Showing results for 
Search instead for 
Did you mean: 

Flexconnect Vlan Override Local Switching Clients

Rising star



Viten Patel is is a Wireless Expert working in Cisco TAC. In this Video, Viten has shown How to do the Flexconnect Vlan Override Local Switching Clients configuration on Wireless LAN Controller (WLC) and Cisco Secure Access Control Server (ACS).

In the current FlexConnect architecture, there is a strict mapping of WLAN to VLAN, and thus the client getting associated on a particular WLAN on FlexConnect AP has to abide by a VLAN which is mapped to it. This method has limitations, because it requires clients to associate with different SSIDs in order to inherit different VLAN-based policies.

From 7.2 release onwards, AAA override of VLAN on individual WLAN configured for local switching is supported. In order to have dynamic VLAN assignment, AP would have the interfaces for the VLAN pre-created based on a configuration using existing WLAN-VLAN Mapping for individual FlexConnect AP or using ACL-VLAN mapping on a FlexConnect group. The WLC is used to pre-create the sub-interfaces at the AP.




  • AAA VLAN override is supported from release 7.2 for WLANs configured for local switching in central and local authentication mode.
  • AAA override should be enabled on WLAN configured for local switching.
  • The FlexConnect AP should have VLAN pre-created from WLC for dynamic VLAN assignment.
  • If VLANs returned by AAA override are not present on AP client, they will get an IP from the default VLAN interface of the AP
  • Cisco Airespace-specific attributes will not be supported and IETF attribute VLAN ID will only be supported.
  • A maximum of 16 VLANs can be configured in per-AP configuration either via WLAN-VLAN Mapping for individual FlexConnect AP or using ACL-VLAN mapping on the FlexConnect group.


video pic.jpg









For More configuration details, please refer to FlexConnect VLAN Override section under Flex 7500 Wireless Branch Controller Deployment Guide.


Do Rate the Video.



I am configuring a cisco 5508 ver in flexconnect mode with central authentication, local switching. everything is fine along with local VLAN configuration, but when I create a flexconnect group and add specific AP's in that, those APs shows all the SSID configured under WLAN, how I can restrict a specific flexconnect group to show only specific SSID not all of them, although i have added only 1 SSID under WLAN VLAN MAPPING tab.

Any advice?


Hi Zeeshan,


With the help of AP groups, you can control which SSIDs are present on which APs.
WLANs > Advanced > AP Groups

Create an AP groups, select the SSIDs you wish a specific set of access points to have.

NOTE : Each time you add/remove an access point from the AP Group, the AP reboots.


Hope this helps !



Ronak Vyas.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey

This widget could not be displayed.