cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

126
Views
5
Helpful
1
Replies
Beginner

Multiple networks on one SSID and private-VLANs

Hi!

I am reading about private-VLANs and I think they might be the solution to my current issue.   I currently have two VLANs, and two wireless SSIDs.   VLAN1 (10.0.0.0 / 24) is mapped to the Company SSID, VLAN40 (10.0.40.0 / 24) is mapped to the Company's Guests SSID.

I have a need for more networks though and I know I can just create more VLANs and more wireless SSIDs, but I'm trying to do it without creating anymore SSIDs.   I see this when I google private-VLANs:

A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains, allowing you to 
isolate the ports on the switch from each other.

That sounds like something I could use.   I was thinking maybe instead of creating multiple VLANs and SSIDs, I could partition the two VLANs I currently have and try to isolate the devices.    For example, on the Company VLAN, only company equipment can be on it.   We have some residential devices that need to be connected to the internet as well though, such as our car, garage door opener, game consoles, etc.   I didn't want to put some of these on the guest network for various reasons.


I do not think access groups are a solution, because the wireless APs for the guests and the company stuff are the same APs.   They're not in different buildings or anything.   I have a Cisco C1111-8PW router, three Cisco 1832i wireless APs.   The C1111 has a built-in WLC and AP.


Would the private-VLANs be the best way to go here?   I was reading there was some way to do this with something called 802.1x authentication or something, but I'm having a hard time finding examples of how to configure something like this with the 802.1x authentication.

Thanks.

1 REPLY 1
Highlighted
VIP Advisor

Re: Multiple networks on one SSID and private-VLANs

Hi

On controller based AP, you can go to the advanced tab and deny P2P between clients.

I would recommend using the 802.1x solution.
There was a recent post talking about it on the forum. Take a look here:
https://community.cisco.com/t5/identity-services-engine-ise/dynamic-vlan-assignment-ise-and-wlc/td-p/3572816

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here