Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
3
Helpful
3
Replies

Access Point IP addressing 2 different APs - Same SSID Diff Vlans

Go to solution
aBITtooTALL68
Level 1
Level 1

‎11-22-2024 11:12 AM

Hello,

This is a question on ip assignment between our APs on our 9800-40 WLC. 

I work in a school district. We allow or deny student access to YouTube by leveraging unique policy profiles that have different assigned vlans based upon which AP needs to allow or deny youtube. These unique policies are all applied with the same SSID. 

The issue we are having is that a few clients remember the IP address originally assigned on the YouTube Allow vlan when connected to an AP that does not have that assigned vlan. 

For example, AP 1 hands out address 10.1.0.0 which gives access to YouTube, but AP 2 hands out address 10.2.0.0 which denies access to YouTube. The client received an address originally from 10.1.0.0, but since the client has moved. The client is now across the building at AP 2 but still has an originally assigned address of 10.1.0.0. How do I make sure that when the client connects to a different AP (AP 2 in this example) it receives the unique VLAN information?

Any advice would be greatly appreciated, thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎11-22-2024 12:00 PM

@aBITtooTALL68 

 What do you see is the expect behavior  and I dont believe you can change that.

 Basically, what you are saying is that you dont want clients to roaming. They need to ask for a new IP and, therefore, they will re-associante and re-authenticate every time the move from one AP to the other.

 This is not good at all because client moves among AP even though they are in the same place. There is no way to prevent this.

 

View solution in original post

3 Replies 3

Go to solution
Flavio Miranda
VIP
VIP

‎11-22-2024 12:00 PM

@aBITtooTALL68 

 What do you see is the expect behavior  and I dont believe you can change that.

 Basically, what you are saying is that you dont want clients to roaming. They need to ask for a new IP and, therefore, they will re-associante and re-authenticate every time the move from one AP to the other.

 This is not good at all because client moves among AP even though they are in the same place. There is no way to prevent this.

 

Go to solution
aBITtooTALL68
Level 1
Level 1
In response to Flavio Miranda

‎11-25-2024 11:10 AM

Thank you, Flavio! As always, I really appreciate your input and advisement. Thank you!

We will resolve this by creating a 2nd SSID and by leveraging an MDM to help mainstream the needed network switches on demand. 

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-22-2024 03:55 PM - edited ‎11-22-2024 03:55 PM

We have a special OU in our Active Directory.  This policy is enforced in ISE and the rule goes like this: 

Machines assigned to this OU can join CORP SSID and ALL SITES.  

However, when the machines assigned to this OU goes to site XDX, the machines can only join the SSID if the APs are named with a certain prefix, like "-Z".  

Customers Also Viewed These Support Documents