Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
2
Replies

Integrating CISCO CCA with WLC

waleedm
Level 1
Level 1

‎04-29-2012 09:31 AM - edited ‎07-03-2021 10:04 PM

I have a centralized WLC ver 7.2.103.0 in the data center. I need to integrate the WLC with my current NAC deployment; CCA ver 4.8.3 OOB virtual gateway.

The only way i found is to have for each certified vlan one SSID. Given that in my deployment each department is one certified vlan, this means that I can have only 16 departments maximum that can use my Wireless service, since that the the limitation on the WLC is 16 SSID.

I have looked over the CISCO website and on the internet for any document describing how to integrate the CISCO WLC with the CISCO NAC using one single SSID (e.g. SSID name Employees), which can hold all trusted / certified vlans, however I failed to find any.

Is there any way to have one SSID with multiple trusted vlans in an OOB virtual gateway NAC deployment? And if there is a way to have it user-role rather than port-based?

Labels:
0 Helpful
2 Replies 2

Tony Rosolek
Level 1
Level 1

‎04-29-2012 06:09 PM

Hi, i dont know many about NAC.

But you can use one SSID with multiple different Vlans.

Your search-keywords should be: AAA override, different dynamic interfaces

Here is an radiusguide, i think there is something similar for NAC.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Sent from Cisco Technical Support iPhone App

||| Please rate helpful posts. Thanks! |||
0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni

‎04-29-2012 11:17 PM

Salam Walid,

I think you can easily do it in two ways:

- you can use AP gropu feature on WLC. This way you can use multiple VLANs on even same SSID name.

- you can use aaa override to override the vlan to which clients are connecting. This needs your SSID to be intergrated with radius server and configure the radius server to assign specific VLANs to specific users. This needs AAA override enabled on the WLAN. Tony posted the config example for this in his above post.

Those links will be useful to you:

- http://tiny.cc/5rdkdw (this config example shows old image but it is very useful for illustrating the idea).

- http://tiny.cc/czdkdw (this link is from config guide).

I hope the links explains to you all what you want to know

but note please that you are limited to up to 512 dynamic interfaces on WLC so if you have more than 512 VLANs this option may not fully work for you.

There are also limitation for number of APs per AP group depending on your hardware model. 5508 WLC for example can create up to 500 AP groups, not more. Having your run 7.2 I think you have new WLC hardware (5508, WiSM2..etc). which will usually support as much as 5508.

Hope this helps.

Amjad

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card