Large Subnet for single SSID

Similar Messages

• WLC 2504 client only connects at 5.5Mbps for Single SSID

  Hi,
  I have a WLC2504 with three SSIDs configured and I have noticed that when my laptop connects to the main one it will only connect at 5.5Mbs. When I connect to the other two I get the full 72Mbps that my wireless card will allow. I have checked the SSID configuration but I cannot see anything that would cause this behaviour. Do you have any ideas/suggestions?
  Thanks.
  Gerry.

  Hi,
  Sometime it also happen due to co-channel interference, try by using setting up any other channel on 1st SSID and then check the connection speed.

• How to map two different subnets to one SSID

    Hi Experts ,
  we have two offices in same city at different location however we are planning to bring both the office at same location.
  Now lets say site A has controller 5508 configured with 24 AP's with 10.10.10.x subnet for internal SSID and Site B which is shifting to Site A campus has different subnet ( 10.10.20.x )  for same SSID.
  Site B has no controller since they had connection with H-reap and they were using different subnet for internal SSID ( 10.10.20.x ) .....
  Now i need to add their AP's in Site A controller which will be extended wireless LAN however we would like to keep same subnet ( 10.10.20.x )  what Site B has for wireless clients which is really confusing me ....
  I have already client subnet for site A with 10.10.10.x /24 subnet  and nearly 200 users are already using this wireless client subnet....
  How do i add their ( Site B ) subnet / 10.10.20.x  with same SSID configured  which is globally only one SSID  ?
  limitations :
  I can not create new SSID for site B since same will be broadcasting even in Site A AP's
  Is this possible to map one more subnet of site B to existing SSID with already different subnet ( 10.10.10.x ) ?
  Your suggestions will be really helpful for me to go ahead and understand in better manner ...

  Well first off, you need to bring that subnet over to site a without breaking any routing. Once you do that then sites B subnet will have a different vlan than site A of course. Now with both subnets working in site A, you create a dynamic interface on the WLC for that new subnet. Create an AP group for both sites, you can name it by vlan or by any name you want. Now in the ap group for site A, you define what SSID's you want and map the vlan to that ap groups. Then add sites A AP's to that group. You do this also for site B's AP's and map the SSID to the new subnet you brought over and move the AP's to that group. The APs from site B would have to be setup in local mode not hreap.
  Makes sense
  Sent from Cisco Technical Support iPhone App

• Multiple Passphrases for a Single SSID ?

  We are getting ready to deploy a special SSID for handheld devices to be used on.
  Is there any way to have multiple passphrases for a single SSID ?  The reason I am looking at this is that we may have users who come into one of our offices and may not have gotten/received the email advising of the passphrase change.  My hope would be that we could implement Passphrase A when we initially deploy the new SSID and then in say 3 months, change the password.  We would like to leave the Passphrase A active for about a week which should be sufficient time for them to change it and then we could delete Passphrase A, leaving only Passphrase B active.  In WEP there was something like this but I dont see this as an option in WPA2.  Unfortunately with some of the devices that I have looked at, WPA2 Enterprise isnt an option, so that is why I am looking at things from this perspective.
  Any suggestions would be appreciated.
  Ron

  Hello Ronald,
  No you cannot have multiple passphrase or WPA-PresharedKey for the same SSID.
  Thank you,
  Serge

• How do I output a large pdf into single pages for press?

  How do I output a large pdf into single pages for press?

  It is certainly a good point that, if they need the files separately, and don't even know how to use Acrobat to split it themselves, it might lead one to question their expertise in the PDF field.

• I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

  Hi team,
  I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
  I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

  http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
  I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
  waiting expert opinions.

• Recommendation hosts in a single subnet for agents in IPCC

  Hi,
  i am looking for designing the subnets for agents in an IPCC deployment, could someone help me in understanding the best practice/recommendation from Cisco on the number of hosts which is best to keep in a single subnet.
  Thanks.

  Hello:
            If the cluster multicast address is set to default it works fine. When it is
            set to 239.192.24.123 it does not work.
            regards,
            Ravi
            Ravi Krishnamurthy wrote:
            > Hello:
            > In a cluster with nodes from different subnet ( with weblogic 7.0 sp1)
            > there is an application deployed with mdb's. The jms server is not
            > clustered and is targetted only on one server in the cluster.
            >
            > When the second node is starting, it is not able to comminicate with the
            >
            > jms server running in the other node. The connection factories are
            > clustered.
            >
            > What I may be doing wrong.
            >
            > regards,
            > Ravi
            

• Scenario for single WLAN to multiple VLANs

  Hi there,
  I read from this forum some discussion about the WLC VLAN Select feature.
  http://www.cisco.com/image/gif/paws/113465/vlan-select-dg-00.pdf
  I see that you can use this feature to have multiple VLANS (interfaces) to map to the same WLAN (SSID).
  What I try to learn is under what scenarios would people need to have mutliple vlan mapped to single SSID?
  In my environment, I have 50+ AP int he campus on 20+ Cisco 4500 switches.  I have single WLAN and it is mapped to one subnet.  All wireless users would be on that subnets, whereas wired users are on 20+ subnets of their own.
  Can someone help me to see under what scenarior (or requirement) that I would want to have multiple vlans mapped to single SSID?
  Thanks.

  having a large number of users in single subnet is not the best in all designs, since you will have a large single broadcast domain which is a true disaster with dense networks. If you the company policy states that we need only one single ssid
  for the whole employees within the company, it doesn't make sense to have them all on the same subnet.
  A lot of options are available to overcome such issues :
  for example, we might have AP groups feature , dynamic vlan assignment given that we have radius server in place, and vlan pooling.
  It might not be feasible to have RADIUS server all the time, and AP groups might be kind of administrtive overhead as well as it might induce a lot of issues when aps fail over from controller to controller --> Vlan select is a good soultion considering the previously mentioned reasons.
  Please Make sure to rate correct answers

• Single SSID w/ 1000+ Clients

  I'm working on setting up a single guest access SSID on a Cisco 5508 WLAN controller for clients to use on our campus.  When dealing with 1000+ clients, there are segmenting options such a single large subnet (/21 or so), AP groups w/ smaller subnets, and interface groups with smaller subnets (VLAN Select feature).  Which method is considered best practice?  Is there a "magic" number of clients where you would want to start using multiple smaller subnets instead of single large one? 

  How it works is you have a single wlan. Today you select a single dynamic interface for that wlan. If you create an interface group you add multiple dynamic interfaces to the interface group. You then select the interface group to the wlan rather than the single dynamic interface you do today. As clients connect they round robin through the dynamic interfaces you selected for the WLAN.
  Make sense?
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Design: different AP Groups for different SSIDs?!

  Imagine I have different requirements for the AP Groups for different SSIDs
  I suppose I can't have different AP Groups for different SSIDs?!
  Imagine I have to many Clients to use one single VLAN for one SSID. So I will use AP Groups.
  For SSID”X”
  Let's say I have 5 buildings with 800 Users, so I make a AP Group per Building and tell those APs that they are in that group.
  For SSID”Y”
  All though I have this SSID also in all 5 buildings, I only have very view Users, so I could make one single VLAN which makes everything easier.
  Am I obligated now to create 5 VLANs for SSID”Y” too?!
  *This is a made up example. In reality I would make different numbers of AP Groups for different SSIDs because I have significantly different number of Clients… and traffic characteristics (more or less broadcast).
  But it's also about the size of the VLANs, do I make a view large Broadcast Domains (VLANs) or more small ones.
  Greetings, Andi

  You can have a setup like this if you want:
  AP Group 1
  SSID X Vlan 10
  SSID Y Vlan 21
  SSID Z Vlan 31
  AP Group 2
  SSID X Vlan 10
  SSID Y Vlan 22
  SSID Z Vlan 31
  AP Group 3
  SSID X Vlan 10
  SSID Y Vlan 23
  SSID Z Vlan 32
  AP Group 4
  SSID X Vlan 10
  SSID Y Vlan 24
  SSID Z Vlan 32
  AP Group 5
  SSID X Vlan 10
  SSID Y Vlan 25
  SSID Z Vlan 33
  AP Group 6
  SSID X Vlan 10
  SSID Y Vlan 26
  SSID Z Vlan 33
  Here is a link, which you probably already saw.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

• Dynamic vlan assignment with single SSID

  Hi All,
  I have 300 APs deployed  and  concurrent client associations that number 3000+ daily
  at the moment I have a single subnet for all users, there is no authentication just a click through
  page with email entry to gain access.
  The APs are assigned to groups based upon the building zone they are in, is it possible to
  assign a vlan based upon the AP the user is associated to but still only broadcast a single SSID.
  TIA

  You can assign dynamic vlan for 802.1X authentication using aaa override from RADIUS server.
  In your case, since it is webconsent ssid you can use AP groups to put clients on differnt vlans per the AP group
  Sent from Cisco Technical Support iPhone App

• Cisco ISE 1.1.1 - Single SSID

  I'm working on our ISE implementation and these are my two goals.
  1.  Single SSID for BYOD users and corporate managed systems.
  Login to the NAC agent if not part of the domain (EX: windows laptop not part of the domain joins the SSID, goes through the self service portal, downloads NAC agent, must login to NAC agent whenever joining network with AD credentials)
  AD login required to join this SSID, no guests allowed
  2.  Guest SSID
  Guest login only - requires sponsor
  web agent required for windows machine
  AV required
  Current AV definitions required
  Are these goals attainable or am I better to go in a different direction is my first question.
  Second, using the Cisco BYOD Smart Solution Guide (link at bottom of post) it mentions the single SSID as not being a complicated component but it only runs through the dual SSID solution, what settings are needed for a single SSID? I'm using Open + MAC Filtering but when the supplicant attempts to connect it doesn't work because it's looking for a WPA2 network with the same SSID name.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
  Single SSID is specifically mentioned here:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp504735

  David,
  What the documentation did was that it created a condition which does the check for the ssid in the access-request:
  Guest_Authz is a user-defined simple authorization condition for guests  accessing the Internet via Web authentication through the WLAN  corresponding to the open guest SSID. It matches the following RADIUS AV  pair from the Airespace dictionary:
       Airespace-Wlan-Id - [1] EQUALS 1
  So that when the user connects to the network they are connecting through the guest ssid in which this has the wlan id of 1. Either you can do that in your authorization rule right in the screenshot or you can create this condition under the policy elements tab.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ISE Single SSID BYOD - Windows Endpoint user experience

  We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine with these endpoints. We are having issues with Windows clients. On Windows client, when the user selects the SSID, it is prompting for userid/password, but never gets a pop-up for server certificate. We are using a third party public wildcard certificate on ISE for HTTP/EAP authentication.  On ISE, we are getting: 12511 Unexpectedly received TLS alert message; treating as a rejection by the client.                

  12511
  EAP
  Unexpectedly   received TLS alert message; treating as a rejection by the client
  While trying to   negotiate a TLS handshake with the client, ISE received an unexpected TLS   alert message. This might be due to the supplicant not trusting the ISE   server certificate for some reason. ISE treated the unexpected message as a   sign that the client rejected the tunnel establishment.
  Warn

• ISE and Selfservice with single SSID

  Hi, i have:
  WLAN 2504 Controller with 7.2 Software
  ISE 1.1.2
  A single SSID with 802.1x Authentication
  Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.
  - The user connects to the single SSID
  - The user configures peap authentication on his device
  - The user authenticates to a ldap directory with username and password
  - After successfull authentication the user will be redirected to the mydevices portal
  - he logs in with his ldap credentials
  - the mac address of his current device is listed in the mydevice portal
  - user adds his device to the known devices list
  - manual reconnect to my ssid
  Is this possible with ISE? Is there a howto out there with exact this scenario?
  Kind regards

  Hello Andreas,
  WLC 2504 supports CWA, CoA & dACL.
  This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.
  For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html
  Regards,
  Ashok

• Failover for Single ASA

  Hi All,
  I want to know what all fail-over I can build for single ASA. I am planning to connect as per the attached.
  Please let me know  all configuration that i can build. Do i need to assign 2 ip's for that 2 interfaces connected to inside,dmz and outside.
  Please let me know if you any other design.
  Regards,
  Satya.M

  Hi Satya, 
  You cannot assign IP's of the same subnet to two different interfaces of the ASA in the routed mode. So as per your diagram, you cannot connect Inside interface of the ASA to both the 6504E switches or to the DMZ switches as you have shown. If you want to do such a failover, you can use 2 ASA's with Active/Standby failover while connecting ASA-1 to 6504EGa and ASA-2 to 6504EGb. You can also do Active/Active failover.
  Also with 1 ASA, if you want to configure 2 ISP's on 2 interfaces, please remember policy based routing is not supported on ASA so at any gien time only 1-ISP will be active for all the traffic going out. You can have the failover configured so that everything fail's over to the secondary ISP when Primary goes down with tracks etc.
  I hope this helps. If not, can you please post your exact requirements for the failover so that we can suggest you better.
  Best, 
  Raghav