How Do VLANs Map to SSIDs in Wireless?

So the title really says it all. I'm working on my CCDA and I can't really find anything on this in the official book. Does the LWAP just broadcast multiple SSIDs and depending on which one you connect to it maps the user to a different VLAN?
I also saw a best practice statement that said, "Each wireless client authentication type should map to a unique SSID which in turn maps to a unique VLAN"
I thought that was a bit confusing? How can you authenticate if you aren't already connected to a specific SSID?

So I dug through Cisco's official text and found the answer to my own question.
For the first part, yes, you just broadcast multiple SSIDs and they each map back to a specific VLAN.
The statement I read was misleading. The user first selects an SSID and then authenticates based on that SSID's chosen authentication type. The SSID isn't selected based on the authentication type used by the mobile device.

Similar Messages

ISE vlan mapping.

have one query for ISE 1.2
Is the following scenario is supported with ISE?
Can we configure ISE VLAN mapping with SSID authentication web auth only.

Limitations
No support for guest clients – posture for guest user is not supported.
Hreap local switching is not supported -
No support for wlans without 802.1x support
Client will go through posture during slow roam – when client is associated used 802.1x (not wpa2 or cckm) then when client roams from one wlc to other – wlc will send new session ID hence client will again go through posture validation process.
No support for guest tunneling mobility
Mac auth bypass is not supported
Vlan pooling is not supported.
No support for WGB AP
No support for AP group.
Kindly find the link information regarding integration is mention.
https://supportforums.cisco.com/docs/DOC-18121

On WLC 'one-to-many' means one VLAN mapped to multiple SSIDs possible?

Does the Cisco Wireless LAN Controller Architecture includes this feature (configuration possibility)?

Thanks all for the provided infos. We have now the same requirements for two customers -> One-to-Many (One VLAN mapped to multiple SSIDs).
Can anybody who has realised such a set up provide some more details how to proceed?
The link from David describes the other way around, several VLANs mapped to one SSID. By the way, we where able to implement this, but it is only supported in centralized mode, local mode (Flex Connect it doesn't work).
For any advise how to proceed for "One VLAN mapped to multiple SSIDs" would be very appreciated.
Thanks Erich

Mapping Multiple VLANs to Multiple SSIDs as one-one in WLC 5508 via H-REAP?

Hi All,
Can anyone please show me how to map a SSID/WLAN ID to a local vlan of a LAP in WLC 5508 using H-REAP local switched? The reason of doing this is to separate Data subnet/traffic from Voice as currently all 7925 handsets using same SSID as PCs. I would like to create two VLANs on APs and map them to two SSIDs. I could not see any option in WLC5508 to do this. Also when I change the AP mode from H-REAP to local and configuring sub interface using dot1q on the interface Gi0 then unable write running-config to startup-config because I get NVRAM Verification Failed as WLC protects any local changes on any registered LAP at NVRAM.
Your help is much appreciated.

Mehdi:
I am talking about HREAP groups, not AP groups.
You can not achieve what you want if you are using the same SSID on same AP with only a WLC (same AP with same SSID is mapped to different VLANs). You may need a radius server to dynamically assign a VLAN to the clients if you are using same SSID for data and voice.
If you are using different SSIDs for voice and data, you can map each SSID to its corresponding VLAN on the remote site using the VLAN mapping option under HREAP tab in the AP config page.
You can not configure the AP from its console. Lightweight APs can only be configured from the controller. (a few exceptions are available that do not apply here) .
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"

HREAP VLAN Mapping

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
Hi,
I've searched around to see if someone else has experienced the same issue regarding HREAP AP's losing their VLAN mappings; however I could not find any related topics.
Scenario
I've got a 5508 WLC running ver 7.0 with local VLANs assigned as follow:
VLAN 241 - Data Users
VLAN 253 - Voice Users
The HREAP AP's (Cisco 1242AG) running at the remote branches is mapped to the following:
VLAN 2 - Data Users
VLAN 253 - Voice
The Problem...
HREAP works perfect; users get the local DHCP addresses at the branch office and have no issues with connectivity. Once and a while some of the HREAP AP's will lose the VLAN mapping I've assigned to them. In this case I've mapped VLAN 2 to the SSID for the Data Users, I will get complaints that users can't connect to the network when I go check the HREAP AP's VLAN mapping it defaulted back to VLAN 241 (the same VLAN the local AP's at head office use for the same SSID). Of course with the Voice SSID I don't have this problem as it's using the same VLAN ID as head office.
Once I've corrected the mapping everything works perfect.
Why...
I just want to know why this happens, I've rebooted the AP's to see if they retain the mappings and they did. I've seen in the HREAP design deployment that it is preferred to use the same VLAN ID's of the head office where the WLC is located as for the same to the branch offices where the HREAP AP's are located.
I can see why as this will resolve my problem, however this network was designed without the knowledge of HREAP being deployed to the remote sites and I would like to minimize change from a LAN perspective.
Will this be my only solution by standardizing the branch office VLAN ID's the same as the head office network or should I be able to use different VLAN ID's for the branch offices?
Thanks for your time reading this and for your input. If you know any discussion regarding this, please add the url.
Regards
Jurgens

Hi,
I'm having the same problem. And I have two WLCs (WISM) with 7.0.220 version.
I think because of this BUG: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw92394&from=summary
Anyone knows how can I solve this problem?
I Have 42 HREAP APs, and when I have some link problem on the remote Branch and the AP lose for a few seconds Connectivity to the 1º Controller its loses the VLAN Mappings (all turned to the Native VLAN).

Multiple VLANs on same SSID

Hello community! I'd like some experts to take a look at my solution here and see if I'm taking the correct approach.
I have the following scnerio:
WLC 5508 7.0.116.0
Physical ports configured for LAG
AIR-LAP1142N-A-K9
Multiple Buildings
Each Building has it's own WiFi VLAN/Subnet
All buildings share SSID
WiFi Clients should be assigned the correct subnet/vlan based on the building they are in
I've done the following on my 5508:
Setup an interface for each VLAN/Subnet
Setup an Interface group and added interfaces from step 1
Created WLAN (SSID) and assigned it to the interface group from step 2
Created AP Groups for each Building
Assigned approperiate interface from step 1 to each AP Group
Assigned APs from each building to AP Groups
Does this look like the correct configuration for my goal? I set this up using information from this article though it appears to be old and they aren't using LAG in their setup.

Depends... is your building connected via layer 2 or layer 3. If layer 3, you need to setup the access point in your other building in h-reap mode and setup you ssid to h-reap local switching. This will allow you to map the ssid to the correct vlan at that location.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

1242AG Bridge, VLAN and Multiple SSIDs

I have two buildings that I'm trying to configure a bridge in between them using 2 1242AG APs.
Building A
PCOFFICE SSID on VLAN 200 Radio G
ROOT_1 SSID on Native VLAN 1 Radio A
Root Bridge
Building B
FDAPC SSID on Native VLAN 1 Radio G
ROOT_1 SSID on Native VLAN 1 Radio A
We are using directional antenna. I know they are lined up properly because I have them both down and in front of me. I'm getting an error on the Building B AP that says "
No SSID with VLAN configured. Dot11Radio1 not started." and I'm unable to get this to work. The bridge was working before I added the VLAN and encryption/WPA information for the PCOFFICE and FDAPC SSIDs
Any assistance would be amazing. Thanks! Please see attached files for configurations. I know the switch is configured properly because I had this working before and forgot to save the damn configuration off the devices. I'm not having to do it over from scratch.

That did not work.
I've managed to fix the ROOT_1 and FDAPC... now I'm having an issue where I can attempt to connect to the PCOFFICE SSID but I'm unable to get a DHCP address from the server.
Here is the config for the AP with PCOFFICE on it and the switch.
SWITCH
interface GigabitEthernet3/2
switchport trunk allowed vlan 1,200
switchport mode trunk
interface Vlan1
ip address 192.168.3.4 255.255.255.0
interface Vlan200
ip address 192.168.30.2 255.255.255.0
ip helper-address 192.168.3.98
ip default-network 192.168.3.0
ip route 0.0.0.0 0.0.0.0 192.168.3.1
no ip http server
ACCESS POINT
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP1_ROOT_AP
enable secret 5 REMOVED
ip subnet-zero
no aaa new-model
dot11 vlan-name VLAN1 vlan 1
dot11 vlan-name pcCopper vlan 200
dot11 ssid PCOFFICE
   vlan 200
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 REMOVED
dot11 ssid ROOT_1
   vlan 1
   authentication open
   authentication key-management wpa
   infrastructure-ssid optional
   wpa-psk ascii 7 REMOVED
dot11 network-map
dot11 arp-cache optional
power inline negotiation prestandard source
username Cisco password 7 REMOVED
username admin privilege 15 password 7 REMOVED
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
encryption vlan 200 mode ciphers tkip
ssid PCOFFICE
speed basic-2.0 5.5 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no power client local
power client 17
power local cck 17
power local ofdm 17
channel 2462
station-role root access-point
antenna receive right
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers tkip
encryption vlan 1 mode ciphers tkip
ssid ROOT_1
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
no power client local
power client 11
power local 11
channel 5180
station-role root bridge
antenna receive right
antenna transmit right
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 spanning-disabled
interface BVI1
ip address 192.168.3.241 255.255.255.0
no ip route-cache
ip default-gateway 192.168.3.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
line vty 0 4
login local

Flex Connect Groups - WLAN to VLAN mapping

I have a question about configuring WLAN to VLAN mapping on FlexConnect Groups.
Do the mappings that are configured in the FC Group get inherited by the APs when they are placed in the group?
It seems like they do not.
I am playing around in a lab with a virtual WLC running 7.5 and an old 1131 AP.
If I configure the WLAN to VLAN mapping on the individual AP, it works as expected.
If I configure the WLAN to VLAN mapping within the FC group and add the AP to the group, it does not.
The AP does not inherit the settings from the Group.
I am wondering how you would deploy a lot of APs without having to configure each AP individually.
Thanks

Yes, you are correct. It is not like normal AP groups where it will map WLAN to AP belong to that AP group.
Anyway since you have to convert each AP manually to FlexConnect mode, you should do the WLAN mapping at that point as additional step.
FlexConnect Group is mainly to give fast roaming feature for FC APs in brach deployment solution (typically not so many APs). Also keep in mind you can have maximum 25 APs in FlexConnect AP group for WiSM2 or 5508 & you can go upto 100 in 7500 WLC. (see table 7.3 in below link)
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1108090
HTH
Rasika
**** Pls rate all useful responses *****

Hreap vlan mapping issues

wlc 5508 code 7.0.220.0
AIR-CAP3502E-N-K9
ap mode: hreap
vlan mapping native 30
vlan ssid x 310.
each time that for what ever reason my access point goes down(not that my access point resets by itself, if i have to move it), the setting in the vlan mapping resets to whatever my native vlan is, in this case 30
that is native vlan 30
ssid x vlan 30
any idea.

it could be
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw92394&from=summary
but it is marked Unreproduceable. You might try upgrading to the latest 7.2 code if you don't have 'legacy' AP.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Lost VLAN Mapping on WLC 5508 (Flexconnect)

Hi guys, I have a WLC 5508 and some AIR-LAP1131AG-T-K9 all in flexconnect configuration.
The problem is that 1130 Access Points lost the VLAN Mapping configuration without reason, simple change the vlan mapping to 999 and I need to reconfigure that.
I search in some documents on cisco.com but I can't find anything about this issue.
Could you help me please?
Thanks guys.

Hi Scott
Thanks for the answer.
We have around 350 ap's, in 50 different locations (customers). The WLC is running AirOS 7.3.101.0.
Every WLAN is configured to a dummy interface, with the vlanID 2222.
This is the VlanID that the Wlan to vlan mapping got “lost” to.
Unfortunately, I am not able to see the right join time, because the WLC’s was booted. (After the error occurred). Next time I see this, I will look at the join time.
Every location (costumers) has two SSID (guest and employee). The employee network has two vlans (PC’s and BYOD). We are using NPS rules to select witch VLAN the device connectes to.
So in the FlexConnet settings, we do a WLAN to vlan mapping:
GUEST to vlanID
PC’ to vlan ID 5
And in the FlexConnect group we but in the vlan ID for BYOD.
Do you now if the AP stores this to configurations different (flash or RAM)?

H-Reap vlan mapping groups

Hi
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.
All is working , yet i wonder if the vlan mapping can be done better.
Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take foreever. ( i thought one of the main points of the WLC is centralized management )
Am i missing something ? Is there an easier way to do this ?
Cheers, Pankaj

you should be able to set the VLAN mappings from WCS/NCS as well.
as well in 7.2 you can now do dynamic vlan assignment, though you still need to list the VLAN the HREAP can access
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954
Steve

AP 1231 vlan problem multiple ssid

Hi all,
I have troubles configuring the AP. This is what i want:
1 wireless network SSID WORTEL (vlan 1, my internal network)
1 wireless network SSID GUEST_NETWORK (vlan 10, for guests and user2)
With this config only the GUEST_NETWORK have internet access. WORTEL don't even get an ip address from the dhcp server.
See below for the config of the devices.
Thanks in advance for your replies!
ROTER CONFIG (CISCO871-SEC-K9):
Building configuration...
Current configuration : 2824 bytes
! Last configuration change at 11:33:23 UTC Wed Jun 15 2011 by x
! NVRAM config last updated at 11:37:26 UTC Wed Jun 15 2011 by x
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname x
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T2.bin
boot-end-marker
logging message-counter syslog
aaa new-model
aaa authentication login default local
aaa session-id common
dot11 syslog
ip source-route
ip dhcp excluded-address 172.16.1.1 172.16.1.49
ip dhcp excluded-address 172.16.1.100 172.16.1.255
ip dhcp pool user1
   network 172.16.1.0 255.255.255.0
   default-router 172.16.1.1
   dns-server 213.46.228.196 62.179.104.196
ip dhcp pool user2
   network 172.16.10.0 255.255.255.0
   default-router 172.16.10.1
   dns-server 213.46.228.196 62.179.104.196
ip dhcp pool user3
   network 172.16.20.0 255.255.255.0
   default-router 172.16.20.1
   dns-server 213.46.228.196 62.179.104.196
ip dhcp pool user4
   network 172.16.30.0 255.255.255.0
   default-router 172.16.30.1
   dns-server 213.46.228.196 62.179.104.196
ip cef
no ip domain lookup
ip domain name x
no ipv6 cef
multilink bundle-name authenticated
username x privilege 15 password 7 x
archive
log config
hidekeys
ip ssh version 2
interface FastEthernet0
description LINK TO user1
switchport mode trunk
interface FastEthernet1
description LINK TO user2
switchport access vlan 10
interface FastEthernet2
description LINK TO user3
switchport access vlan 20
interface FastEthernet3
description LINK TO user4
switchport access vlan 30
interface FastEthernet4
description WAN INTERFACE
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description user2
ip address 172.16.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan20
description user3
ip address 172.16.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan30
description user4
ip address 172.16.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip http server
no ip http secure-server
ip nat inside source list NAT interface FastEthernet4 overload
ip access-list extended NAT
permit ip 172.16.0.0 0.0.255.255 any log ACCESS-GRANTED
deny   ip any any log ACCESS-DENIED
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
scheduler max-task-time 5000
end
SWITCH CONFIG (WS-C2960-8TC-L):
Building configuration...
Current configuration : 1536 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname x
username x privilege 15 password 7 x
aaa new-model
aaa authentication login default local
aaa session-id common
system mtu routing 1500
ip subnet-zero
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
description LINK TO PC1
switchport mode access
switchport nonegotiate
spanning-tree portfast
interface FastEthernet0/2
description LINK TO ACCESS POINT
switchport trunk native vlan 10
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/3
description LINK TO LAB
interface FastEthernet0/4
description LINK TO PC2
switchport mode access
switchport nonegotiate
spanning-tree portfast
interface FastEthernet0/5
description LINK TO LAPTOP
switchport mode access
switchport nonegotiate
spanning-tree portfast
interface FastEthernet0/6
interface FastEthernet0/7
interface FastEthernet0/8
interface GigabitEthernet0/1
description LINK TO ROUTER
switchport mode trunk
switchport nonegotiate
interface Vlan1
ip address 172.16.1.2 255.255.255.0
no ip route-cache
ip http server
radius-server source-ports 1645-1646
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 5 15
end
ACCESS POINT CONFIG (AIR-AP1231G-E-K9):
Building configuration...
Current configuration : 2267 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname x
ip subnet-zero
aaa new-model
aaa authentication login default local
aaa session-id common
dot11 vlan-name GUEST_NETWORK vlan 10
dot11 vlan-name WORTEL vlan 1
dot11 ssid GUEST_NETWORK
   vlan 10
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 x
dot11 ssid WORTEL
   vlan 1
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 x
username x privilege 15 password 7 x
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 10 mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
ssid GUEST_NETWORK
ssid WORTEL
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
interface Dot11Radio0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
speed auto
full-duplex
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
interface FastEthernet0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
interface BVI1
mtu 1514
ip address 172.16.1.3 255.255.255.0
no ip route-cache
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
end

Thanks this did the job.
I think I'd lost the overview..

H-REAP LWAPs losing VLAN mapping when fail to secondary WLC's

Hello,
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide:
For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Anyone using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
Thanks!

Shawn,
I went back and reviewed everything and everything was duplicated , Except... WLAN_ID. The Wlan ID tags were different. I created a test and failled my two test AP's and they both came up on the backup controller with the proper vlan ID. now I know. When it was working for everyone else I was begining to wonder if I found a new bug or it was my config. This is one I wont forget ..
Thank you

How do I turn off SSID?

How do I turn off SSID please?

hamish72 wrote:
IanC wrote:
Not necessarily - I'm a Fon person, but still have the option to turn off SSID broadcast on my BT Homehub
Personally, I wouldn't bother though. It can make it more difficult than necessary for legitimate devices to connect, while providing no real security improvement.
Think you are correct its the WIFI that can not be turned off when subscribed to Fon
That's not necessarily the case either.
agreed also whilst it may be handy to stop others seeing your ssid it stops you as well
Actually, it doesn't stop anybody !
Could you be more specific please asto how for both points
WRT the first point, I think you're talking about (certain versions of) a particular router. I use a HH1, locked at a firmware version that allows me to control the hardware, rather than vice-versa. This allows me full control of all aspects of its wireless functionality, without opening it up to other Fon/Openzone users...should I want that.
as I cant turn off wifi the tab is greyed out when I subscribe to FON?
If that bothered me, I'd use a different router.
There's no requirement to use a HH...It's being "free" is no reason, in my book, to use hardware that doesn't do what I want - especially given the low cost of a perfectly decent consumer grade router.
And whilst I can see the transmission I cant see the SSID ? when not sent
You're not using the right tools
The SSID is broadcast in the clear whenever a device attempts to connect to it, and there's lots of software out there that'll capture it. If a device is already connected, there are tools that'll fake a deauthenticate frame - which rather conveniently causes the device to reauthenticate and reveal the SSID. If nothing's currently connected, it's just a matter of waiting
Hiding the SSID provides only "security through obscurity". Far better to properly secure the WLAN, and enjoy the convenience of broadcasting the SSID.

Vlan mapping missing from flexconnect AP

I am having
issue with flexconnect mode AP. They are losing vlan mapping very frequently. I need to reconfigure the vlan mapping then only client starts getting IP addresses. Please let me know what may be the issue.
AP model: AIR-CAP3602I-N-K9
WLC model: AIR-CT5508-K9
Regards,
Vijayanand

The configuration on the controller must be the same between the time the access point went into standalone mode and the time the access point came back to connected mode. Similarly, if the access point is falling back to a secondary or backup controller, the configuration between the primary and secondary or backup controller must be the same.
You need to configure the Flex connect AP—switch --- controller , for the example to go through proper steps.
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1225028

How Do VLANs Map to SSIDs in Wireless?

Similar Messages

Maybe you are looking for