Map 300 different VLANs to a SSID?

Similar Messages

• How to map two different subnets to one SSID

    Hi Experts ,
  we have two offices in same city at different location however we are planning to bring both the office at same location.
  Now lets say site A has controller 5508 configured with 24 AP's with 10.10.10.x subnet for internal SSID and Site B which is shifting to Site A campus has different subnet ( 10.10.20.x )  for same SSID.
  Site B has no controller since they had connection with H-reap and they were using different subnet for internal SSID ( 10.10.20.x ) .....
  Now i need to add their AP's in Site A controller which will be extended wireless LAN however we would like to keep same subnet ( 10.10.20.x )  what Site B has for wireless clients which is really confusing me ....
  I have already client subnet for site A with 10.10.10.x /24 subnet  and nearly 200 users are already using this wireless client subnet....
  How do i add their ( Site B ) subnet / 10.10.20.x  with same SSID configured  which is globally only one SSID  ?
  limitations :
  I can not create new SSID for site B since same will be broadcasting even in Site A AP's
  Is this possible to map one more subnet of site B to existing SSID with already different subnet ( 10.10.10.x ) ?
  Your suggestions will be really helpful for me to go ahead and understand in better manner ...

  Well first off, you need to bring that subnet over to site a without breaking any routing. Once you do that then sites B subnet will have a different vlan than site A of course. Now with both subnets working in site A, you create a dynamic interface on the WLC for that new subnet. Create an AP group for both sites, you can name it by vlan or by any name you want. Now in the ap group for site A, you define what SSID's you want and map the vlan to that ap groups. Then add sites A AP's to that group. You do this also for site B's AP's and map the SSID to the new subnet you brought over and move the AP's to that group. The APs from site B would have to be setup in local mode not hreap.
  Makes sense
  Sent from Cisco Technical Support iPhone App

• Mapping Multiple VLANs to Multiple SSIDs as one-one in WLC 5508 via H-REAP?

  Hi All,
  Can anyone please show me how to map a SSID/WLAN ID to a local vlan of a LAP in WLC 5508 using H-REAP local switched? The reason of doing this is to separate Data subnet/traffic from Voice as currently all 7925 handsets using same SSID as PCs. I would like to create two VLANs on APs and map them to two SSIDs. I could not see any option in WLC5508 to do this. Also when I change the AP mode from H-REAP to local and configuring sub interface using dot1q on the interface Gi0 then unable write running-config to startup-config because I get NVRAM Verification Failed as WLC protects any local changes on any registered LAP at NVRAM.
  Your help is much appreciated.

  Mehdi:
  I am talking about HREAP groups, not AP groups.
  You can not achieve what you want if you are using the same SSID on same AP with only a WLC (same AP with same SSID is mapped to different VLANs). You may need a radius server to dynamically assign a VLAN to the clients if you are using same SSID for data and voice.
  If you are using different SSIDs for voice and data, you can map each SSID to its corresponding VLAN on the remote site using the VLAN mapping option under HREAP tab in the AP config page.
  You can not configure the AP from its console. Lightweight APs can only be configured from the controller. (a few exceptions are available that do not apply here) .
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• How to use different Vlans outside another gateway in sg-300 28?

  dear all
  how shall i use different vlans outside another gateway in sg-300 28?
  Example:
  vlan2 192.168.2.0/24 gateway 192.168.2.1 outside router gateway 192.168.2.254
  vlan3 192.168.3.0/24 gateway 192.168.3.1 outside router gateway 192.168.3.254
  should me doing in sg-300 28?
  thanks.

  Hi Amin,
  Leave the switch in Layer 2 mode 
  Cable  VLAN2  to the to the outside router gateway 192.168.2.254 interface
  cable  VLAN3  to the to the outside router gateway 192.168.3.254 interface
  Excuse the rough diagram
  Make the port going to the outside router gateway,  untagged in the vlans they will be transporting. (I am assuming that the router gateway is not vlan aware.)
  IP hosts will most likely get DHCP from the router gateway.  The IP hosts will then automatically send IP traffic to the router gateway.
  VLAN 1 in my switch,  could  then be the only interface within the switch  that has a IP address associated  with it,  for management purposes.
  I can see from you post,  that English is not your first language,  if you want to speak to someone,  you can ask a question by going to;
  www.cisco.com/go/sbsc
  regards Dave

• Same SSID, different vlans

  I currently have a 4402 in place, with my main office building working fine.
  We are looking at bringing in the wireless at 4 other sites, but we want to use the same SSID.
  How would I go about assigning different vlans (networks) to the same SSID.

  You can use the "AAA Override" feature on controller. You need to have different dynamic interfaces for different vlans configured on the controller. After sucessful authentication, radius server could pass the dynamic interface information to the controller and controller can put users to different vlans according to the feedback from radius server:
  http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig40/c40sol.htm#wp1086421
  Zhenning

• Use Infrastructure Navigator to map out applications on different VLANs

  Hello.  I will be trying out Infrastructure Navigator in our environment and I'm wondering how I would go about mapping out applications across our different VLANs.  We have certain networks presented to certain clusters.  Will I need to have a Navigator appliance in each network segment or will I be able to tell Navigator to look at all of the networks across the clusters?
  Thanks for any information you can provide.

  Hello CHJamey,
  I just saw your post and I'd like to try to help. 
  As long as all the VLAN's are known objects in the vSphere, the VIN shouldn't have any issues with mapping out which VMs are communicating with other VMs. 
  You mentioned applications, could you perhaps be a little more specific?  Did you mean Automatic Applications, Manual Applications, or the applications running inside the VMs?
  -Michael.

• Does WCCP support traffic from different VLANs(mapped to VRFs)?

  Hello,
  I have the following scenario from the WAN to the Data Center and from the WAN to the Branch:
  1. Router 2800/7200 with three (3) MPLS VRFs (VRF Lite)
  2. Switch 3750 with three (3) WAN VLANs (one for each VRF) and three (3) LAN User Traffic VLANs (one for each ASA Context) and one WAE VLAN
  3. WAE with WCCP enabled for one VLAN in the switch
  4. ASA with three (3) Contexts
  5. Three (3) Internal LANs (one for each Context)
  In summary, there are three flows of traffic which are separated along the way from Branch to Data Center. WAEs are working for one VLAN(VRF1) and WCCP is enabled at the 3750 Switch to do the redirection (not in the router). The question is: does WCCP support traffic from different VLANs (similar to inline 802.1Q) and handle all three flows separate? If so, what should the configuration be at the switch and the WAE?
  Thanks.

  The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.
  It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.
  at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in
  Kindly find here GRE Tunnel with VRF Configuration Example:
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
  I have gotten as far as the WAE registering the router:
  "WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.
  WCCP configuration for TCP Promiscuous succeeded.Please remember to
  configure WCCP service 61 and 62 on the corresponding router."
  wae01#sh wccp router
  Router Information for Service: TCP Promiscuous 61
  Routers Configured and Seeing this Wide Area Engine(1)
  Router Id Sent To Recv ID
  0.0.0.0 209.1.1.1 0000022F
  The router registers the WAE as a WCCP client:
  router04#
  "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP
  client 209.1.1.2"
  "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP
  client 209.1.1.2"
  The router however cannot figure out what its ID is and does not see
  itself as a WCCP group router.
  router04#sh ip wccp
  Global WCCP information:
  Router information:
  Router Identifier: -not yet determined-
  Protocol Version: 2.0
  Service Identifier: 61
  Number of Service Group Clients: 1
  Number of Service Group Routers: 0
  Total Packets s/w Redirected: 0
  Process: 0
  Fast: 0
  CEF: 0
  Redirect access-list: ACCELERATED-TRAFFIC
  Total Packets Denied Redirect: 0
  Total Packets Unassigned: 25957
  Group access-list: -none-
  Total Messages Denied to Group: 0
  Total Authentication failures: 0
  Total Bypassed Packets Received: 0
  This is a short summary of important commands for working with VRF's.
  View the VRF instances and the associated interfaces.
  ml-mr-c6-gs#show ip vrf
  Name Default RD Interfaces
  blurvrf 100:2 Vlan215
  Vlan326
  tgvrf 100:1 Vlan132
  Vlan325
  TenGigabitEthernet1/1
  ml-mr-c6-gs#
  Show the routing table for a specific VRF.
  ml-mr-c6-gs#show ip route vrf tgvrf
  Routing Table: tgvrf
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external,
  ---More--
  Gateway of last resort is 128.117.243.57 to network 0.0.0.0
  O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325
  O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325
  172.17.0.0/29 is subnetted, 3 subnets
  O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325
  O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325
  O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325
  --More--
  Debugging should otherwise be similar to a regular switch or router.
  Final Teragrid VRF Design and Diagrams
  http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml
  Teragrid Testbed Design
  http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml
  Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
  Configuring VRF-Lite
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
  sachin garg

• 1242AG Bridge, VLAN and Multiple SSIDs

  I have two buildings that I'm trying to configure a bridge in between them using 2 1242AG APs.
  Building A
  PCOFFICE SSID on VLAN 200 Radio G
  ROOT_1 SSID on Native VLAN 1 Radio A
  Root Bridge
  Building B
  FDAPC SSID on Native VLAN 1 Radio G
  ROOT_1 SSID on Native VLAN 1 Radio A
  We are using directional antenna.  I know they are lined up properly because I have them both down and in front of me.  I'm getting an error on the Building B AP that says "
  No SSID with VLAN configured. Dot11Radio1 not started." and I'm unable to get this to work.  The bridge was working before I added the VLAN and encryption/WPA information for the PCOFFICE and FDAPC SSIDs
  Any assistance would be amazing.  Thanks!  Please see attached files for configurations.  I know the switch is configured properly because I had this working before and forgot to save the damn configuration off the devices.  I'm not having to do it over from scratch.

  That did not work.
  I've managed to fix the ROOT_1 and FDAPC... now I'm having an issue where I can attempt to connect to the PCOFFICE SSID but I'm unable to get a DHCP address from the server.
  Here is the config for the AP with PCOFFICE on it and the switch.
  SWITCH
  interface GigabitEthernet3/2
  switchport trunk allowed vlan 1,200
  switchport mode trunk
  interface Vlan1
  ip address 192.168.3.4 255.255.255.0
  interface Vlan200
  ip address 192.168.30.2 255.255.255.0
  ip helper-address 192.168.3.98
  ip default-network 192.168.3.0
  ip route 0.0.0.0 0.0.0.0 192.168.3.1
  no ip http server
  ACCESS POINT
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname AP1_ROOT_AP
  enable secret 5 REMOVED
  ip subnet-zero
  no aaa new-model
  dot11 vlan-name VLAN1 vlan 1
  dot11 vlan-name pcCopper vlan 200
  dot11 ssid PCOFFICE
     vlan 200
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 REMOVED
  dot11 ssid ROOT_1
     vlan 1
     authentication open
     authentication key-management wpa
     infrastructure-ssid optional
     wpa-psk ascii 7 REMOVED
  dot11 network-map
  dot11 arp-cache optional
  power inline negotiation prestandard source
  username Cisco password 7 REMOVED
  username admin privilege 15 password 7 REMOVED
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  encryption vlan 200 mode ciphers tkip
  ssid PCOFFICE
  speed basic-2.0 5.5 11.0 12.0 18.0 24.0 36.0 48.0 54.0
  no power client local
  power client 17
  power local cck 17
  power local ofdm 17
  channel 2462
  station-role root access-point
  antenna receive right
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 port-protected
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 200
  bridge-group 200 subscriber-loop-control
  bridge-group 200 block-unknown-source
  no bridge-group 200 source-learning
  no bridge-group 200 unicast-flooding
  bridge-group 200 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  encryption vlan 1 mode ciphers tkip
  ssid ROOT_1
  dfs band 3 block
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  no power client local
  power client 11
  power local 11
  channel 5180
  station-role root bridge
  antenna receive right
  antenna transmit right
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  hold-queue 160 in
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0.200
  encapsulation dot1Q 200
  no ip route-cache
  bridge-group 200
  bridge-group 200 spanning-disabled
  interface BVI1
  ip address 192.168.3.241 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.3.1
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local

• WLC 4402 assign multiple VLANs to one SSID

  Is it possible to have one broadcasting SSID but clients seperated by, lets say say 7 different vlans in the WLC?  For example- each floor would be seperated by its own vlan and dchp pool, but they all connect to one SSID in the controller.  From what I just read it seems that each vlan would be assigned its own SSID?

  For anyone needing further info see here:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

• Can router dhcp different addresses to different vlans for wireless clients

  is it possible for the router to hand out different ip's to wireless clients on different vlans?

  Yes, the router needs to have a dhcp pool on each subnet and have an "interface Vlan x" for each vlan. It will then assign ips to clients in different vlans.
  One vlan per SSID.

• 1300 bridge with native and management vlan in different vlans

  Hello,
  We are going to set up a wireless bridge between two 1300 accesspoints. In our network the native vlan and the management vlan are different vlan's. Will we be able to manage the ap and switch at the "remote" site? Do we have to set up two ssid's, one for native and one for management?
  regards,
  Rutger

  Too answer my own question:
  I don't think it is possible. Things work fine by making our management vlan the native vlan on switches and ap's involved. Management IP address on the BVI1 interface and everything works!
  Rutger

• Is it possible to do message mapping using different namespace message type

  Hi all,
  Is it possible to do message mapping using different namespaces message types
  Example :
  i am having message type MT_1 in namespace http://sap.com/abc
  and second message type MT_2 in namespace http://partner.com/xyz
  so MT_1 can be mapped with MT_2 or not having different namespace.
  Thanks

  Read through my reply in this thread for Defining Software component dependencies.
  Though it explains this for Improted Archives, it also holds true for Message Types to be used in message mappings.
  Re: Payload Extraction
  Regards
  Bhavesh

• AP On Different Vlan Than Controller

  I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch.  Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch.  Can I put the AP's on a different VLAN (10) without having any issues?  I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
  WLC Config
  interface GigabitEthernet1/1/38
  description WLC01
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  channel-group 5 mode on
  interface GigabitEthernet1/1/39
  description WLC01
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  channel-group 5 mode on
  interface Port-channel5
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  AP Interface Config
  interface GigabitEthernet1/0/1
  description *** Access Point AP001 ***
  switchport access vlan 10
  switchport mode access
  spanning-tree portfast
  Will this work? 

  Hi Pat,
  When deciding to do LOCAL mode or CENTRAL SWITCH mode you need to consider a few items:
  1) NAT -- If there is a NAT between both locations almost all customers would rather LOCAL mode. Reason being is the ability to access local resources without nat issues. Remember, central model has all traffic and IP addressing coming from the main office.
  2) Internet / Main office connection - If the remote office is on a MPLS for exmaple. Using local switching is reartly used becuase if you lose the conenction with the main office you have bigger issues then having wireless access.
  These are the 2 questions my customers always look at ...
  I hope this helps...

• Wireshark capture on access port displays different vlan traffic

  Hi Guys,
  i have a nexus 4001i Blade Center Switch where i have a server connected in mode access to a particular vlan.
  when i use wireshark on this port, i see different traffic conversations of different servers in different vlans which seems strange to me.
  anybody have an idea why a server in mode access with wireshark is able to view different vlan traffic? I also see non multicast and non broadcast converations.
  the port the server is connected to is not a monitor port but only in switch port mode access.
  thanks in advance for you feedback

  Hi,
  So it looks like you're getting unicast traffic flooded to all ports. There are a couple of reasons I've come across that can cause this.
  Asymmetric routing: See Unicast Flooding in Switched Campus Networks and/or Case Study #8: Asymmetric Routing and HSRP (Excessive Flooding of Unicast Traffic in Network with Routers That Run HSRP) for details of why it happens and how to prevent it.
  Microsoft Network Load Balancing. As per the Microsoft Troubleshooting NLB:
  In unicast mode (the default Forefront TMG cluster operation mode) NLB induces switch flooding, by design, relaying packets sent to the VIP addresses to all cluster hosts. Switch flooding is part of the NLB strategy for obtaining the best throughput for any specific load of client requests. However, if the NLB interfaces share the switch with other (non-cluster) computers, switch flooding can add to the other computers' network overhead by including them in the flooding and consequently have a detrimental effect on network and/or server performance.
  Regards

• Multicast Does not work between different VLANS

  Hi,
  I have problems with multicast. On the same VLAN i can see the SAP announcement in VLC and play, but on different VLAN i can see SAP but i cant play it. The play turn to pause and the video doesn´t appear.
  I have 2 Cisco 6500 switch CORE with GLBP configured but not working. In the second switch i have all interfaces in shutdown. The first core switch have L3 routing enable.
  The Global configurations:
  ip multicast-routing.
  I have the transmitter PC on vlan 51 i transmit to 230.0.0.50 group an im trying to recive on vlan 80. The vlans configurations are:
  Vlan 51
  ip address x.x.31.254 255.255.255.0
  ip pim sparse-dense-mode
  Vlan 80
  ip address x.x.80.1 255.255.255.0
  ip pim sparse-dense-mode
  I have 2 Cisco 2960 (L2 only) for the access.
  The principal commands outputs are:
  CORE1#show ip mroute | inc 230.0.0.50
  (*, 230.0.0.50), 01:50:50/00:02:21, RP 0.0.0.0, flags: DC
  CORE1#
  CORE 1
  interface Vlan1
  ip address x.x.1.1 255.255.0.0
  ip access-group 101 out
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan51
  ip address x.x.31.254 255.255.255.0
  ip access-group 151 out
  ip helper-address x.x.x.x
  ip helper-address x.x.x.x
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan80
  ip address x.x.80.1 255.255.255.0
  ip access-group 150 out
  no ip unreachables
  ip pim sparse-dense-mode
  glbp 80 ip x.x.80.254
  glbp 80 timers 5 18
  glbp 80 timers redirect 600 7200
  glbp 80 priority 254
  glbp 80 preempt delay minimum 60
  glbp 80 authentication text glbpkey
  glbp 80 forwarder preempt delay minimum 60
  CORE2
  interface Vlan1
  ip address x.x.1.4 255.255.0.0
  ip access-group 101 out
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan51
  ip address x.x.31.2 255.255.255.0
  ip access-group 151 out
  ip helper-address x.x.x.x
  ip helper-address x.x.x.x
  no ip unreachables
  ip pim sparse-dense-mode
  shutdown
  mls rp ip
  glbp 51 ip x.x.31.254
  glbp 51 timers 5 18
  glbp 51 timers redirect 600 7200
  glbp 51 preempt delay minimum 60
  glbp 51 authentication text glbpkey
  glbp 51 forwarder preempt delay minimum 60
  interface Vlan80
  ip address x.x.80.2 255.255.255.0
  ip access-group 150 out
  no ip unreachables
  ip pim sparse-dense-mode
  shutdown
  mls rp ip
  glbp 80 ip x.x.80.254
  glbp 80 timers 5 18
  glbp 80 timers redirect 600 7200
  glbp 80 preempt delay minimum 60
  glbp 80 authentication text glbpkey
  glbp 80 forwarder preempt delay minimum 60
  end
  Someone can help?
  Thanks,
  Alfredo

  Hi johnd...
  Im using VLC 1.1.2 (i can not update because i have a DVDT2 card to capture the digital terrestrial television and it only work in this version). I have all the firewalls down.
  This is the output for the show ip igmp snooping groups on the 2960.
  80        230.0.0.50               igmp        v2          Gi1/0/21, Gi1/0/24
  Port G1/0/21 is where the receiver is conected and the 24port is the trunk.
  Jon, i revert and this is the output. I put the ip pim rp-address the same of the lookpback that i create previously.
  (*, 230.0.0.50), 00:37:46/00:02:19, RP 192.168.230.230, flags: SJC
    Incoming interface: Null, RPF nbr 0.0.0.0
    Outgoing interface list:
      Vlan80, Forward/Dense, 00:09:52/00:00:00
  The strange thing is that I have more than 40 vlans and it only fail in some vlans like 80.