Solved: Re: Create WLAN in WLC for a remote site with VLAN not existing @ WLC

mauricio2099 · ‎10-14-2022

Hi Community,

I have an office which APs are registered on a WLC5500 installed on a remote location, so communication is through WAN.

Once I set a new WLAN on another WLC with APs sharing office and I had to Tag the new VLAN on the controller trunk and then create SSID and so on. But in this case I don't know what to do as WLC and APs will not share Layer 2 path as they are physically on different locations.

I have to create a new WLAN-SSID for this office on VLAN 200. I don't know what to do in the WLC apart than creating the WLAN. VLAN 200 doesn't exist where the WLC is and I don't know if the WLC will force to put a VLAN identifier somewhere.

Can you please advise how to set this up?

Thanks for your help and time

Rich R · ‎10-21-2022

You can create a dummy interface on the WLC but it won't be used so no need to configure the switch.
You create the WLAN - VLAN mapping for the local switching on the AP flexconnect tab or with a flexconnect profile applied.
The traffic will simply exit the AP trunk port on to the local switch - it will never traverse your L3 WAN circuit to/from the WLC.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

balaji.bandi · ‎10-14-2022

The question is confusing here.

You already have central WLC and remove the AP register with this?

Do you want to install a new WLC in a remote location and add a local AP to the new WLC?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mauricio2099 · ‎10-14-2022

Hi,

Im a looking to add a new SSID for VLAN200 in Office A but the WLC for the APS of this office is in Office B. I think the question is how to create a new SSID that can work for existing APs in a remote office.

Thanks!

balaji.bandi · ‎10-14-2022

1. Create a Layer 3 VLAN where WLC connected switch

2. Create WLAN Interface

3- create new SSID.

4- create new AP group and assign the new SSID to this group. (AP of the remote location ) - along with OLD SSID

5- assign this AP group to the APs in that specific location.

example :

https://mrncciew.com/2013/05/30/configuring-ap-groups/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mauricio2099 · ‎10-14-2022

Hello Balaji, very interesting information, thank you. In my WLC configuration I can see AP Group exists for Office A.

I have questions regarding point 1 and point 2.

Does VLAN ID 200 has to be created then on the Network where the WLC exists? And then use it to configure an L3 Interface at CONTROLLER>Interfaces ?
Office A is a remote network and L3 routing exists to reach it. it is not a P2P link passing L2 VLANs.

I asked this because I can't follow the logic of creating the VLAN in WLC Office B if it is not propagated to Office A. I honestly don't understand how traffic is tunneled between WLC and APs.

Could the WLC re-use an existing WLAN interface? An how the APs will know new SSID matches with VLAN200 at office A?

Thank you

Rich R · ‎10-15-2022

I think I know what you're trying to do ... You want to connect the new SSID to vlan 200 in office A right?
Assuming I've got that right you need to use Flexconnect Local Switching.
The AP must be in Flexconnect mode (it probably is already?) and the WLAN must be configured for FlexConnect Local Switching (Advanced tab, Flexconnect section).
The AP must be connected to a switchport with trunk configured which has vlan 200 allowed and all the traffic from the WLAN will simply be dumped on vlan 200 locally instead of tunnelled to the WLC.

Cisco doc from @Rasika Nayanajith's blog https://mrncciew.files.wordpress.com/2014/03/brkewn-2016-branch-office-wireless-lan-design.pdf

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/flexconnect.html

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

mauricio2099 · ‎10-17-2022

Thanks @Rich R
Thanks for the explanation. APs are in Flexconnect mode and Other SSIDs are in FlexConnect Lcal switching. I could follow the steps provided by @balaji.bandi which would be the step by step to follow the same you are mentioning.

"The AP must be connected to a switchport with trunk configured which has vlan 200 allowed and all the traffic from the WLAN will simply be dumped on vlan 200 locally"
Do I have to create VLAN200 on switch and WLC in the branch office where WLC lives? (for the interface creation in the WLC at CONTROLLER>Interfaces). This vlan doesn't exist here. I think is a requisite or I wont be able to continue with the setup.

Then the VLAN ID 200 on Branch office... is it going to match with VLAN 200 that is in the remote office A? How this can happen between both sites if they are connected through a L3 WAN circuit.

Rich R · ‎10-21-2022

You can create a dummy interface on the WLC but it won't be used so no need to configure the switch.
You create the WLAN - VLAN mapping for the local switching on the AP flexconnect tab or with a flexconnect profile applied.
The traffic will simply exit the AP trunk port on to the local switch - it will never traverse your L3 WAN circuit to/from the WLC.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

mauricio2099 · ‎10-26-2022

As you mentioned, I added VLAN ID in the interface creation in the Controller and didn't have to create in the switch.
In the remote office A the only thing is that I had to put VLAN ID 200 in the trunks of the Access ports.
Users got connected to the new SSID and with an IP on VLAN200.
The process of creating the WLAN and adding to the AP Group is exact, shared by @balaji.bandi
But your comments that lead me to create a dummy interface (which was my main concern) were was I expected. Thanks all for your help

Create WLAN in WLC for a remote site with VLAN not existing @ WLC site