Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
4
Replies

WLC 5508 issue

jguremka1
Level 1
Level 1

‎08-06-2014 11:21 AM - edited ‎07-05-2021 01:20 AM

 

We already have WCL 5508 setup with several SSIDs. We plan to create a new one and assign to new VLAN. However:

 

1. About 240 devices, laptops, IPods, etc will be connecting to that single SSID - is there any way to resolve that? I don't want to create multiple vlans and ssids for 30 devices.

 

2. I would like to create ACCT and Service SSID and have them access different vlans: for example

ACCT should have access to printer, server, Internet access

Service only Internet and server access.  Can I use ACL in WLC 5508? WLC 5508 is connected 8x to 3750 > 4900 > ASA 5510. There are only 2 and total would be 5 ACC list on it. Is this will be better idea to put ACC list on 3750 or 4900 or even ASA?

I am new to WLC controller and trying to figure it out asap. Thank You.

 

-John

Labels:
0 Helpful
4 Replies 4

Rasika Nayanajith
VIP
VIP

‎08-06-2014 12:27 PM

Hi John,

Your distribution layer where SVI defined is the best place to use ACL to control traffic. WLC is not a good place.

 

Would you be able to clarify your first query little bit more. I did not understand what is your requirement

 

HTH

Rasika

**** Pls rate all useful responses ****

 

 

0 Helpful

jguremka1
Level 1
Level 1
In response to Rasika Nayanajith

‎08-06-2014 12:49 PM

Hi Rasika,

 

I appreciate your response and BIG THANK YOU!

2. so the ACL should be applied on Cisco 4900 since this is core switch for the specific VLAN that is used by the SSID configured on WLC 5508 - right?

 

1. I am worry about performance when 240 devices will be connected to one SSID (one vlan). Is there any way to fix that on WLC 5508. I have seen AP Group VLANS with WLC controllers - dont know if that would help here.

 

For now I created ACL on WLC5508 for now, but I am able to ping from 10.2.91.0 SSID all other vlans. This ACL should prevent accessing other vlans besides:70 101 115 and 91 which is assigned to that SSID.

 

Preview file
167 KB
0 Helpful

jguremka1
Level 1
Level 1
In response to jguremka1

‎08-06-2014 12:51 PM

I think ICMP is allowed to access all VLANS so thats why I am able to ping all networks, but besides ping anything else should be dead - right?

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to jguremka1

‎08-06-2014 12:56 PM

Hi John,

1. 240 devices per SSID is not a huge number. If you are concern about number of IP addresses available in a single vlan, you can always use interface group(or vlan select feature) to map multiple vlan to the same SSID. Refer below for better understanding of that feature

http://mrncciew.com/2013/01/27/understanding-vlan-select-feature/

AP-Group is another option, but above is much easier from administration point of view.

 

2. Yes, 4900 seems like best place to control inter-vlan traffic as that is the place where you define L3 interface (or gateway) of each of these user vlan

 

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card