FlexConnect Vlan Mapping

Similar Messages

• FlexConnect VLAN mapping management

  How to manage larger amout of FlexConnect APs? Especialy VLAN mapping, which is saved separately in each AP. I would like to have a list of AP-WLAN-VLAN settings. Is there any CLI command (except show run-config) for it? And what about backup of this setting? How to restore it in case of an AP crash?
  Many thanks.

  Yes... If your ap and users are going to be put in the data Vlan, you can just leave the port to an access port and you don't have to setup any native val. Or Vlan mapping in the FlexConnect AP. If you decide you want to map users to the voice Vlan, then you need to trunk it.
  If you want to trunk it anyways, then you can map a WLAN to the data Vlan too.
  Sent from Cisco Technical Support iPhone App

• FlexConnect Vlan Mapping Report

  Hello,
  I am wondering if anyone has a solution to report on FlexConnect Vlan Mappings.
  The only way I now of is to look at each AP individually, which is very time consuming.  We have trouble sometimes with the templates not applying properly, and sometimes after a power outage we have AP's that lose there mappings.  Because of this we need a way to report on this.
  I know you can do a:
  show ap config general AP_NAME on the controller, but there is no way to do this for all the AP's at once.
  Any ideas?
  Dan.

  Dan,
  I don't use putty, but I use SecureCRT and have a large buffer in which I can cut and paste.  I do have to log the output to a text file if I have a large number of access point.  This I believe you can do with putty.  So as long as you have the cli scipts for the show ap config general <ap name>, you should be good to go.  Make sure you also issue the show paging disable prior to you entering these commands.  I use excel to create my commands from the show ap summary.
  -Scott

• Flexconnect static mapping of WLAN to VLAN

  5508 running 7.4
  I want to create a definition for a particular site that maps WLANs (SSIDs) to switched VLANs.   I know that I can go to Wireless => Select AP => VLAN mappings on an individual AP basis.  But is there a way to create a group that will do this?  I thought it could be done with flexconnect groups but I just could not find a way to make it happen there.  Then I ran across this Architecting Network for Branch Offices with Cisco Unified Wireless Cisco Live presentation:
  http://d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKEWN-2016.pdf
  And on page 28 it states:
  AP groups give the ability to statically map Wi-Fi service (WLAN) to VLAN based on physical location
  And it then goes on to give a Configuration/VLAN mapping example in which I fail to see where VLANs are mentioned at all.
  Is what I am trying to do possible?
  Thanks,
  -JEff

  Hi Scott, thanks for the reply
  I have a main campus with several different distribution blocks that each use unique VLAN IDs.  And I have about a dozen remote sites that will all use common VLAN IDs.  I am configuring a single SSID (WLAN 2) to be used across all of these locations.  So at my main campus building "A" will have WLAN 2 mapped to VLAN 55 while building "B" will have WLAN 2 mapped to VLAN 65.  At each of the remote sites WLAN 2 needs to be maped to VLAN 15.
  So let's say I want to configure the main campus buildings A and B.  I create a dynamic interface for vlan 55 and name it something creative like vlan-55, Likewise for vlan 65.  Then I create an AP group named APG-55, add WLAN 2 to it and add all of my APs in that buliding.  What I don't understand is where the dynamic interface comes into play.  From your explanation it would seem that I need to assoiciate the dynamic interface to an AP group somehow.  What am I missing?
  Thanks!
  -Jeff

• Lost VLAN Mapping on WLC 5508 (Flexconnect)

  Hi guys, I have a WLC 5508 and some AIR-LAP1131AG-T-K9 all in flexconnect configuration.
  The problem is that 1130 Access Points lost the VLAN Mapping configuration without reason, simple change the vlan mapping to 999 and I need to reconfigure that.
  I search in some documents on cisco.com but I can't find anything about this issue.
  Could you help me please?
  Thanks guys.

  Hi Scott
  Thanks for the answer.
  We have around 350 ap's, in 50 different locations (customers). The WLC is running AirOS 7.3.101.0.
  Every WLAN is configured to a dummy interface, with the vlanID 2222.
  This is the VlanID that the Wlan to vlan mapping got “lost” to.
  Unfortunately, I am not able to see the right join time, because the WLC’s was booted. (After the error occurred). Next time I see this, I will look at the join time.
  Every location (costumers) has two SSID (guest and employee). The employee network has two vlans (PC’s and BYOD). We are using NPS rules to select witch VLAN the device connectes to.
  So in the FlexConnet settings, we do a WLAN to vlan mapping:
  GUEST to vlanID
  PC’ to vlan ID 5
  And in the FlexConnect group we but in the vlan ID for BYOD.
  Do you now if the AP stores this to configurations different (flash or RAM)?

• Vlan mapping missing from flexconnect AP

  I am having
  issue with flexconnect mode AP. They are losing vlan mapping very frequently. I need to reconfigure the vlan mapping then only client starts getting IP addresses. Please let me know what may be the issue.
  AP model: AIR-CAP3602I-N-K9 
  WLC model: AIR-CT5508-K9
  Regards,
  Vijayanand

  The configuration on the controller must be the same between the time the access point went into standalone mode and the time the access point came back to connected mode. Similarly, if the access point is falling back to a secondary or backup controller, the configuration between the primary and secondary or backup controller must be the same.
  You need to configure the Flex connect AP—switch --- controller , for the example to go through proper steps.
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1225028

• Problem switching from AP-specific to Group-specific VLAN mapping

  Hello.
  Some days ago, I updated our 5508 WLC to software version 7.5.102.0.
  With that version, it should be possible to have a VLAN mapping specific for a Flexconnect group that is set within Flexconnect Group settings.
  I did that for all my Flexconnect groups and it works fine with new access point.
  For existing access point, which already have an AP-specific VLAN mapping, it is not possible to switch to Group-specific.
  When I mark the WLAN in Flexconnect setting of the AP and select "Remove AP specific", I get the error message "Request failed: Vlan is not enabled on this flexconnect".
  I wonder what the problem could be, because for newly installed access points, it works fine. Did I miss some settings?
  Regards,
  Sven Lindeke

  Thanks for the fast reply.
  Here are the screen shots:
  Settings "Flexconnect group"
  Settings "Access Point"
  Error message

• Flex Connect Groups - WLAN to VLAN mapping

  I have a question about configuring WLAN to VLAN mapping on FlexConnect Groups.
  Do the mappings that are configured in the FC Group get inherited by the APs when they are placed in the group?
  It seems like they do not.
  I am playing around in a lab with a virtual WLC running 7.5 and an old 1131 AP.
  If I configure the WLAN to VLAN mapping on the individual AP, it works as expected.
  If I configure the WLAN to VLAN mapping within the FC group and add the AP to the group, it does not.
  The AP does not inherit the settings from the Group.
  I am wondering how you would deploy a lot of APs without having to configure each AP individually.
  Thanks

  Yes, you are correct. It is not like normal AP groups where it will map WLAN to AP belong to that AP group.
  Anyway since you have to convert each AP manually to FlexConnect mode, you should do the WLAN mapping at that point as additional step.
  FlexConnect Group is mainly to give fast roaming feature for FC APs in brach deployment solution (typically not so many APs). Also keep in mind you can have maximum  25 APs in FlexConnect AP group for WiSM2 or 5508 & you can go upto 100 in 7500 WLC. (see table 7.3 in below link)
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1108090
  HTH
  Rasika
  **** Pls rate all useful responses *****

• FlexConnect VLAN assignment changes by itself

  About a year ago I changed the VLAN assignment of a WLAN for LWAPs in a particular AP Group.  The LWAPs in this group are in 5 different locations. All LWAPs are joined to the same controller  Ocassionally I'll get a call saying this WLAN isn't working and when I investigate the issue, I notice that the VLAN assignment has changed.  I change the VLAN assignment and the WLAN works again.  This seems to happen about every 3 months or so.  Whats odd is that it doesn't happen to all of the LWAPs in the AP Group.  It seems to only affect the LWAPs at one site or the other at a time.  Any clues on what could be causing this behavior?
  1142LAPs
  software version 7.3.101.0
  5508WLC
  software version 7.3.101.0
  Cisco Prime Infrastructure
  software version 1.2 (1.2.0.103)

  We can create a command -line to set the WLAN to VLAN mapping and create .Or we can create a script that also uses CLI and simply paste the commands to all AP's.We can check the AP connectivity statistics by looking at the monitor AP.
  For FlexConnect access points, the interface mapping at the controller for WLANs configured for FlexConnect local switching is inherited at the access point as the default VLAN tagging. This can be easily changed per SSID and per FlexConnect access point. Non-FlexConnect access points tunnel all traffic back to the controller, and VLAN tagging is dictated by each interface mapping of the WLAN
  By default, a VLAN is not enabled on the FlexConnect access point. When FlexConnect is enabled, the access point inherits the VLAN ID associated to the WLAN. This configuration is saved in the access point and received after the successful join response.
  By default, the native VLAN is 1. One native VLAN must be configured per FlexConnect access point in a VLAN-enabled domain. Otherwise, the access point cannot send and receive packets to and from the controller. When the client is assigned a VLAN from the RADIUS server, that VLAN is associated to the locally switched WLAN.

• AP-Specific WLAN-VLAN Mapping audit

  Is there anyway to audit the access points in FC mode to determine the WLAN-VLAN mapping and if it is AP or WLAN specific?
  or
  Is there a script that I can run to make the WLAN-VLAN mappings on all FC mode APs AP-Specific?

  Thanks for the fast reply.
  Here are the screen shots:
  Settings "Flexconnect group"
  Settings "Access Point"
  Error message

• Vlan mapping lost when fail to secondary WLC

  Hello
  I have two WLCs,The primary WLC mode 5508 ,running code is 7.4.100.60, The secondary WLC mode 4402,running code is 7.0.230.0.
  When ap working on 5508 wlc,it use flexconnect mode, when ap working on 4402, it will h-reap mode
  ap mode:1242、1142.
  question:
  When ap fail to secondary WLC(4402),some ap will lost their vlan mapping information.not all of ap.  during fail over, ap will doanloading firmware.
  is there any way to solve? thanks!

  I understand. Two controllers, two different code levels. 4400 is locked in at 7.0 code and you need 7.4 for the 2600 ap.
  In your orginal post you state when aps fail over from one controller to the other you lose vlans and aps code upgrade/down grade. This is not a support deisgn. You cant properly failover betwen different code versions.
  If you want them to stop failing over and clients dont roam from aps on controler to 1 to aps on controller 2, simple remove the controllers from the shared mobility group and put the controllers in their own group.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• FlexConnect VLAN Mappings Inheritance

  Hi guys,
  I have 3 APs, which joined the vWLC some time ago (FlexConnect mode). I setup the VLAN Mappings, add them to an AP Group and all went well.
  After some time I started to use FlexConnect Groups. I have created a group for these three and add each to the group.
  Trouble is, even after adding each AP to the FlexConnect Group the VLAN Mappings Inheritance stays on AP-Specific instead of Group-Specific.
  I tried Remove AP Specific option, but I receive an error message I have attached.
  Thanks in advance for any hint/tip.

  Yes... If your ap and users are going to be put in the data Vlan, you can just leave the port to an access port and you don't have to setup any native val. Or Vlan mapping in the FlexConnect AP. If you decide you want to map users to the voice Vlan, then you need to trunk it.
  If you want to trunk it anyways, then you can map a WLAN to the data Vlan too.
  Sent from Cisco Technical Support iPhone App

• VLAN Map issue

  I have an issue with a VLAN map I am attempting to use to filter traffic. It is a flat Layer 2 LAN so all hosts are in VLAN 1. I have a number of test machines that I want to deny access to live database servers. To do this I tried the following:
  ip access-list extended testboxes
  permit ip host x.x.x.x host x.x.x.x
  vlan access-map denytest 10
  match ip address testboxes
  action drop
  vlan filter denytest vlan-list 1
  Once I apply the VLAN map I lose all connectivity to the switch. Is there something I am missing here?
  Thanks
  Ian

  Unlike regular IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN. If a VACL is configured for a certain traffic and that traffic does not match the VACL, the default action is deny. Additionally, VACLs have an implicit deny at the end of the map; a packet is denied if it does not match any ACL entry, and at least one ACL is configured for the packet type. Add an additional permit statement allowing telnet/ssh/or web traffic to the switch:
  permit tcp host X.X.X.X host X.X.X.X eq telnet
  Best Regards
  Francisco

• VLAN Map

  Does anyone know if VLAN Maps are supported in CAT OS? I have found that they are supported in the 3550, 4500, and 6509 running IOS but would like to know ALL of the devices they are supported in.
  Thanks for the help,
  Brian

  I don't think vlan maps are availble on Catalyst OS Switches. On Catalyst IOS Switches, the vlan access-map global configuration command is used on the switch stack or on a standalone switch to create or modify a VLAN map entry for VLAN packet filtering. This entry changes the mode to the VLAN access-map configuration. The vlan filter interface configuration command is used to apply a VLAN map to one or more VLANs.
  on Catalyst OS Switches, the set vlan mapping command is used to map 802.1Q VLANs to ISL VLANs.

• HREAP VLAN Mapping

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;
  mso-fareast-language:EN-US;}
  Hi,
  I've searched around to see if someone else has experienced the same issue regarding HREAP AP's losing their VLAN mappings; however I could not find any related topics.
  Scenario
  I've got a 5508 WLC running ver 7.0 with local VLANs assigned as follow:
  VLAN 241 - Data Users
  VLAN 253 - Voice Users
  The HREAP AP's (Cisco 1242AG) running at the remote branches is mapped to the following:
  VLAN 2 - Data Users
  VLAN 253 - Voice
  The Problem...
  HREAP works perfect; users get the local DHCP addresses at the branch office and have no issues with connectivity. Once and a while some of the HREAP AP's will lose the VLAN mapping I've assigned to them. In this case I've mapped VLAN 2 to the SSID for the Data Users, I will get complaints that users can't connect to the network when I go check the HREAP AP's VLAN mapping it defaulted back to VLAN 241 (the same VLAN the local AP's at head office use for the same SSID). Of course with the Voice SSID I don't have this problem as it's using the same VLAN ID as head office.
  Once I've corrected the mapping everything works perfect.
  Why...
  I just want to know why this happens, I've rebooted the AP's to see if they retain the mappings and they did. I've seen in the HREAP design deployment that it is preferred to use the same VLAN ID's of the head office where the WLC is located as for the same to the branch offices where the HREAP AP's are located.
  I can see why as this will resolve my problem, however this network was designed without the knowledge of HREAP being deployed to the remote sites and I would like to minimize change from a LAN perspective.
  Will this be my only solution by standardizing the branch office VLAN ID's the same as the head office network or should I be able to use different VLAN ID's for the branch offices?
  Thanks for your time reading this and for your input. If you know any discussion regarding this, please add the url.
  Regards
  Jurgens

  Hi,
  I'm having the same problem. And I have two WLCs (WISM) with 7.0.220 version.
  I think because of this BUG: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw92394&from=summary
  Anyone knows how can I solve this problem?
  I Have 42 HREAP APs, and when I have some link problem on the remote Branch and the AP lose for a few seconds Connectivity to the 1º Controller its loses the VLAN Mappings (all turned to the Native VLAN).