Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
5
Helpful
1
Replies

Overlapping SSID's with separate WLC setup (5508 vs 9800)

Deepak Ambotkar
Level 1
Level 1

‎11-24-2021 09:30 AM

Hello experts,

 

I have a customer who has current setup with 3 SSID's (2 based on 802.1x and 1 on WPA2) where the old AP's connecting into the WLC 5508 and then to ISE authenticated using certificates (AD integration) except for gues wifi.

 

Now they would like to refresh with new parallel setup of new AP's but the new AP's have firmware compatibility issues with old WLC5508 so they decided to go for a new WLC VM 9800 connecting to the same ISE thats used for the old wireless setup.

 

Now, the customer would like to keep the same SSID's on the new WLC and they want to use the same VLAN's and DHCP setup that is used for the old setup.

 

I understand the AP's could share SSID's with mesh or WDS setup but here they are trying to overlap setup on old and new WLC setups.

 

I think the users will have intermittent connectivity and flaps (correct me if I am wrong).

 

Questions-

Will this setup work at all?

What will be the challenges on ISE?

What will be the authentication issues such as certificates, DHCP (overlapping subnet/VLAN), MAC address etc.?

 

Thanks in advance,

D

Labels:
0 Helpful
1 Reply 1

Arshad Safrulla
VIP Alumni
VIP Alumni

‎11-24-2021 12:13 PM

Yes, you can get it working, but there are many ways this go haywire. Remember it will be always L3 roaming between WLC's. If you are using any aWIPs or rogue containment it is highly recommended to disable it until you finish the migration. Also consider using different VLAN's (for example in 5508 Staff SSID - VLAN 10, 9800 Staff SSID - VLAN 20)

First you need to upgrade your 5508 WLC in to an IRCM capable image. Then build mobility tunnels with new 9800. 

Now comes the difficult part, 

1. RF group name need to match in both WLC's.

2. AP group names in 5508 must match policy, RF tags in 9800CL (RF profiles at both also must match)

 

I always plan on migrating or replacing AP's in one single roaming domain (one floor or one building) at once. If you have Prime it will be easier to migrate as you can use templates or you can configure the AP primary controller under AP to force the AP to move.

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card