Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
9
Helpful
26
Replies

Flex Profile Maximal

hs08
VIP
VIP

‎06-02-2026 07:58 PM

Hello,

My AP running using flex connect with WLC9800 and i will build dynamic vlan for this SSID. The vlan will be based on the department and i have more than 40 depts. The issue is when i create flex profile then i add vlan mapping then i got 'The maximum number of interfaces 16 have been added to the flex-profile.

How i can add more than 16?

Labels:
0 Helpful
26 Replies 26

hs08
VIP
VIP
In response to Stefan Mihajlov

‎06-04-2026 04:43 PM

If we split by creating mutiple flex profile then this not solve my issue because each AP only can connect to 1 flex profile. Imagine if the user move from 1 AP to another, then the client will have loss connection.

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to Stefan Mihajlov

‎06-04-2026 07:32 PM

@Stefan Mihajlov  take a look at my first commentary, this is not a option, because you just can configure on flex profile for each access point.

To be honest, the best option on this case is reduced the number of VLANs.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Rich R
VIP
VIP
In response to aleabrahao

‎06-05-2026 02:37 AM

To be honest, the best option on this case is reduced the number of VLANs.

Agreed with that - more than 16 VLANs is just extreme overkill.

Otherwise you have to change to central switching on WLC.

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

hs08
VIP
VIP
In response to Rich R

‎06-05-2026 03:15 AM

this mean change from flex to local, right?

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to hs08

‎06-05-2026 03:34 AM

No, reduce the number of VLANs. For Wi-Fi, it's unnecessary to have such a large volume of VLANs. If your firewall allows it, it's much easier to control whatever you want to control through rules according to the user group.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Rich R
VIP
VIP
In response to hs08

‎06-05-2026 03:50 AM

As @aleabrahao says the best approach is to reduce the number of VLANs.

this mean change from flex to local, right?
No - the AP can remain in Flexconnect Mode (or change to Local Mode if you prefer) but the point is that the WLAN must be central switching (break out at WLC) not local switching.(break out on AP switchport).

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to Rich R

‎06-05-2026 03:56 AM

 

  -  @Rich R                 If the AP remains in flexconnect, but the WLAN is centrally switch isn't then the functionality
                                   of flexconnect broken, when the controller becomes unavailable ?

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Rich R
VIP
VIP
In response to Mark Elsen

‎06-05-2026 04:04 AM - edited ‎06-05-2026 04:16 AM

The flexconnect functionality only applies to locally switched WLANs @Mark Elsen 
Under the covers flex also changes some AP behaviour (not configurable) with respect to timeouts for central authentication/association (necessary for sites on WAN links when using MAB and web auth for example).

Flexconnect behaviour matrix last fully documented for AireOS at
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-wlc-00.html 
but as far as I know there has not been any significant change in 9800 IOS-XE.

Although there is some info for 9800 in this:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/cat-9800-flexconnect-branch-deployment-guide-og.html#Advantagesofdistributingclientdatatraffic

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

hs08
VIP
VIP
In response to Rich R

‎06-05-2026 04:12 AM

If we change from flex to local then there is no 16 vlan limitation right? So i can still fullfill one ssid with dnyamic vlan even the valn more than 40?

0 Helpful

Rich R
VIP
VIP
In response to hs08

‎06-05-2026 04:18 AM

Yes

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

hs08
VIP
VIP

‎06-05-2026 08:51 AM

Let say i move my wlc from datacenter to the main office so AP and WLC located at same location, and if the AP still in flex mode but use centralize switching then we still need to make flex profile to map the vlan?

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to hs08

‎06-05-2026 10:44 AM

No, Flex Connect is just the operating mode of the access point (AP). What will determine whether the traffic is local or on the central switch is whether you enabled it in the configuration to operate on one or the other.

Don't forget that when changing the traffic to the central switch, you will need to have an SVI for each VLAN created on the WLC.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card