Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1663
Views
10
Helpful
8
Replies

Cisco WLC 9800 Flexconnect mode AP native Vlan same as User Vlan

Cheah Lit Thor
Level 1
Level 1

‎04-02-2022 06:59 PM

I have 2 segment vlan 100 & vlan 101 at the branch office and design to put the Flexconnect AP native vlan and user vlan together which is vlan 100 and vlan 101 for Production vlan.

 

The best practice is separate the AP management vlan separately but  in this case is it still possible to assign as a same one with user vlan "vlan 100"?

 

What i'm thinking is the WLC 9800 at central only care about the Native vlan ID but not the IP Address however any limitation on this configuration way?As the user vlan will consider an untagged traffic in branch network.

 

interface GigabitEthernet2

switchport trunk native vlan 100
switchport trunk allowed vlan 100-101
switchport mode trunk
spanning-tree portfast trunk 
no shut

 

Thanks

 

 

Labels:
8 Replies 8

MHM Cisco World
VIP
VIP

‎04-02-2022 07:57 PM

Sorry Can you more elaborate I couldn't understand, 
there are two VLAN 
one is native VLAN for AP management VLAN 100 
and other for User VLAN 101

now what you want to do?

0 Helpful

Cheah Lit Thor
Level 1
Level 1
In response to MHM Cisco World

‎04-02-2022 08:19 PM

Hi

One is vlan 100 for native AP management Vlan and User traffic, vlan 101 is production traffic.

 

My question can i put AP native vlan and user traffic under same vlan for flexconnect mode. 

Thanks

MHM Cisco World
VIP
VIP
In response to Cheah Lit Thor

‎04-02-2022 08:30 PM

If this local AP then it OK but flex connect can not, 
only I think in one case that you make WLAN is central switching not local switching, in that case you can use one vlan "native" and WLC will do WLAN-VLAN mapping. 

0 Helpful

Cheah Lit Thor
Level 1
Level 1
In response to MHM Cisco World

‎04-04-2022 07:32 AM

Thanks to your answer.

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎04-03-2022 12:47 PM

If your requirement is to assign the VLAN100 for users then do not configure any VLAN under the policy profile, the WLC assigns vlan-id 1 so clients will use the AP native VLAN for FlexConnect AP's. If you require you can configure VLAN ID 1 (not the default VLAN).

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Cheah Lit Thor
Level 1
Level 1
In response to Arshad Safrulla

‎04-04-2022 07:35 AM

Sorry i didn't get you can you please explain further? by the way thanks to your replied.

0 Helpful

JPavonM
VIP
VIP

‎04-04-2022 12:34 AM

Yes it will work without any problem now.

At the early stages of IOS-XE on C9800 there was an issue where AP3700 were unable to forward traffic for clients ona a WLAN mapped to the same NAtive VLAN.

I wouldn't recommend this kind of deployments to avoid any future issue.

To sum up over the last comment, using same VLAN for users and APs would potentially lead to a lack of security as any user connected to WLAN could create a DoS over the AP. Using separarated VLANS you can filter all traffic from users to management VLAN with an ACL to avoid this.

HTH
-Jesus
*** Please rate helpful responses ***

0 Helpful

Cheah Lit Thor
Level 1
Level 1
In response to JPavonM

‎04-04-2022 07:29 AM

Hi Thanks your answer.

 

May you please convenience to share me the document to stated this so i can further study on it? Appreciate.

(Yes it will work without any problem now.

At the early stages of IOS-XE on C9800 there was an issue where AP3700 were unable to forward traffic for clients ona a WLAN mapped to the same NAtive VLAN.)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card