Flex Connect Groups - WLAN to VLAN mapping

I have a question about configuring WLAN to VLAN mapping on FlexConnect Groups.
Do the mappings that are configured in the FC Group get inherited by the APs when they are placed in the group?
It seems like they do not.
I am playing around in a lab with a virtual WLC running 7.5 and an old 1131 AP.
If I configure the WLAN to VLAN mapping on the individual AP, it works as expected.
If I configure the WLAN to VLAN mapping within the FC group and add the AP to the group, it does not.
The AP does not inherit the settings from the Group.
I am wondering how you would deploy a lot of APs without having to configure each AP individually.
Thanks

Yes, you are correct. It is not like normal AP groups where it will map WLAN to AP belong to that AP group.
Anyway since you have to convert each AP manually to FlexConnect mode, you should do the WLAN mapping at that point as additional step.
FlexConnect Group is mainly to give fast roaming feature for FC APs in brach deployment solution (typically not so many APs). Also keep in mind you can have maximum  25 APs in FlexConnect AP group for WiSM2 or 5508 & you can go upto 100 in 7500 WLC. (see table 7.3 in below link)
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1108090
HTH
Rasika
**** Pls rate all useful responses *****

Similar Messages

  • Flex Connect Across Multiple VLANS same SSID

    I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
    Example below:
    1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
    2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
    3) Client walks back to first AP and connectivity is restored
    Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

    Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN.  The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x.  I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Single Corporate SSID + Single Guest SSID across 200 sites over VPN with Flex Connect

    We have two main sites (East Building as DR + West Building as BDR) + 100 remote sites / all connection between the sites based on VPN / OSPF
    East building has 1 WLC 5508 with a license of 500 AP
    West building has 1 WLC 5508 with a license of 500 AP
    50 remote sites in East
    Each East remote site have 5 AP (AIR-LAP1142N + AIR-CAP2602I)
    Total AP in all the 50 remote site in East is 250 AP
    50 remote site in West
    Each West remote site have 5 AP (AIR-LAP1142N + AIR-CAP2602I)
    Total AP in all the 50 remote site in West is 250 AP
    Hardware available are:
    2 * WLC 5508
    2 * ACS 5.2
    Most of the switches that connect to the AP are 2960G
    All the AP are
    AIR-LAP1142N-E-K9
    AIR-CAP2602I-E-K9
    Requirements in Brief:-
    1 SSID for Internal user across all the sites
    1 SSID for Guest user across all the sites
    All IP for all the sites based on their local subnet
    All the remote sites need to be Flex connect
    The 2 WLC need to configure as failover
    Requirements in Details:-
    One Corporate ABC-SSID for all the sites
    One Guest ABC-SSID for all the sites
    The WLC in East building is the primary which control all the East remote site (250 AP)
    The WLC in West building is the secondary which control all the West remote site (250 AP)
    A fail over between the two WLC as below:
    If the WLC in east fail then all the AP in east (250 AP) will connect to WLC in West
    If the WLC in West fail then all the AP in west (250 AP) will connect to WLC in East
    Each Remote site behaving as Flex connect to reduce the overhead over the WAN/VPN
    Each site must have their own AP groups for the ease of management
    All the AP MGMT IP based on their local subnet
    Each remote site, West building, and East building must obtain their IP based on their local VLAN Example:- site-1 in East:
    Corporate ABC-SSID take 10.204.0.0/24
    Guest ABC-SSID take 192.168.0.0/24
    Example:- site-2 in East:
    Corporate ABC-SSID take 10.204.1.0/24
    Guest ABC-SSID take 192.168.1.0/24
    Example:- site-3 in East:
    Corporate ABC-SSID take 10.204.2/24
    Guest ABC-SSID take 192.168.2.0/24
    And so on…….
    Example:- site-1 in West:
    Corporate ABC-SSID take 10.204.100.0/24
    Guest ABC-SSID take 192.168.100.0/24
    Example:- site-2 in West:
    Corporate ABC-SSID take 10.204.101.0/24
    Guest ABC-SSID take 192.168.101.0/24
    Example:- site-3 in West:
    Corporate ABC-SSID take 10.204.102.0/24
    Guest ABC-SSID take 192.168.102.0/24
    And so on…….
    Reference that I found
    https://supportforums.cisco.com/thread/2039215
    Expert I'm really stuck here, so please any help will do.
    Thanks in advance

    What are you stuck on? What you have mentioned is possible.
    When you setup FlexConnect and also when AP's night failover, you need to make sure that the WLAN ID are in the same order in bother WLC's. also the AP Groups have the same information and have the same AP Group names and WLAN to vlan mapping. So as long as the WLC's are configured exactly the same except for IP addresses and hostname a, failover for FlexConnect will work fine.
    Now the FlexConnect WLAN to vlan mapping is done on the access point itself. So each AP will have to configured. AP Groups will not help here as you can really just create one since you will have the same WLAN's broadcasting at each site. You can make is simple though:) and this is a good tip.....
    If all your vlans are the same in every site including your DR and BDR, then the WLAN to vlan mapping will use the vlan if you have specified in the the WLAN under the I terrace mapping. So if in your corporate WLAN it is mapped to I terrace vlan 100, all you FlexConnect AP's will have that mapping set to vlan 100. If your guest at WLAN is mapped to vlan 999 interface on the WLC then the FlexConnect WLAN to vlan mapping for the guest will be set to vlan 999.
    Now if you have different vlan id's for each site or it might be the same for some and not the others, well you will have to tough each AP and configure the WLAN to vlan mapping.
    The WLAN to vlan mapping appears only when you have enabled FlexConnect local swit hung in the WLAN and you have the access point in FlexConnect mode.
    Sent from Cisco Technical Support iPhone App

  • Lost VLAN Mapping on WLC 5508 (Flexconnect)

    Hi guys, I have a WLC 5508 and some AIR-LAP1131AG-T-K9 all in flexconnect configuration.
    The problem is that 1130 Access Points lost the VLAN Mapping configuration without reason, simple change the vlan mapping to 999 and I need to reconfigure that.
    I search in some documents on cisco.com but I can't find anything about this issue.
    Could you help me please?
    Thanks guys.

    Hi Scott
    Thanks for the answer.
    We have around 350 ap's, in 50 different locations (customers). The WLC is running AirOS 7.3.101.0.
    Every WLAN is configured to a dummy interface, with the vlanID 2222.
    This is the VlanID that the Wlan to vlan mapping got “lost” to.
    Unfortunately, I am not able to see the right join time, because the WLC’s was booted. (After the error occurred). Next time I see this, I will look at the join time.
    Every location (costumers) has two SSID (guest and employee). The employee network has two vlans (PC’s and BYOD). We are using NPS rules to select witch VLAN the device connectes to.
    So in the FlexConnet settings, we do a WLAN to vlan mapping:
    GUEST to vlanID
    PC’ to vlan ID 5
    And in the FlexConnect group we but in the vlan ID for BYOD.
    Do you now if the AP stores this to configurations different (flash or RAM)?

  • AP Flex-connect VLAN mapping auditing

    I am trying to find a way to conduct auditing for VLAN mapping for AP in flex-connect mode.
    I have seen the mapping changed due to AP reboot or other reasons untill the user reporting connection issues. I have looked NCS, and have not found a reporting function for this. Anyone uses script to do so?

    I also have created WCS/NCS/PI templates to push the WLAN to vlan changes in the early morning just I'm case. When users start complaining, it's faster to just push out the commands to all than trying to find what AP lost its vlan setting.
    Sent from Cisco Technical Support iPhone App

  • CDP nei results and Flex Connect AP vlan mapping behavior

    Hi all,
        We're running controller code 7.4.100.108 and PRIME version 1.3.
        Occassionally, usually as the result of some networking event that causes flex connect AP's to lose connectivity to their controller, the flex connect AP's lose their vlan mapping configuration when they reconnect to their home controller.
        We "think" we have noticed that the cdp nei results are different for AP's that have proper vlan mappings from those that have lost their mappings.  For example, in the below example, only AP's 8213 and 8219 have lost their vlan mapping configs (all the AP's below are flex connect):
    8107   Gig 1/0/45        177           R T      AIR-LAP11 Gig 0
    8106   Gig 1/0/44        163           R T      AIR-LAP11 Gig 0
    8216   Gig 1/0/47        136           R T      AIR-LAP11 Gig 0
    8213   Gig 1/0/48        135           R T      AIR-LAP11 Gig 0.2
    8219   Gig 1/0/46        159           R T      AIR-LAP11 Gig 0.2
    8109   Gig 2/0/48        153           R T      AIR-LAP11 Gig 0
    ...and when the vlan mapping is fixed:
    8107   Gig 1/0/45        177           R T      AIR-LAP11 Gig 0
    8106   Gig 1/0/44        163           R T      AIR-LAP11 Gig 0
    8216   Gig 1/0/47        149           R T      AIR-LAP11 Gig 0
    8213   Gig 1/0/48        149           R T      AIR-LAP11 Gig 0
    8219   Gig 1/0/46        152           R T      AIR-LAP11 Gig 0
    8109   Gig 2/0/48        153           R T      AIR-LAP11 Gig 0
         I've done some reading to try to understand the details of the "Port ID" field of cdp neighbor with AP's but haven't found my answer.  I want to know what the significance of the difference between "Gig 0" and "Gig 0.2" is.
         I'm going to lab up an AP and see if I can replicate the behavior and confirm that it is related to the vlan mapping, but haven't gotten to it yet.   If anyone can point me to the nuts/bolts behind that sublte change in "Port ID" it'll help.
         By the way, I'm interested in this problem so that I can quickly identify which of my hundreds of flex connect AP's have lost their vlan mappings after a network disruptive event.  I can't find an interesting report in PRIME that will let me see it quickly.  So if a scriptable cdp nei command could identify the problem as well, that would be interesting.
         Thanks in advance for the help.

    I also have created WCS/NCS/PI templates to push the WLAN to vlan changes in the early morning just I'm case. When users start complaining, it's faster to just push out the commands to all than trying to find what AP lost its vlan setting.
    Sent from Cisco Technical Support iPhone App

  • Problem switching from AP-specific to Group-specific VLAN mapping

    Hello.
    Some days ago, I updated our 5508 WLC to software version 7.5.102.0.
    With that version, it should be possible to have a VLAN mapping specific for a Flexconnect group that is set within Flexconnect Group settings.
    I did that for all my Flexconnect groups and it works fine with new access point.
    For existing access point, which already have an AP-specific VLAN mapping, it is not possible to switch to Group-specific.
    When I mark the WLAN in Flexconnect setting of the AP and select "Remove AP specific", I get the error message "Request failed: Vlan is not enabled on this flexconnect".
    I wonder what the problem could be, because for newly installed access points, it works fine. Did I miss some settings?
    Regards,
    Sven Lindeke

    Thanks for the fast reply.
    Here are the screen shots:
    Settings "Flexconnect group"
    Settings "Access Point"
    Error message

  • AP-Specific WLAN-VLAN Mapping audit

    Is there anyway to audit the access points in FC mode to determine the WLAN-VLAN mapping and if it is AP or WLAN specific?
    or
    Is there a script that I can run to make the WLAN-VLAN mappings on all FC mode APs AP-Specific?

    Thanks for the fast reply.
    Here are the screen shots:
    Settings "Flexconnect group"
    Settings "Access Point"
    Error message

  • Flexconnect static mapping of WLAN to VLAN

    5508 running 7.4
    I want to create a definition for a particular site that maps WLANs (SSIDs) to switched VLANs.   I know that I can go to Wireless => Select AP => VLAN mappings on an individual AP basis.  But is there a way to create a group that will do this?  I thought it could be done with flexconnect groups but I just could not find a way to make it happen there.  Then I ran across this Architecting Network for Branch Offices with Cisco Unified Wireless Cisco Live presentation:
    http://d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKEWN-2016.pdf
    And on page 28 it states:
    AP groups give the ability to statically map Wi-Fi service (WLAN) to VLAN based on physical location
    And it then goes on to give a Configuration/VLAN mapping example in which I fail to see where VLANs are mentioned at all.
    Is what I am trying to do possible?
    Thanks,
    -JEff

    Hi Scott, thanks for the reply
    I have a main campus with several different distribution blocks that each use unique VLAN IDs.  And I have about a dozen remote sites that will all use common VLAN IDs.  I am configuring a single SSID (WLAN 2) to be used across all of these locations.  So at my main campus building "A" will have WLAN 2 mapped to VLAN 55 while building "B" will have WLAN 2 mapped to VLAN 65.  At each of the remote sites WLAN 2 needs to be maped to VLAN 15.
    So let's say I want to configure the main campus buildings A and B.  I create a dynamic interface for vlan 55 and name it something creative like vlan-55, Likewise for vlan 65.  Then I create an AP group named APG-55, add WLAN 2 to it and add all of my APs in that buliding.  What I don't understand is where the dynamic interface comes into play.  From your explanation it would seem that I need to assoiciate the dynamic interface to an AP group somehow.  What am I missing?
    Thanks!
    -Jeff

  • H-Reap vlan mapping groups

    Hi
    Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.
    All is working , yet i wonder if the vlan mapping can be done better.
    Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take foreever. ( i thought one of the main points of the WLC is centralized management )
    Am i missing something ? Is there an easier way to do this ?
    Cheers, Pankaj

    you should be able to set the VLAN mappings from WCS/NCS as well.
    as well in 7.2 you can now do dynamic vlan assignment, though you still need to list the VLAN the HREAP can access
    http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954
    Steve

  • AP groups with same vlans , same ssid but different subnet.

    Hi Members,
    I have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
    I am trying to achieve this by Creating 100  different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
    1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
    2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
    to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
    Thank you

    Thanks for the reply Jenn , here is my situation.
    I have 2 sites lets day , site A in virginia ,  site B in Maryland.
    SiteA - 10.1.1.0/24 - vlan 2
               10.1.2.0/24 - vlan 3
               10.1.3.0/30 - WAN to central site where controller sits.
    SiteB - 10.2.1.0/24 - vlan 2
               10.2.2.0/24 - vlan 3
               10.2.3.0/30 - WAN to central site where controller sits.
    both the sites will have a single ssid "XYZ" and will switch locally only.
    howin my understanding the way I will deploy this is as below
    1.I will create WLAN with ssid "XYZ".
    2.I will create 2 AP groups lets say "Site-A" and "Site-B"
    3.I will map the APs in site A to AP group "Site-A" and APs in Site B to "Site-B"
    4.I will create 2 dynamic interfaces one for each AP group , now this is where I am facing problem , when I am creating dynamin interfaces , I need to specify the subnet and vlans when creating dynamic interfaces , since the vlans used is same on both sites , its not letting me create 2 interfaces with same vlan id.
    in my understanding HREAP is only majorly used for WAN failover and local authentication so I am not concerned about that right not , my prime work is to udnerstand the AP group and working.
    if you still need print shot let me know I will have to go at site.
    also validate if my thinking is right on the 4 steps I have mentioned above , I am new to wireless and whatever I have learned I have learned in last 10 days .
    Appreciate your help.
    Thank you

  • Cisco ISE with Flex Connect ios 7.4

    Hello my name is Ivan
    I have a question:
    Is possible to do a deployment with cisco ise (trust sec 2.0)  and flex connect and web authentication to a cluster of cisco wlc (ios 7.4)?
    There are a features or requeriments to configure this?
    Regards
    Ivan

    By "cluster of cisco wlc" are you referring to the HA features for the 5508?  HA or not should be irrelevant to the configuration of ISE w/ 7.4 WLC on flex connect.
    Configuring CWA (central web auth) via L2/Mac-Filter and RADIUS NAC will require that you have a FlexConnect group built with the desired AP within the group.  You will need to build FlexConnect ACLs and apply them to the FlexConnect group that correspond with the various NAC states the client will be in during the CWA process. 
    You will probably need 1 or 2 Web Policy ACLs
    1. allow traffic to/from dns and ISE PSN
    2. allow traffic to/from dns, ise and other resources (for instance for posturing/remediation)
    Please note that you cannot "dynamically" assign ACLs to FlexConnect APs/Groups as part of the transition from central webauth reqd to RUN.  The WebPolicies ACLs are the only ones that can override (think of them like pre-auth acls).  Once you finally send back the access-accept for the client you can not apply dynamic acls to the particular wlan/vlan.
    For instance if you needed differentiated access on a single network between guest and vendors, you couldn't send an access-accept back with an ACL for vendors vs an ACL for guests - in a FlexConnect environment.  They would have to be placed on separate networks with their respective access.
    It's possible this type of configuration (much desired) will be allowed in 7.5 whenever it rears its head.

  • How to plan Failover for the following Scenarios in Flex-connect mode.

    The following queries are in respect to AP High availability (not SSO fail over or Controller HA), meaning if one controller fails, the AP will be failing over to the secondary controller which is in a different Geo location. the AP will be in Flex-connect mode with local switching and local auth. in this scenario, following are my queries
    1: If i have an SSID that has an interface group linked to it, can i fail it over on other controller where there may be a single WLAN linked to it.?
    2:Do we need the subnet masks to be same at both ends?
    3: if i have an SSID with open authentication, can i configure the remote network SSID with no authentication?
    4: can any one link me up with a document that explains configuration case study of the flex-connect mode fail over scenarios.
    All the help given would be really appreciated.
    Thanks.

    hi Scott,
    Sorry for replyimg late. and thanks for your reply and suggestion.
    it did help me a lot, but now i am in a tiff.
    the thing is my client has following existing scenario:
    he has 6 disparate locations with a standalone 5508 WLC at each location.
    he is now planning to configure AP failover for every location.
    we are using the Flex-connect design as he has not procured a HA-SSO license.
    also the WLC are not in same location.
    the Flex-connect design is with Local Switching and local Auth.
    there are 2 SSID which are causing me issues.
    1: SSID A is linked to an interface group which has multiple vlans.
    2: SSID B shares its WLAN interface with another SSID (the wlan is split between 2 different SSID)
    we need local switching for these and also they need to have local auth.
    so if i remove the interface group for SSID A and use a bigger subnet, what will be the best possible mask to use considering that the ARP and DHCP broadcast shouldn't choke up the network (existing subnets are /21 and /22). or any workaround to minimise the network activity.
    and for SSID b what is the configuration i would need to do on the secondary controller or is it just that the SSID needs to be present on the controller and the mask need not be same.
    sorry for troubling you and thanks in advance
    Niiketan Sutar.

  • On WLC 'one-to-many' means one VLAN mapped to multiple SSIDs possible?

    Does the Cisco Wireless LAN Controller Architecture includes this feature (configuration possibility)?

    Thanks all for the provided infos. We have now the same requirements for two customers -> One-to-Many (One VLAN mapped to multiple SSIDs).
    Can anybody who has realised such a set up provide some more details how to proceed?
    The link from David describes the other way around, several VLANs mapped to one SSID. By the way, we where able to implement this, but it is only supported in centralized mode, local mode (Flex Connect it doesn't work).
    For any advise how to proceed for "One VLAN mapped to multiple SSIDs" would be very appreciated.
    Thanks Erich

  • Vlan mapping lost when fail to secondary WLC

    Hello
    I have two WLCs,The primary WLC mode 5508 ,running code is 7.4.100.60, The secondary WLC mode 4402,running code is 7.0.230.0.
    When ap working on 5508 wlc,it use flexconnect mode, when ap working on 4402, it will h-reap mode
    ap mode:1242、1142.
    question:
    When ap fail to secondary WLC(4402),some ap will lost their vlan mapping information.not all of ap.  during fail over, ap will doanloading firmware.
    is there any way to solve? thanks!

    I understand. Two controllers, two different code levels. 4400 is locked in at 7.0 code and you need 7.4 for the 2600 ap.
    In your orginal post you state when aps fail over from one controller to the other you lose vlans and aps code upgrade/down grade. This is not a support deisgn. You cant properly failover betwen different code versions.
    If you want them to stop failing over and clients dont roam from aps on controler to 1 to aps on controller 2, simple remove the controllers from the shared mobility group and put the controllers in their own group.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

Maybe you are looking for

  • Master Slide default

    I have always been curious which master slide is chosen when I insert a new slide within a slide show. The slide within your show that you have highlighted determines which Master Slide has a check mark beside it, but that is not always the one which

  • Task not opening in UWL

    Hi I am receiving my workitems on portal in UWL. When I try to open any task ( SAP transaction is called) a error comes "Work item executed". if you try to reopen it then error comes "You are not a receiver of the work item". The UWL log displayed: E

  • Which client software should i download?

    Our product database is on the HPUX, IA64, But When I looked for the suitable client software on the OTN, I couldn't find it, What should I do, Why doesn't Oracle develop the client on Hpux(ia64)?

  • Paste in Place across Layers Script

    I'm looking for a script to paste an object (paste in place) on top of all other layers in a file. I know I can position a single object on the top layer and then turn the bottom layers on and off, but for my needs (and in this situation) I need to a

  • How can I access the bookmarks?

    For the life of me I cannot find where the bookmarks are located on the mobile version of Firefox. I have tried every single menu item. still nothing. it's not that hard to have a menu item that says bookmarks don't you think?