mode.

port-channel load-balance src-dst-port

If one doesn't configure L4 port load balancing (for example when using a switch model which does not support this feature) then the port channel will still come up but all the traffic will go through the same port. One will not have 2 gigabits of speed but there will be redundancy.

Step 4


Now configure both the switch ports (g1/0/10 and g1/0/9) into etherchannel and plug the AP aux port into the other switch port i.e. g1/0/9. At this point we have both the AP gig and aux port connected to the switch.

interface GigabitEthernet1/0/10
switchport mode access
channel-group 1 mode active
end

 

interface GigabitEthernet1/0/9
switchport mode access
channel-group 1 mode active
end

 

interface Port-channel1
switchport mode access
end

If you want to use mode "ON" instead of LACP, use command "channel-group 1 mode on" under the switch ports.

Any further configuration change (moving to trunk, adding supported vans) has to be done through the portchannel interface from now on.

Important note

The 3800 AP primary port is mGig capable (up to 5Gbps) while the AUX port is a standard Gigabit port. This means that if you set up LAG on a mGig capable switch and 3802 access point, the portchannel will be suspended due to the difference in speeds :

*Nov 21 20:37:04.987: %LINK-3-UPDOWN: Interface TenGigabitEthernet1/0/39, changed state to down
*Nov 21 20:37:07.122: %EC-5-CANNOT_BUNDLE2: Te1/0/39 is not compatible with Te1/0/40 and will be suspended (speed of Te1/0/39 is 1000M, Te1/0/40 is 5000M)

The solution is to configure speed 1000 on the primary port so that both ports run at the same Gigabit speed.


Verify

The state of the LAG configuration on the controller and AP can be seen using the following commands on the controller:

show ap lag-mode

LAG-Mode Support ................................ Enabled

show ap config general <ap-name>

AP LAG Configuration Status ..................... Enabled
LAG Support for AP .............................. Yes

If you see the LAG support staying as "No", it might be because the DTLS data encryption is enabled. LAG is not supported along with DTLS data encryption.

The successful formation of LAG between AP and the switch can be seen using the following commands on the switch:

sh etherchannel summary

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Gi1/0/9(P) Gi1/0/10(P)

show lacp neighbors

Channel group 1 neighbors

Partner's information:

LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Gi1/0/9 SA 32768 00f2.8b26.90b0 14s 0x0 0x300 0x1 0x3D
Gi1/0/10 SA 32768 00f2.8b26.90b0 0s 0x0 0x300 0x0 0x3D

show lacp internal



Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/9 SA bndl 32768 0x1 0x1 0x10A 0x3D
Gi1/0/10 SA bndl 32768 0x1 0x1 0x10B 0x3D

TAC Authored

Contributed by Cisco Engineers

  • Ritin Mahajan
    Cisco TAC

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products