Showing results for 
Search instead for 
Did you mean: 

Configuring Access Points for Two Separate Networks

Spidey's Curse
Level 1
Level 1


I will preface by saying that I am still a novice with Cisco configurations. I am getting better, but man....some of this stuff is WAY over my head.

I will try to be as detailed as possible here.


So, what I am trying to do is create two networks. The biggest huddle I am going through here is just trying to get my wireless controller to talk to my domain controller.


My set up is:

9800 Core Switch -

C9120AXI-B  with wireless controller enabled. 

I also have 5 C9105AXI-B access points.

I have my access points on a network


As stated, I just need to figure out how to get the wireless networks that I created to get to the domain controller.

I tried using DHCP 43, but it just doesnt work and I have a feeling that I just have something way misconfigured.

Do I need to create a VLAN for each wireless network (guest and office wifi)on my core switch?
For instance, I would like to have devices that connect to the office network something like

Office -

Guest -


Do I need to configure the VLAN on the core switch first?

When I create the VLAN on the core switch, am I tagging ALL ports for the wireless VLANS, or do I just tag the ports that I have the wireless controller and the access points? Assuming I would make those trunk ports.

After I configure the VLAN on the core switch, how do I get the wireless controller to direct traffic to the domain controller?

I think as soon as I am able to get the access points to see DHCP, I can figure it out from there, Im just really struggling how to get everything connected here. 


I apologize in advance if this is a bit of a chaotic question, but any response, advice or guidance is very greatly appreciated! 

3 Replies 3



  >...As stated, I just need to figure out how to get the wireless networks that I created to get to the domain controller.
  >I tried using DHCP 43, but it just doesn't work and I have a feeling that I just have something way misconfigured.

    These statements are blurred , fuzzy and incorrect ; for instance DHCP option 43 is only used for APs to have them discover a controller. You don't have wireless networks 'get to a domain controller' , well they might depending on the intranet layout : it looks more like you need basic training and expand fundamental knowledge before returning to the forum (tx), 


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

"9800 Core Switch -"
What is it exactly, 9800 WLC or a switch? If it is WLC you have to set it up first where those APs (9120 and 9105) come and register. If that WLC has configured with initial configuration, please check from your APs you can reach out (simply PING from WLC to APs)

For APs to know about WLC MGT IP, you can configure DHCP option 43 on AP management subnets. If you have a AP SSH or console access, you can simply try "capwap ap primary-base {9800_WLC_Name} {WLC_MGT_IP}" CLI command to verify your AP able to register with 9800

Regarding vlans, you need to define them on 9800 connected switch and create SVI (vlan interface) on that switch. On 9800, you just need L2 vlans and no SVI required for client vlans.

*** Pls rate all useful responses ***


Rich R

Like Marce says some clarification needed and I highly recommend reading docs and watching videos to understand what you're working with before you start configuring.  Also use sample/example configs and adapt as needed for your own use.

As @Rasika Nayanajith 9800 is not a switch it's a wireless LAN controller.  Having a WLC and C9120AXI-B  with wireless controller enabled (EWC) is NOT SUPPORTED - it will cause problems.  Maybe you meant some kind of Catalyst 9x00 switch?

Yes the APs must be connected to trunk ports on the switch.

The APs must all be on the same AP management VLAN (which will be the native VLAN on the AP trunk ports) and they will discover the EWC automatically by subnet broadcast (no option 43 needed).  You DHCP can simply be a pool for that VLAN on the switch.  Does no harm to configure option 43 but not essential.

Yes you should have a separate VLAN for each WLAN/SSID.  The APs use flexconnect local switching to bridge the client traffic direct to those VLANs from the APs.  Yes the VLANs should be configured on the switch and allowed on the AP ports.

What do you mean by "trying to get my wireless controller to talk to my domain controller."? Are you wanting to use the DC for wireless user authentication or you just want the users to be able to connect to the DC?
When reading the guides remember EWC only supports flexconnect local switching.  The EWC does not support any central switching, VLANs, SVIs or any other feature which depends on VLAN or SVI.  The EWC WLC has only 1 single IP interface which doubles as the management access (SSH and GUI) and the AP management (CAPWAP) interface.  The AP part uses the VLAN purely to switch the wireless client traffic to the VLANs.  The EWC does not store AP images so all AP images must be downloaded from a TFTP server (TFTP server IP is configured on the EWC which tells the AP where to fetch the image).  You could use your switch as the TFTP server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card