WLC Multi-Interface WLAN with static IP or DHCP reservations
We are in a hospital environment are are constantly running up against size limits on SSIDs. The new Interface group feature seems like the perfect solution for our problem. I do however have some devices on these SSIDs that have either a static IP address or a reserved IP based on their MAC address that gets assigned from DHCP.
I remember reading somewhere about the vlan / subnet allocation scheme, but I can't find it. I am concerned about the interaction here. Is it possible that all devices are assigned to the first vlan / interface and only look for a second one if DHCP is full? that seems too good to be true.
The devices are assigned a MAC hash that's get stored on the WLC. Addresses are issued in a round-robin approach from all the interfaces in the group.
If a client has a static IP configured in, for example, subnet A, and they are allotted subnet B, they will get moved to subnet A (override), before moving to the RUN state, if these conditions are met:
DHCP Required is disabled on the WLAN.
Subnet A is included in the VLAN or the AP group is configured on the WLAN.
The client sends some packet sourced with a static IP in subnet A within the DHCP_REQD interval (~ 2 min default value).
The DHCP_required interval is configurable and can have a maximum value of 120 seconds. Go to Controller > Advanced > DHCP Parameters > DHCP timeout (5-120 seconds).
If the static IP client has an IP address from a subnet that is part of the interface group which is mapped to the WLAN, then the static IP client that joins over that WLAN will move to a RUN state and can pass traffic. Otherwise, the static IP client cannot pass traffic.
Table of Contents
Table of ContentsOverviewConnecting a Catalyst 9800 WLC to Cisco DNA Center ManuallyConnecting an AireOS WLC to Cisco DNA Center ManuallyCisco DNA Center Assurance Deployment Guide References
The purpose of this document...
Securing devices without 802.1X
PSK (Pre-Shared-Key) WLAN is widely used for consumer & enterprise IoT onboarding as most of IoT device doesn’t support 802.1X. While PSK WLAN provides an easy way to onboard IoT, it also introduces challenges as...
Due to the certificate expiration, any new Control and Provisioning of Wireless Access Points (CAPWAP) or Light Weight Access Point Protocol (LWAPP) connection will fail to establish. The main feature that is affected will be the Acce...
Where to download
Attached files on this post
Alternatively, cloud version (only summaries)
New implementation for the WLC Config Analyzer. it is a new re-write of the application, with clean up and improved checks
Support for IOS...