09-24-2019 05:58 AM - edited 07-05-2021 11:02 AM
I've been tasked with setting up Certificate based authentication on our wireless network. i'm close but am looking for advise from anyone who might have done this or something similar. we have a semi-complex architecture. One primary facility and three satellite facilities that are geographically diverse. Currently i'm running Local mode AP's at the primary facility where the WLC is, and Flexconnect at all the satellite facilities.
I've got the certificate auto-enrollment policies in place and they work fine, and i've got a test SSID setup which works fine for the primary site. is there a way to do a gradual transition at the Flex connect sites by using two different SSID's on the same vlan? what i'm running up against is the inability to map the test SSID to flexconnect AP's because they already have the Vlan mapped on a different SSID.
error is "nWlan-Vlan mapping only allowed for locally switched Wlan"
.
Solved! Go to Solution.
09-26-2019 05:12 AM
figured it out. the new network was not setup for Flexconnect local switching. enabled that option and it let me add it.
09-24-2019 11:21 AM
Hi
I have different SSID mapped to the same vlan. Are you doing it on AP level or flexconnect group level?
-If I helped you somehow, please, rate it as useful.-
09-25-2019 04:52 AM
I'm not real sure how to answer that. for now lets disregard my primary facility because it works fine there but the AP's are in local mode.
the satellite facilities are in flexconnect mode. I handle SSID assignments via Ap Groups, and Vlan mappings via Flexconnect groups. I add the SSID to the AP group (whish should make the SSID broadcast on all AP's in the group). then i go to flex connect group and add a vlan mapping for Wlan ID 19 to Vlan 10. this is where i get my error. because Vlan 10 is already mapped on Wlan ID 3.
If I go to the flex connect tab on one of the group AP's once the SSID has been added to the group and click on Vlan mappings it shows the two SSID's I expect and then the new one with no Vlan assignment is listed under centrally switched Wlans.
09-25-2019 05:38 AM
If you take a look on the attached pic, we´re going to see different wlan ids mapped to the same vlan. I took this form my wlc.
Do you have on the satellite site the vlan you are trying to map, right ?
09-25-2019 06:03 AM
only difference is I don't have the override Vlan option checked. not sure what that does.
09-25-2019 06:04 AM
I checked the override Vlan option and tried again, but got the same results.
09-25-2019 07:08 AM
Which WLC model and version do you have?
Do you have the vlan locally created on the satellite site?
-If I helped you somehow, please, rate it as useful.-
09-25-2019 07:55 AM
i'm running 8.2.166.0 on a 5508. The vlans are all created at all sites, but I can't imagine the WLC would be aware or care about that.
09-25-2019 10:19 AM
The WLC does not, but the AP yes. After all, you are telling him to drop client´s traffic on the local network, right? You need to have AP port as trunk with the switch and native vlan in order to the AP talk with WLC and local network.
-If I helped you somehow, please, rate it as useful.-
09-26-2019 05:00 AM
I see what you're saying. although this would have nothing to do with setting up the configuration on the WLC you are correct. my APs are on ports configured as trunk ports with the desired Vlans set as allowed.
09-26-2019 05:12 AM
figured it out. the new network was not setup for Flexconnect local switching. enabled that option and it let me add it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide