Configuring Virtual Interfaces

• Virtual Interface, on page 1

• Configuring Virtual Interfaces (GUI), on page 2
• Configuring Virtual Interfaces (CLI), on page 2

Virtual Interface
The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP)
relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway
host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3
web authorization is enabled.
Specifically, the virtual interface plays these two primary roles:
• Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.
• Serves as the redirect address for the web authentication login page.

The virtual interface IP address is used only in communications between the controller and wireless clients.
It never appears as the source or destination address of a packet that goes out a distribution system port and
onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it
cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface.
Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address. The
virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition,
the virtual interface cannot be mapped to a physical port.
We recommend that you configure a non-routable IP address for the virtual interface, ideally not overlapping
with the network infrastructure addresses or external. Use one of the options proposed on RFC5737, for
example, 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24 networks. This is to avoid using an IP address
that is assigned to another device or system.

Restrictions
• All controllers within a mobility group must be configured with the same virtual interface IP address.
Otherwise, inter-controller roaming may appear to work, but the handoff does not complete, and the
client loses connectivity for a period of time.

This section contains the following subsections:

Configuring Virtual Interfaces

1
 Configuring Virtual Interfaces
Configuring Virtual Interfaces (GUI)

Configuring Virtual Interfaces (GUI)

Step 1 Choose Controller > Interfaces to open the Interfaces page.
Step 2 Click Virtual.
The Interfaces > Edit page appears.

Step 3 Enter the following parameters:

• Any valid unassigned, and unused gateway IP address
• DNS gateway hostname
Note To ensure connectivity and web authentication, the DNS server should always point to the virtual interface.
If a DNS hostname is configured for the virtual interface, then the same DNS host name must be configured
on the DNS server(s) used by the client.

Step 4 Click Save Configuration.

Step 5 If you made any changes to the management or virtual interface, reboot the controller so that your changes take effect.

Configuring Virtual Interfaces (CLI)

Step 1 Enter the show interface detailed virtual command to view the current virtual interface settings.
Step 2 Enter the config wlan disable wlan-number command to disable each WLAN that uses the virtual interface for distribution
system communication.
Step 3 Enter these commands to define the virtual interface:
• config interface address virtual ip-address
Note For ip-address, enter a valid, unassigned, and unused gateway IP address.
• config interface hostname virtual dns-host-name

Step 4 Enter the reset system command. At the confirmation prompt, enter Y to save your configuration changes to NVRAM.
The controller reboots.
Step 5 Enter the show interface detailed virtual command to verify that your changes have been saved.

Configuring Virtual Interfaces

2