Showing results for 
Search instead for 
Did you mean: 

Cisco WLAN configuration


Hi Guys,

I am working on a big scale WLAN configured with WISM.

what I am puzzled with is how capwap works alongside DHCP.

They have over 400 APs and only 10 SSIDs. My understanding is all data is sent back to the controller using the capwap tunnel un encrypted so the APs are connected to an access port switch within their respective capwap vlan .

my question is if I have an SSID that is called CAR and have 10 campus using thet SSID of CAR and the SSID is associated with interface CAR-Camp1, how does Camp 2 to 10 get their IP?

all APs in camp2 to 10 have SSID CAR enabled on them yet if you look under SSID CAR only interface CAR-Camp1 is associated.

so my question is how does Camp2 to 10 work to obtain the right ip address on an SSID that is associated with CAR-Camp1?

does capwap tunnels all dhcp etc requests to the contlroller?

I really really appreciate your help

12 Replies 12

Bob Bagheri

Hi, the CAPWAP tunnel is encrypted to the WISM and from there the traffic based on the SSID<>VLAN association leaves the controller and on to its destination.

In regard to your client's DHCP, I would assume each campus has the same VLAN for the desired SSID and most likely you have layer 3 to the access layer.  If so, then you would treat the VLAN for wireless clients like a wired client.  Each wireless VLAN in the campus would have a DHCP scope served via your DHCP server or the access switch itself.

If you have an all layer 2 network then you need to have a flat VLAN for the SSID and once again provide DHCP the same way you do with a wired client.

As for your AP's, well they should have their own VLAN if not they can use the same VLAN for mobile devices, just make sure you exclude the addresses in your DHCP database.

Lastly, the internal DHCP server of the WLC can be utilized however, that is not recommended for large scale networks.


ok two questions here:

let's assume as you said there is one VLAN for one SSID with 10 subnets across 10 campuses.

That VLAN id is 10 for our example

assuming I have a central DHCP server then how does that server know what 10.0.x.0/24 to assign ?

if campus 1 and campus 2 use ip helper to forward dhcp , when the dhcp server gets the request, how does it know what subnet to associate to that vlan 10?

I can't remember how IP helper worked, does it include the VLAn in the packet it sends so that the DHCP server knows what scope to use?

I think VLAN could not be included and it was only the Gateway address of the interface forwading the packet included hence the router server will be forwarding the packet with its own IP in giaddr and DHCP server know what range to use for it

question 2:

In my case we have vlan 10-20 assigned to each campus and this is what I don't understand as we no longer have 1 VLAN for 10 subnets for 1 SSID

We have 10 Vlans/10 Subnets but 1 SSID associated to 1 interface which is then associated to one VLAN.

I have just checked this once again on the controller before posting back .

how do you think that is possible?

Q1: The same way the wired DHCP scope works with your IP helper address. It knows from the source of the DHCP request.

Q2: Your WLC/ WiSM should be using a trunk port to handle multiple VLAN's assigned to SSID(s).

You have to mix both wireless and route/switch knowledge together and follow the packet. Don't mix the traffic leaving the controller after CAPWAP decryption with the client device obtaining an IP address on the WLAN.

There are lots of good articles on DHCP and tricks with VLAN's in the WLC configuration guide.