Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
2
Replies

Single wireless (V)LAN across multiple buildings?

Jellyman_4eva
Level 1
Level 1

‎03-15-2012 02:22 PM - edited ‎07-03-2021 09:48 PM

Hi,

As mentioned in the LAN section of this forum I am moving away from a completely flat L2 network to a segmented network using VLAN's in multiple buildings.

So for my implementation I envisage per building:

Printer VLAN

Server VLAN

Administration VLAN etc.

So essentially a geographical segmentation...

Now I am being asked to look into wireless to bolt onto this network and was wondering how it was done? For example do people stretch a single VLAN across their entire site and allocate a large network (/22 etc)... or do people carry on the wired methodology and create VLAN's per building such as:

Guest SSID/VLAN

Employee SSID/VLAN

Contractor SSID/VLAN etc..

I have read this document:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html

And section 4.2 seems to apply completely to me:

7. Existing wired VLANs deployment:

•Wired VLANs are localized per building (use of unique VLAN-IDs per building).
•Layer 3 policies are implemented on all VLANs to prevent users from accessing critical applications such as network management servers, and so on.

However I do not understand this part:

Note:    In this deployment scenario, VLANs are localized per building with user group mapping to wired VLAN-IDs different for each building. In order to enable users to access the WLAN from anywhere on campus, SSID access control is recommended rather than fixed VLAN-ID assignments.

Can anyone shed any light on their approach?

Labels:
0 Helpful
2 Replies 2

davy.timmermans
Level 4
Level 4

‎03-16-2012 08:26 AM

An SSID is mapped generally mapped to a dynamic interface which is mapped to a VLAN.

It's a good start to start with creating SSIDs based on your needs users/voice/guests

1)corporate-users

2)voice (if applicable)

3)guest (if applicable)

==> Each SSID/WLAN has some properties you can specify (authentication method/Qos requirements....)

Your design depends on the # APs, location AP, # WLCs, remote sites with WLC, ...

Considering a campus with 1 or 2 WLCs -

it's perfect possible to use a /22 for the SSID corporate users. This because broadcasting is disabled bydefault on the wlan + the vlan is not stretched across the LAN. The vlan only exists between the WLC and the first L3 hop- and not at the access switches.

An SSID guest could be mapped for example to a dynamic interface with an unrouted vlan which ends on the firewall.

(An SSID is mapped to a VLAN via a dynamic interface)

HTH you already a little bit

please - Rate helpfull post

0 Helpful

Matt.Dohan
Level 1
Level 1

‎03-16-2012 08:41 AM

There isn't necesarrily any need to segment wireless LANs off like wired ones, and the approach we take at my workplace is wirless LAN segmented by function, so we do have a couple wirelss networks spanning several buildings, and no problems because of it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card