Re: one SSID with multiple Vlans

Mahmoud · ‎08-17-2021

Hello,

#we have a centralized WLC to manage all remote sites APs with local switching mode

one SSID with a lot of VLANs for every team

#All clients request IPs from centralized DHCP at DC

we have business requirement to have each site use its local pool of IPs different than the other sites

I rad about flex connect mode but I dont know how to use same SSID with different VLANs

any help?

Arshad Safrulla · ‎08-17-2021

You are on right track keep on reading about Flex connect local switching, If you can drop more information such as WLC model, running code etc it will be more helpful as configuration will change depending on the platform (Catalyst or Aironet)

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Leo Laohoo · ‎08-17-2021

Depends on the firmware the controller is running on but there is a feature called Interface Group.

The concept is exactly the same as EtherChannel.

Arshad Safrulla · ‎08-18-2021

Hi Leo,

OP has below statement, "we have business requirement to have each site use its local pool of IPs different than the other sites"

So isn't the most viable solution Flex Connect?

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Leo Laohoo · ‎08-18-2021

@Arshad Safrulla wrote:

So isn't the most viable solution Flex Connect?

Yes and no.

Short answer, yes, FlexConnect will work.

We used this scenario many years ago and all our APs were local mode. The only way to determine which site a wireless client is located is the name of the AP. So our RADIUS server queries the AP name and then punts the user to the site-specific Dynamic Interface.

Mahmoud · ‎08-18-2021

thank u all for valuable reply

WLC model is 5508

Software Version 8.5.161.0

AP model AIR-CAP1602I-E-K9

I've created new SSID and enabled FlexConnect Local Switching

then switched the AP from local to felxconnect

but I can only map one vlan per ssid and I need to map all vlans to same SIID

Arshad Safrulla · ‎08-18-2021

You need to create Flex connect groups per remote site, add all the AP's in that site to the group and map the WLAN to VLAN. Otherwise you will have to go to each AP and do the WLAN to VLAN mapping one by one.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Mahmoud · ‎08-18-2021

how many vlans can be mapped to single SSID with flexconnect mode

I have more than 40 vlan per site

Arshad Safrulla · ‎08-18-2021

you can map only VLAN per WLAN, if you need multiple VLAN's you need to use Radius server with Dynamic VLAN assignment.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Mahmoud · ‎08-29-2021

Hello
I am confused about vlan template .should I add all vlans of remote sites at vlan template to the site?

I tried to add the vlan but the vlan template limited to 16 vlans which is less than the required .
I have cisco ISE for Vlan assignment

appreciate your support

Scott Fella · ‎08-29-2021

You need to look at the equipment you have and any limitations before trying to come up with a solution. Do you think its time to look at your current design and maybe re-design that? How many vlans do you have for users are each location? If you are not restricting traffic from each team and each vlan allows access to the same resources, then you don't need to have a vlan per team. Vlans should also have the same ID on each site for consistency and simplicity. Either way, the simple answer to your question is to use an external radius, which you have ISE and send the vlan id back to the controller. You don't need any vlan mapping, you just need to have a bogus one defined and then you would define all the vlans id's under the AAA VLAN ACL Mapping. Make sure the wlan has aaa override enabled and that should work for you. Keep in mind that ap's only can have a max of 16 vlans, that is why you need to look for another solution, either per site groups or a re-design of your current to allow you to achieve the 16 vlans per ap.

-Scott
*** Please rate helpful posts ***

Mahmoud · ‎09-07-2021

I have followed the configuration guide but have still issues to broadcast the new ssid

-created SSID with local switching enabled.

-created new flexxconnect group ,add app , add vlan at AAA VLAN ACL Mapping

from AP console I can see the ssid but in down state