One ssid to multiples vlan without hreap, flex connect

ivan.martin · ‎05-23-2013

Hi my name is Ivan

I have a question about a wireless solution

I have one cisco wlc 2112 with ios 7.0.230.0 with license to support 12 access points. My access points are nine (9) lap1231ag and one (1) lap1310

I just have one wlan (ssid). My scenario of deployment is in layer 3. I have one interface management and ap manager in the WLC. All my Access Points

have differents ip address that WLC. I need to configure a unique ssid to associate my six (6) dynamics interfaces (each dymanic interface with different vlan subnet).

Each wlan profile (ssid) should have the same security in phase 2 (wpa2/psk). My cisco access points don't support hreap. My wlc support only (4)

interface into an interface group, and i need six (6) dynamics interfaces.

Is this possible to configure this scenario?

I have a research about it, and i found this link:

https://supportforums.cisco.com/thread/2180009

They mention there, that i need HREAP, but my AP's dont support it.

How can i do it?

Regards

David Watkins · ‎05-23-2013

The answer on the thread you provided is what you want to do. If not using Flex/HREAP you will want to take advantage of interface mappings within AP groups.

Lets say you have 2 APs for each of your 6 sites/locations. You would build AP groups for each of the 6 locations, and add the WLAN to the group as well as the 2 desired APs, then change the WLAN->interface mapping so that the AP group uses the desired interface. This will achieve, for instance, AP group A has WLAN X using interface A, AP group B has WLAN X using interface B. That's the same SSID in each location (ie. one WLAN on the WLC) that's using different L3 interfaces, depending upon the AP's group association.

Per the correct answer in the thread you linked...

"So all the vlans come back to where the WLC is located.... then you can use ap groups and define what ap's will have what ssid and what interface they will use. Makes sense?" - Scott Fella

ivan.martin · ‎05-23-2013

Thanks for your reply,

Please, just to confirm:

1° It doesn't matter that my buildings are connected between layer 3 links, having my WLC in a different VLAN/Subnet.

2° It doesn't matter what interface is associated to the WLAN in the WLAN profile.

3° It is not necessary to create an interface group.

Am i right?

The first answer in the link I quoted say this:

"Depends... is your building connected via layer 2 or layer 3. If layer 3, you need to setup the access point in your other building in h-reap mode and setup you ssid to h-reap local switching. This will allow you to map the ssid to the correct vlan at that location" by Scott Fella

That's what confuse me, because it says I need h-reap if building are connected via layer 3.

Regards

David Watkins · ‎05-23-2013

1°  It doesn't matter that my buildings are connected between layer 3 links, having my WLC in a different VLAN/Subnet.

Correct. The APs do not have any requirement of being L2 adjacent to the WLC. If your APs are already joined, they will no how to find the WLC once you move them to their new network. I would suggest making sure you have High Availability configured specifying the APs primary WLC. Regardless, if joined already, the AP "knows" the controller it wants to join. If you have "new" APs that are installed at a different L3 network, you just want to make sure you have discovery methods for these new APs to find the WLC (option 43, dns, etc)

2° It doesn't matter what interface is associated to the WLAN in the WLAN profile.

That depends on your design. "IF" you have "all" your APs placed in to respective custom AP groups, then no it doesn't matter as the group interface assignment will override the WLAN interface assignment. "IF" you still have APs in the "default group" that are not being placed in a new AP group, then these APs will inherit the WLAN configuration so the interface should be assigned accordingly. In some cases, customers may choose to build a dummy/blackhole interface that the WLAN is bound to in the event an AP winds up in the default group. Just make sure any dummy interfaces you create are non-routable on your network.

3° It is not necessary to create an interface group.

No. An interface group will bundle multiple dynamic interfaces in to a single group that can be assigned. For instance, if you bundle all these in to a group and then assign, via an AP group, for a WLAN to use the new interface "group", then clients will be placed on the respective dynamic interfaces within that group in a round-robin fashion (or whatever algorithim is in use depending on code release), therefore clients at site A may end up on any of the 6 interfaces. The interface group is traditionally used when customers are running out of usable space and would like to expand through the use of additional network segments, rather than increasing a subnet size through a mask reduction.

Andy Ruiz Inami · ‎05-31-2013

Thanks a lot for your reply!

Btw, if I make these changes, would they be transparent to users?

In my case, we use wpa2+psk but the users don't have the key.

Scott Fella · ‎05-31-2013

Depends on what changes you plan on doing. Moving AP's to a different AP Group will reboot the AP. making changes to the WLAN/interface mapping in the AP Group will require you to delete the old entry and creating a new one which will impact users. Changing anything on an WLAN will cause a slight impact to the users. So I would do this during a change window is that's required.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Andy Ruiz Inami · ‎06-03-2013

Sorry for the misunderstanding. I'm going to upgrade from autonomous to lightweight with the same conditions mentioned in the original post. That is, I have autonomous access point LAP1231AG and LAP1310, and we are going to move to a WLC 2112 with software 7.0.230.0. The scenario is layer 3 and we are going to keep the same SSID, same vlans, same subnet ip addresses, same authentication method, and same pre-shared key.