Flexconnect - local-switching - Interface Groups - multiple subnets/vlans
So I'm trying to setup an "interface-group-like" configuration on some Flexconnect APs with local switching enabled in order to support multiple subnets/VLANs linked to a single SSID.
Does anyone know if this is possible or have any suggestions?
I've tried:
AP Groups - One SSID which would require central switching for it to be of use (I think).
AP Groups - Creating an additional SSID and then placing the APs in a group per site. This works but is going to be difficult to manage if I have 400+ sites running this sort of setup.
For reference, my end goal is to have multiple (400+) branch sites with the same WLAN mapped to 3 or 4 different VLANs in order to split the subnets up into smaller chunks (/23s or /24s). These VLANs are all switched locally and are uniform in numbering across all the sites from a layer 2 perspective.
Thanks,
Ric
Interface groups is not an available feature on FlexConnect. FlexConnect doesn't support layer 3 roaming if devices roam from one FlexConnect ap to another and the wlan to vlan mappings are different. This is a limitation to FlexConnect along with a few others listed in the FlexConnect deployment guide.
-Scott
Similar Messages
-
Flexconnect Local Switching Hosts Do Not Receive IP Addresses
Hello,
My WLC software version is 7.4.110.0. I have a branch office in my lab. The AP in my branch is configured as flexconnect with native VLAN of 700. The SSID that I have in the branch office is configured to do local switching. The show wlan is added below.
My tunneled SSID still working and I can still receive IP addresses from it. My issue is last week I have the Flexconnect working with no problem, then this morning I can connect to the SSID, but I'm not receiving IP addresses for my test wireless clients.
Thanks
[code]
WLAN Identifier.................................. 2
Profile Name..................................... ACS Guest
Network Name (SSID).............................. RMTGuest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... RK2WLC5508-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... 172.28.27.130
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
--More-- or (q)uit
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
[/code]is the VLAN still mapped on the AP, and allowed across the trunk?
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
WebAuth on FlexConnect Local Switched SSID
Hi All
I'm working on getting internal WebAuth to work on a FlexConnect local switched SSID. From what I've been reading, it's possible but apparently not very straight forward.
FlexConnect AP - if the SSID isn't local switch, WebAuth of course works fine.
Once I set it to local switching, WebAuth breaks. Any way around that in 7.6?
ThanksFigured it out just now. When using the WLC as a DHCP server(this is just a lab), selecting the Central DHCP Processing for use when in Local Switching also selects a box for NAT-PAT. Unselecting the NAT-PAT box fixed the broken WebAuth.
Going to have to figure out what that does. -
MDNS cannot be configured when FlexConnect Local Switching is enabled
I am running Cisco Prime Infrastructu tore 1.3 and I am trying to push a template to allow flexconect local switching on a wlan. However, when I attempt this, I get the message "mDNS cannot be configured when FlexConnect Local Switching is enabled" and I cannot save the template or apply it to controllers. My controllers are WISM 2s running 7.0.235.3.
Make sure you uncheck the mDNS option on the advanced tab of the WLAN template. You cannot use mDNS in conjunction with Flexconnect locally switched WLANs.
Sent from Cisco Technical Support iPhone App -
Flexconnect - Local Switching and DHCP Server Location
Hello Friends, It is again a conceptual question.
In Flex-connect Local Switching mode if the Client has to be get the IP address using DHCP, the DHCP server has to be local to the remote site and not centralized location. Though i know, Local switching means that the client traffic is bridged to the local network directly by the AP on the locally connected switch and does not pass through the controller, what does it mean to DHCP server location.
For example, If I have 2 different WLANs (VLAN 2 and VLAN 3) configured Local Switching and its corresponding VLAN SVIs are configured in the Local L3 Switch and if the DHCP server is centrally located with the scopes for VLAN 2 and VLAN 3, will it have troubles?
I see in my infrastructure we are working in that way [Local switching with centralized server]
Thanks in advance
SAIRAMIt would be good to have DHCP server at local site.
-
Multicast and Flexconnect Local Switching
Hi All,
Hope you can help with this -
I have the following:
A 5508 in a remote datacentre and several sites with AP's running in flexconnect mode, connected to cisco switches.
I have an ssid on which I want to run some push to talk "phones" which I believe use multicast.
What do I need to do to enable multicast for this, I have read many documents but I'm a little confused !
I need to enable multicast on the controller globally ?
Enable igmp snooping ?
Does multicast mode need to be multicast or unicast ?
Do I need a multicast address in this case ?
Do i need to configure the switches (2960) for any multicast configuration, there is none at present ?
The phones that do PTT will only need to talk to other phones locally at each site, but each site will have some phones, does this make any difference to anything ?
hope someone can help, thanks !The guidelines for Flexconnect and Multicast are as follows:
1. Set the AP Multicate mode on the controller to Unicast (Multicast-Unicast Mode) : The wireless controller replicates the multicast packet and sends it to each Access Point in a Unicast CAPWAP Tunnel
2. L3 routing isn't required on the wired network
3. There will be high controller and wired network loading
4. No multicast address is required in multicast-unicast mode
5. No multicast configuration required on Layer 2 switches as CGMP is enabled by default -
Flexconnect AP(Local Switching) Wireless clients are not able communicate eachother
Hi,
Scenario : We are deployed the WLC in Corparate Office and Access Points are placed in Branch Office with FlexConnect Local Switching mode.
In this case, I am not able to Ping the Wireless clients eachother . Peer to Peer Block Option also Disabled.
Some time Wireless clients Ping eachother & some times not. Both Wireless clients are associated with Same AP & Same WLAN SSID.
Please help me urgent ..
Devices :
1)WLC 2500 series , Software 7.2
2)Cisco 1400 series APs
3)CISCO ACS server for AAA authentication
Regards,
Shanmugam NachimuthuHi Shanmugam,
Please apply following steps to configure P2P setting for WLAN:
Step 1 Choose WLANs to open the WLANs page.
Step 2 Click the ID number of the WLAN for which you want to configure peer-to-peer blocking.
Step 3 Choose the Advanced tab to open the WLANs > Edit (Advanced) page.
Step 4 Choose one of the following options from the P2P Blocking drop-down list:
• Disabled — Disables peer-to-peer blocking and bridges traffic locally within the controller whenever possible. This is the default value.
NOTE: Traffic is never bridged across VLANs in the controller.
• Drop—Causes the controller to discard the packets.
• Forward - Upstream — causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.
NOTE: To enable peer-to-peer blocking on a WLAN configured for FlexConnect local switching, select Drop from the P2P Blocking drop-down list and select the FlexConnect Local Switching check box.
Step 5 Click Apply to commit your changes.
Step 6 Click Save Configuration to save your changes.
Thanks,
Prashant Gondaliya -
FlexConnect Central Switching for GuestWLAN
Hi All,
I plan on setting up a new WLAN network.
5 office locations, a single WLC in the primary DC at the moment. Each 5 office location is routed over a L3 link
If I have a guest WLAN (vlan 30) that it available at each site and want to centrally switch it, do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC? I assume because this guest network is centrally switched, the actual assigned IP of the guest network does not matter if it not in the same supernet of the remote site?
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).do I set the WLC DHCP server on the WLC 'vlan30 interface' to that of the 'management' interface if I have the DHCP setup locally on the WLC?
Yes, if you use WLC as your DHCP server for guest users, you have to use WLC management IP as DHCP server address on vlan 30 (assuming it is for guest)
For regular business WLANs (data/voice) that are set for local switching, is there any DHCP settings that need to be setup on the WLC, or does the client automatically get a IP based on the local subnet (using the ip-helper on that L3 interface?) assuming the AP is setup as trunk at the remote (with native vlan set as management vlan).
As long as you do FlexConnect local switching with required vlan mapping in each WLAN, you do not required DHCP server setting on WLC interface where that WLAN assign to. All traffic locally switched & use helper address configured under SVI of that locally switched vlan.
Refer this configuration guide for more details
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001000.html
HTH
Rasika
**** Pls rate all useful responses **** -
Hi - I am new to Cisco products. We have currently got a Netgear FVX538 running in front of a few servers. We currently have 2 ranges of IP addresses provided to us on 2 separate subnets. We configured the netgear box with the first IP addresses of each subnet as the IP address of each of the primary and secondary LANs. This then allowed us to set the gateway addresses of servers on the network to either of those 2 addresses, depending on it's range.
This all worked fine - except for the fact that the Netgear box is incredibly flakey, so we decided to get a Cisco box.
We have gone for the SA520, which I have been trying to configure this afternoon. Unfortunately I am now having concerns as to whether it is possible to configure 2 separate subnets internally on this box in the same way we have done with the netgear box. If I am right and this is not possible, does anyone know if there is a way of achieving what we want? ie - classical routing, one incoming WAN interface with multiple subnets?
Thanks,
GilesThanks for getting back to me Julio. I'm not sure whether this helps or not. I'll try and explain the current setup a bit better:
(IP addresses have been changed)
WAN IP : 31.2.3.70
WAN SUBNET : 255.255.255.252
Gateway : 31.2.3.69
Primary LAN : 31.20.1.135
Primary LAN Subnet : 255.255.255.248
Secondary LAN : 78.92.47.165
Secondary LAN Subnet : 255.255.255.248
I can then configure servers on the network on the following ranges:
31.20.1.136 - 31.20.1.140
Gateway: 31.20.1.135
Or
78.92.47.166 - 78.92.47.170
Gateway: 78.92.47.165
I can configure the new Cisco box with one of these ranges, but as it doesn't seem to have LAN Multi-homing, I don't seem to be able to add the 2nd subnet. Is this right? Is there another way of configuring it?
Thanks,
Giles -
Multiple VLANs per SSID with local switch
Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode?
If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
Thanks!dont think its possible...
I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
Example:
AP1 -- ssid 1 --- vlan 10
AP2 -- said 1 --- vlan 11 and so forth..
Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
Sent from Cisco Technical Support iPhone App -
AP groups with same vlans , same ssid but different subnet.
Hi Members,
I have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
I am trying to achieve this by Creating 100 different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
Thank youThanks for the reply Jenn , here is my situation.
I have 2 sites lets day , site A in virginia , site B in Maryland.
SiteA - 10.1.1.0/24 - vlan 2
10.1.2.0/24 - vlan 3
10.1.3.0/30 - WAN to central site where controller sits.
SiteB - 10.2.1.0/24 - vlan 2
10.2.2.0/24 - vlan 3
10.2.3.0/30 - WAN to central site where controller sits.
both the sites will have a single ssid "XYZ" and will switch locally only.
howin my understanding the way I will deploy this is as below
1.I will create WLAN with ssid "XYZ".
2.I will create 2 AP groups lets say "Site-A" and "Site-B"
3.I will map the APs in site A to AP group "Site-A" and APs in Site B to "Site-B"
4.I will create 2 dynamic interfaces one for each AP group , now this is where I am facing problem , when I am creating dynamin interfaces , I need to specify the subnet and vlans when creating dynamic interfaces , since the vlans used is same on both sites , its not letting me create 2 interfaces with same vlan id.
in my understanding HREAP is only majorly used for WAN failover and local authentication so I am not concerned about that right not , my prime work is to udnerstand the AP group and working.
if you still need print shot let me know I will have to go at site.
also validate if my thinking is right on the 4 steps I have mentioned above , I am new to wireless and whatever I have learned I have learned in last 10 days .
Appreciate your help.
Thank you -
FlexConnect & Interface Groups
I have a WLC 5508 running 7.4.121.0 where several sites have APs in FlexConnect mode.
For those sites I also have interface groups (this is just an example, i have more than one group)
Site 1 - Group 1 - vlan 110 (faculty) and vlan 112 (students)
Site 2 - Group 2 - vlan 210 (faculty) and vlan 212 (students)
Under WLAN -> Advanced -> AP Groups
I select Site 1 Group Name and add a new WLAN SSID to Interface/Interface Group mapping.
When I go to Wireless and select a FlexConnect AP from Site 1 and then go to the FlexConnect Tab -> VLAN Mappins the VLAN ID is wrong (neither 110 or 112). I can of course manually change it to 110 but then any clients on vlan 112 on that SSID can't connect to the network.
Is there a way to specific a VLAN ID when using Interface group and Flexconnect?Do you have configured local switching and use AAA overide to asign the VLAN for faculty and students? Else can you give some more information about the configuration.
With local switching and VLAN AAA overide you need to create sub-interfaces on the AP's. You can do this in the Flexconnect group (one per site). Then go tho VLAN-ACL mapping and add the VLAN's you need on this site . -
Understanding Flexconnect - Local vs Central Switching, and WLC failover scenario ??
Hello Experts
We have one WLC 5508 in Building1, few 2700 Series AP in Building1, and one 1252AG in Building2. The LAN subnet is same for both Buildings connected via a dark fiber.
My requirement is to have Central Switching in Building1 since WLC is located locally, and Local Switching in Building2 to avoid inter-building traffic, for both Buildings we already one VLAN/IP Subnet. (Both Buildings access resources from a central Datacenter which hosts all the servers.)
Questions:
1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
Thanks.Hi
The LAN subnet is same for both Buildings connected via a dark fiber.
If this is the case there is no need of FlexConnet, as you have enough bandwidth & same L2 extended in those two buildings. Typically FlexConnect is for branch deployment where WAN link bandwidth is a concern.
Anyway if you want to do this & here is the answer for your specific queries.
1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
You can have both local switching & central switching available for a given SSID. Only FlexConnect mode AP will do Local switching & all Local mode AP will do central switching, though both using the same SSID.
2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
No, if it is central switching SSID, when WLC is not available client won't able to join this SSID. It is not fall back to Local switching.
3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
This is applicable only to FlexConnect mode APs & it always do local switching if that configured. If WLC is not reachable AP will go on "standalone mode" & still do local switching.
4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
Yes, when this option configured & WLC is not reachable (but RADIUS is reachable) then AP will act as Authenticator & pass radius messages to Auth Server directly.
This is a very good Ciscolive presentation you should see as it describe lots of these features & which WLC codes they introduced.
BRKEWN-2016 - Architecting Network for Branch Offices with Cisco Unified Wireless
HTH
Rasika
**** Pls rate all useful responses **** -
FlexConnect local/central switched and Access-Accept Packets
For our branch offices’s wireless access, we would like to use FlexConnect with one SSID and two distinct user profiles:
• Full network access, local switched.
• Limited network access, central switched:
◦ To isolate traffic from the branch’s LAN.
◦ To force traffic through a firewall at the central site.
▪ To ease access rules management.
◦ Internet access only by default.
▪ Internet access is located at the central site.
▪ We expect to manage some exceptions to the rule.
We know that it’s not possible to switch from local to central switched using the same SSID with FlexConnect and AAA Override.
However, we found an interesting bit in the documentation pages regarding RADIUS attributes:
Authentication Attributes Honored in Access-Accept Packets (Airespace)
VAP ID
This attribute indicates the WLAN ID of the WLAN to which the client should belong. When the WLAN-ID attribute is present in the RADIUS Access Accept, the system applies the WLAN-ID (SSID) to the client station after it authenticates. [...]
Source:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76/b_cg76_chapter_0101000.html#reference_327F94A40AAE46E48153B265E521DDCF
We then made an assumption that the following was possible:
• Create a second SSID
◦ Broadcast not enabled
◦ Central Switched
• Users would authenticate using the first SSID
• In it’s access-accept packet, the RADIUS server would return an
Airespace-WLAN-Id attribute with the value of the second SSID.
• The WLC would then assign the second SSID to the users so they’re central switched and forwarded through the firewall at the main site.
So far, our tests showed no results.
• Is that solution achievable at all? It seemed so from the documentation, but we haven’t found any documented evidence that someone actually tried it.
• If not, what would you recommend?
For RADIUS, we are using Microsoft 2012r2 NPS servers. Everything’s been working fine with them so far. We can do AAA vlan override for our main site and with FlexConnect also, without any problems. What’s not working is the local/central switched scenario we’re trying to pull off. The RADIUS server sends the Airespace-WLAN-Id attribute from what I see with Wireshark, but the WLC does not seem to react to it like I thought it would. I couldn’t find a debug command that would tell me what the WLC does with the attributes from the access-accept packet. Maybe the behaviour I’m experiencing is to be expected, that’s what I would like to know.
Thank you very much,Your WLAN is defined with as centrally switched or locally switched, AAA override will not chage that value. AAA attributes can change a users vlan, acl and QoS. The other attributes are intended to use for rules... example:
Is the user part of this AD group and is this user on WLAN ID=1.
You will not be able to go from centrally switched to locally swithed and vice versa. I don't know how you would be able to achieve what your trying to acomplish with one SSID to be honest. -
Could I configure local switching between sub-interface and global interface on ASR9k?
Could I configure local switching between sub-interface and global interface on ASR9k?
For 2 interfaces it is probably best to use an xconnect. It is faster and saves system resources (eg mac learning doesnt apply to xconnect).
Config example:
l2vpn
xconnect group link
p2p link
interface Bundle-Ether100.4321
interface Bundle-Ether500.4321
EFP config:
interface Bundle-Ether100.4321 l2transport
encapsulation dot1q 4000
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether500.4321 l2transport
encapsulation dot1q 2000
rewrite ingress tag pop 1 symmetric
This example shows that you can link 2 EFP's with different vlan's together if you'd pop the tags.
If the EFP's are of the same vlan, then popping the tag can be done but not a must. In general it is recommended to always pop vlan tags so there is a standard EFP design, but not for any technical reasons.
When you use a bridge domain and using a BVI, you MUST pop the tags as the BVI has no notion of a vlan tag and wants to see "plain ethernet".
regards
xander
Maybe you are looking for
-
Message no. 8I031 _ FI Document is not posted for any excise posting
Hi, I am getting error while making any FI posting related to Excise transaction through J1IH or J1IEX Error "Error in FI document create Message no. 8I031" please advise me on this we have checked all configuration but might be something missing. th
-
Printing custom sizes on HP Officejet Pro 8600 Plus from Macbook Pro
I am having trouble setting up a Word Document (Word for Mac 2011) to print in a custom size on my HP Officejet Pro 8600 Plus. I'm using a Macbook Pro running Yosemite. I would like to print on a card stock that is 4.5 in x 13.5 in. I have tried
-
Desktop Manager has encountered a problem and needs to close.
My system was working fine until today. Now after I sync my BB Pearl with Outlook i get this message and my Desktop Mgr shuts down. I am running Desktop v4.2.2.14. The syncing operation seems to be workign just fine but then the Desktop Mgr shuts
-
How can i put full screen images on my E65??
-
Is there a good advanced review on applet-servlet communication
I am working on a web application and unfortunately experiencing a lot of trouble trying to use an applet as front end which interacts with a couple of servlets running on Tomcat. I need to get data from one servlet and send data to another. There is