Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
0
Helpful
1
Replies

Remote AP with local and WLC-tunneled SSIDs

kblackham
Level 1
Level 1

‎10-24-2012 03:26 AM - edited ‎07-03-2021 10:54 PM

Abstract scenario: corporate apartment. 

I would like to deploy (prefer autonomous) a "hybrid" style access point policy at company apartments.  This would have one SSID that gives nothing more than general internet access at the site via local internet service, and another SSID that connects the user into the company network with the same policy of being on-prem.  I would like to avoid rolling a WLC at each site, or extra equipment such as dedicated router/VPN endpoint, if at all possible.

Example:

SSID playtime - (visible) requires WPA2-Personal authenticadtion for general internet, no access to corp net

SSID worktime - (hidden) tunnels back to WLC over a VPN and requires WPA2-Enterprise auth via WLC policy

If this is just plain impossible, please say so.  We can always whip out a VPN client on laptop.  If it's possible, but requires extra equipment, I'd like to discuss that as well.

Labels:
0 Helpful
1 Reply 1

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎10-24-2012 04:42 AM

yes, absolutely possible using hreap/fleconnect mode on ap.

enable local switching on playtime and not on worktime ssid. this way playtime traffic stays locally and worktime traffic tunnelled to wlc.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card