Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1028
Views
35
Helpful
10
Replies

WLC9800CL

Go to solution
Allan001
Level 1
Level 1

‎02-12-2023 05:58 AM

Good day all,

My name is Allan. I want some help configuring WLC-9800-CL HA. The controllers are already up, and I can access them on the ESXi server. The main issue is how to add three departments so that they can access Wi-Fi using different SSIDs. I have three departments listed below. 

HR > 10.10.x.x/24 - VLAN 3 

Finance >172.16.x.x/24 - VLAN 4 

Admin > 172.16.x.x/24 - VLAN 2 

Here is my thinking, I will create three WLANs in the controller with their respective SSIDs. In the controller, again configure three SVIs 10.10.x.254, 172.16.x.254, and 172.16.x.254. 

After that, I will create static or default routes for each subnet, pointing to the gateway. Then Configure Gi2 of the controllers as a trunk and allow the three VLANs. 

Then on the Core Switch, where I have the SVIs for these Subnets, I will add DHCP option 43 for each subnet. 

Kindly advise if this is correct; if not, please point me in the right direction. 

I really appreciate any help you can provide.

Allan

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-12-2023 06:32 AM

You are in the right direction - Make sure Switch SVI as Gateway when you configure your DHCP for users' IP addresses.

configuring SSID PolicyTAG / SITE TAG / RF TAG   - if you did not come across this before?

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213911-understand-catalyst-9800-wireless-contro.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Allan001
Level 1
Level 1
In response to Rich R

‎02-13-2023 07:18 AM

Good day, Rich,

Thank you so much for the info provided. I have taken note of your advice!

Thank you!

View solution in original post

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎02-13-2023 01:54 PM

@Allan001 do you happen to have a radius server like Cisco ISE or something else?  You might be able to just create your vlans, but then have one SSID and then depending on the OU the user belongs to, you can define the vlan.  This is assuming you are using 802.1x.

-Scott
*** Please rate helpful posts ***

View solution in original post

10 Replies 10

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-12-2023 06:32 AM

You are in the right direction - Make sure Switch SVI as Gateway when you configure your DHCP for users' IP addresses.

configuring SSID PolicyTAG / SITE TAG / RF TAG   - if you did not come across this before?

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213911-understand-catalyst-9800-wireless-contro.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Allan001
Level 1
Level 1
In response to balaji.bandi

‎02-12-2023 06:52 AM

Hi Balaji,

Thank you so much for getting back to me so quickly. I will go through the URL provided; you are a lifesaver. If I am stuck somewhere, I will respond to this thread again.

Thank you!

Allan001

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Allan001

‎02-12-2023 09:41 AM

No worries, thanks for sharing your feedback. you should be good...

make sure if you doing anchoring/mobility , MAC Address should be same for HA Active and standby (if not when it failover mobility will not work)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
marce1000
VIP
VIP

‎02-12-2023 09:16 AM

 

  - Also note that  before  production use , during and or later you can always have a checkup  of the  WLC-9800-CL HA   configuration with the CLI command : show  tech   wireless , (on the current master) have the output analyzed by  https://cway.cisco.com/tools/WirelessAnalyzer/  , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer.              This procedure is strongly advised.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
Allan001
Level 1
Level 1
In response to marce1000

‎02-12-2023 09:56 AM

Hi, Marce 1000,

Thank you very much. I will test with the command " show tech wireless". 

Much appreciated.

Allan001

Go to solution
Allan001
Level 1
Level 1
In response to marce1000

‎02-13-2023 09:29 AM

Hi MArce1000,

Thank you very much. I will test with the "show tech wireless" command in
green.

Much appreciated.

Allan001
0 Helpful

Go to solution
Rich R
VIP
VIP

‎02-13-2023 05:40 AM

Just one comment to add:
In the controller, again configure three SVIs 10.10.x.254, 172.16.x.254, and 172.16.x.254. 

As per 9800 best practices guide (link in my signature below) it is not recommended to configure SVI on 9800 except where specifically required for specific features which only work with SVI on WLC.  You should simply be bridging the WLAN traffic to the VLAN with the SVIs on your switch.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Go to solution
Allan001
Level 1
Level 1
In response to Rich R

‎02-13-2023 07:18 AM

Good day, Rich,

Thank you so much for the info provided. I have taken note of your advice!

Thank you!

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎02-13-2023 01:54 PM

@Allan001 do you happen to have a radius server like Cisco ISE or something else?  You might be able to just create your vlans, but then have one SSID and then depending on the OU the user belongs to, you can define the vlan.  This is assuming you are using 802.1x.

-Scott
*** Please rate helpful posts ***

Go to solution
Allan001
Level 1
Level 1
In response to Scott Fella

‎02-13-2023 11:57 PM

Hi Scott, 

Thank you so much for the technical advice. Unfortunately, we do not have ISE. We are using a different FW. So many solutions from the community team. Thank you!

Regards, 

Allan001

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card