Solved: Re: Open Authentication on Specific Group of Access Point

Shubham Bharti · ‎12-12-2018

We are working on a deployment, where Customer has a shared WLC (shared among multiple sites), with a common SSID. One of the locations/sites require the ISE deployment to be in Low Impact/Monitor mode. The rest of the locations are still using a different Radius Server for wireless authentication, all in closed mode. So the only distinguishing factor is the APs for that location. How do we make sure the WLC only enforces Open auth on those AP or clients?

Shubham Bharti · ‎12-14-2018

Thanks Scott. Got my answer from one of your previous posts.

We can create 2 SSID with same name and security policy, just that second WLAN needs to have ID of 17 or more.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_wlan.pdf

View solution in original post

Scott Fella · ‎12-12-2018

You would use AP Groups and assign the aps to specific groups. AP Groups have the wlan and vlan mappings also.

-Scott
*** Please rate helpful posts ***

Shubham Bharti · ‎12-13-2018

Thanks Scott,

But the WLC is of 7.6 version where we are doing the POC and we are not able to create a new WLAN with the same SSID that can point to different AAA server for that specific AP group. Is this something that has come up in 8.x version?

I get the error : WLAN with duplicate SSID and L2 security policy found.

I cannot change both as the SSID needs to be same and it should accept WPA+WPA2.

Shubham Bharti · ‎12-14-2018

Thanks Scott. Got my answer from one of your previous posts.

We can create 2 SSID with same name and security policy, just that second WLAN needs to have ID of 17 or more.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_wlan.pdf

Scott Fella · ‎12-14-2018

Yeah that is it:)

-Scott
*** Please rate helpful posts ***