cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2687
Views
5
Helpful
8
Replies

FlexConnect AP Group - One SSID-Multiple VLANS - VLAN Mapping

hegefd
Level 1
Level 1

Hi 

I have a WLC8540 running 8.1 and have one SSID and i am running Flex Connect.  Cisco TAC told me that the code will allow multiple VLANS to be mapped to the same SSID but when i add a new vlan to the same SSID in the Flex Connect AP Group WLAN mapping tab it just overwrites the first VLAN that was mapped.  Any ideas on what needs to be done?  Cisco TAC was unable to resolve it on the first 2 trys but i am willing to go back to them on a third try.

Tampa FlexConnect AP Group - all AP's belong to it.

Tampa AP Group - all AP's belong to it

need vlan.s 40 through 48 added

issue:  each vlan that is mapped just changes the vlan before it and does not script out an additional vlan mapped to the same SSID

8 Replies 8

dpedavoli3
Level 1
Level 1

Hi,

You can accomplish this through Vlan Select

1: Create interfaces on the controller and associate them with vlans

2: Create an interface group and associate all vlan interfaces with that group

3: Associate the interface group with the WLAN in the general section.

For more detailed (and official) information, read below

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0100101.html

Thank you for this information.  Will this work for a Controller that runs only FlexConnect AP Groups.  I have 54 Sites that connect to this controller which i believe means that the Interface Group would have to include over 35 Vlans as they are not the same vlan at every site and yet all the sites use the same SSID. 

Hi,

This could cause a problem due it being the same WLAN,

Although I haven't tested, I would try associating all required vlans to one interface group and using this interface group to associate with the one WLAN.

emily00001
Level 1
Level 1

Hi, did you figure this out? From what I gather an interface group doesn't work in flexconnect but I would like the same effect of seemingly random assignment of clients to VLANs for the same SSID/WLAN.

Random assignment of clients to VLANs is not what you want with FlexConnect. The reason why is that clients might be switched to another VLAN when they roam between two access-points which will cause an active webex and voice call dropped. This is the main reason why Cisco build the whole tunneling infrastructure within the Converged Access solution as best of both (centralized and local switching) worlds

What you can do is define logical areas within your deployment. For all of these areas you can use another FlexConnect group and use other VLAN IDs. Ideal these areas are linked to different buildings with no roaming between them. If seamless roaming is still a requirement but you don't want or cannot stretch your client VLANs (or make them bigger), you should rethink your design.

Please rate useful posts... :-)

You are correct and maybe I was unclear when I wrote seemingly random in my question but I was referring to the even division of clients between VLANs in an interface group assigned to a WLAN as suggested in this thread but it only works in local mode and not flexconnect. The clients are assigned to a VLAN in the group based on hash of their MAC address so the VLAN doesn't change for an individual client but it seems random if that makes sense.

I could use multiple WLANs or a different method to assign VLAN but it's more maintenance and in the deployment using an interface group like assignment would be optimal. Unfortunately it's a continuous area so logically dividing it isn't a great option.

Hi Emily,

Yes I was successful in getting this deployed and it is currently in production and working without any issues since day 1 of deployment.  It has been in place for about 11 months now. 

frist:

I created the vlans in a flex connect vlan template and added the template to the flex connect group.  The vlans were already configured on the Cisco Core.  I also checked "override VLAN on AP" on the flex connect group.

next:

I then went to the Microsoft 2008R2 NPS server and created NPS policies for each vlan so that the attribute that would be sent from NPS matched the vlan the user needed to be assigned to.  Each user was also assigned to a specific AD group for each vlan and then the AD group was assigned to each policy.

There are a few more config items that I had to work and would be glad to share them if you would like.

Hi, thanks for sharing. Not necessary to share the remaining steps, my consideration was if this could be handled without the two ad groups and different policies. Would make user management easier for one.

Review Cisco Networking for a $25 gift card