cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1561
Views
7
Helpful
7
Replies

How to create two SSID with same name, encryption but two different VLANs

Hi,

I wanted to create two ssid with same name and encryption but both the ssid on different VLAN.

Have created two AP group and can map to each of the AP and wanted to roam between to AP with same SSID/encryption but different VLANs.

When I roam to another AP i want the client to get the IP address from the respective VLANs.

 

Please help to resolve this problem, thanks in advance.

Thanks,

Ganeshkumar

7 Replies 7

Sandeep Choudhary
VIP Alumni
VIP Alumni

 

Yes with 5508 wlc(not with 2504wlc) you can create 2 ssid with same name with same layer 2 security but you must do these 2 things:

1. Assign the WLANs to different AP groups.

How to create AP groups: http://rscciew.wordpress.com/2014/01/22/configure-ap-groups-on-wlc/

2. Set the WLAN IDs to a number greater then 17.

 

More info: Check my post about it:

 

https://community.cisco.com/t5/wireless-security-and-network/how-can-create-2-ssid-same-ssid-nave-and-same-security-web/td-p/2438613

 

Regards

Dont forget to rate helpful posts

Hi Sandeep,

Thanks for you reply.

I am using WLC5508.

I have created two AP group and one ssid.

While mapping those SSID to each AP group,

AP1 group-Interface/Interface Group(G) to management

AP2 group-Interface/Interface Group(G) to VLAN100(created newly with vlan id 100)

 

Now I am trying to roam between AP1 and AP2.

Client is not getting IP address from respective vlans, still holds AP1 vlan subnet.

I am expecting client to acquire IP from AP2 vlan 100 subnet.

 

Any suggestions?

 

Thanks,

Ganeshkumar

Using the same name? Then the client will not do DHCP when roaming, because for the client it's still the same network and thus no reason to restart DHCP.
If your client directly connects to AP2, is it working? That should work if your configuration is correct.

Hi is the ability to create two SSID names still supported on the Catalyst 9800?  For example Eduroam (configured for 5Ghz only) and Eduroam (for 6 Ghz only) to help mitigate issues with "transition" mode. Naturally this would need testing in the real world, or has anyone tried yet?

 

Thanks

Hi

 This is not going to happen. One the main and more important ability of capwap protocol is to be able to not change the IP address while you move from APs, otherwise there will be no roaming but disconnection and reconnection.

The WLC is perfect capable to keep your IP address even though you are connect in one AP that is not on that VLAN. Layer2 roaming and Layer3 roaming happens all the time in order to keep the connection.

 In your case, you need to disconnect and reconnect  and not do roaming.  And for that matter, keep the same SSID worth nothing.

JPavonM
VIP
VIP

@steve.blunt this is not going to work always because of the way client devices discover any BSSID on the 6 GHz band.

To avoid battery drain, devices will for (Reduced) Neighbor Reports (RNR) in other bands (either 2.4- or 5-GHz) so to check if there is a co-located BSSID been broadcasted in the 6-GHz band where to connect. This method is mostly used by devices such as phones and tablets due to the reduced batery.

There could be clients using preferred scanning channel as well.

The problem is that unless you make some packet captures, it is unlikely that all vendors do publish the method they use, and how they implement it as this is not in the standard.

See some analisys here from @Jiri Brejcha 

Many thanks Jiri, as you can probably guess I'm investigating the whole Eduroam question, particularly interesting was last weeks Heavy Wireless podcast from Mr Parsons exploring the subject (which I'm sure you are aware of). 

Review Cisco Networking for a $25 gift card