Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2287
Views
0
Helpful
1
Replies

Adding multiple Vlans to one SSID on Cisco Mobility Express 2800 Series

Elaine St. John
Level 1
Level 1

‎11-24-2016 08:02 AM

Hello,

I would like to know whether one can add multiple vlans to 1 SSID in the Cisco Mobility Express AP Environment. We currently have 3 Access points - 2800 Series. We do not want to use the CapWap (lightweight) versions. 

This feature used to be available on the previous autonomous access points (2602 models).

We have an environment where we connect the access points with a Radius Server (Cisco Secure ACS  Version : 5.7.0.15) whereby it queries the users' AD attributes in order to assign them on their respective Vlans. Access points are on a separate management native vlan and we have the physical switchports trunked on the other users' VLans.

We are still new to this technology which has only been available in the market since last August.

From the available Deployment Guides at the moment, I could not find any solutions to this query. When trying to add the Vlan ID in the Edit WLAN section from the controller GUI it is only allowing me to select one vlan.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/b_Cisco_Mobility_Express_Deployment_Guide.pdf

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/82/user_guide/b_ME_User_Guide_82.pdf

Any one knows whether this can be done?

Thanks in advanced

2 people had this problem
Labels:
Preview file
60 KB
0 Helpful
1 Reply 1

Elio Coutinho
Level 1
Level 1

‎03-21-2017 10:39 AM

I also was faced with this problem. This is what I did to have it working on a 1830 with Mobility Express 8.3.111.0:

- added the main WLAN (id 1) with vlan tagging, configured for Radius authentication.

- added an additional dummy WLAN with another vlan. Set the Admin State of this wlan as Disabled to prevent the SSID from being broadcasted. This takes care of creating the interface for this other vlan.

- on the command line, enabled the radius assigned vlan for wlan id 1:

config wlan disable 1
config wlan aaa-override enable 1 
config wlan enable 1

- saved and rebooted

That's it! Radius assigned vlan using Tunnel-Group-Id is honored by the AP. Even though debug information still shows an error like "Tunnel-Group-Id 30 is not a valid VLAN ID for STA ...", it still places the client on that vlan. I've confirmed it at the switch.

This document was useful figuring this out:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/71683-dynamicvlan-config.html

0 Helpful
Customers Also Viewed These Support Documents