Multiple vlan with multiple SSID

Similar Messages

• Multiple vLans with Multiple Gateways

  HI.
  Got a SF500 in layer3 mode, operating 5 vlans all with their own subnet.
  Vlan 10 = 192.168.10.0/24
  Vlan 100 = 192.168.100.0/24
  Vlan 200 = 192.168.200.0/24
  Vlan 201 = 192.168.201.0/24
  Vlan 202 = 192.168.202.0/24
  We have a gateway on Vlan 10 (192.168.10.1), which all vlans can see & access (because of intervlan routing), and this at present allows vlan 10 to access the internet.
  I want vlan 100 to be able to access the internet through this gateway as well, although the other vlans (200,201,202), will use a different gateway located on vlan 200 subnet.
  Of course, the gateway has to exist in the subnet.  I cannot assign the default gateway of a machine on vlan 100, an ip address of the gateway on vlan 10.  
  If I point the default gateway to the virtual interface in its subnet (e.g. 192.168.100.254), it equally does not know how to get out to the internet, even though it can see the gateway (I can access a web page it hosts).
  So the question is this:
  Can vlan 100 traffic be routed on the SF500 to use the gateway on vlan 10? (outside of the default gateway of the switch).
  If this is not possible with the SF500, what would I need to make it work?
  Many thanks.

  Hi Andrew,
  I don't have more information about your network so I will try to much your configuration from your post
  let's say we have this configuration :
  1. Create Vlan 10 and assign on SVI IP address 192.168.10.254 /24
  2. Create Vlan 100 and assign on SVI ip address 192.168.100.254/24
  3. Create Vlan 200 and assign on SVI ip address 192.168.200.254/24
  4. Create Vlan 201 and assign on SVI IP address 192.168.201.254/24
  5. Create Vlan 202 and assign on SVI IP address 192.168.202.254/24
  and the gateway (Router) is on Vlan 10 with IP address 192.168.10.1
  6. we assign at least one port to each vlan and the switch port from where is connected to the router should be trunk (10U,100T,200T,201T,202T) it means All the traffic from Vlan 100,200,201,202 is Tagged and transmitting through Untagged Vlan 10
  7. Under IP Cofiguration --> IPv4 Management and Interface --> IPv4 Route
  8. add the deafult static route to the gateway : 
  Destination  : 0.0.0.0
  SubnetMask   : 0.0.0.0
  Remote IP GW :192.168.10.1
  Now from the router expectation : router need to NAT all the source IP address (200.0/24 , 100.0/24 ...)
  I don't know what the router you have but there is a router where NAT all the source coming to him to go to Internet, but there is other router which need to configure NAT for the unknown address for the router side --> Here is up to the Router 
  after that connect PC to port on Vlan 100 setup static IP for example 192.168.100.100/24 with Gw 192.168.100.254 should access to the internet via the trunk port on the switch and router should NAT this subnet to go outside
  Hope I was clear 
  Please rate this post or marked as answered to help other Cisco Routers
  Greetings 
  Mehdi

• Multiple Vlans with multiple Internet connections using PBR

  Hello all,
  I'm trying to wrap my head around this configuration and not having a lot of success.  I have several Vlans 3,6,71,72,160, and 180.  I have two internet connections, Internet1 is connected to an ASA5510 and Internet2 is connected to a Meraki MX80.  I'm using two 4506 switches on my backbone trunked to 3750 switches that my clients connect to.  None of these switches have IP Services and my 4506 supervisor does not have an Enterprise license. However I do have one 3750 100Mbit switch with IP Services so I'm using that to do my PBR.  All my routing is currently being done on the 4506 switches and all Internet traffic is going to the ASA.  What I would like to do is force vlan160 and vlan180 through the Meraki as their Internet connection and the rest of the Vlans go through the ASA.  I'm thinking about trunking my vlans from the 4506 to the 3750 (the one with IP Services) and use policy based routing from there to force vlan160 and vlan180 to the Meraki.  But in order to do this I think I would have to move my routing onto the 3750 switch but since that is only 100Mbits I'm thinking this is going to choke my network down and defeat the purpose of the 4506 backbones.  Any suggestions or alternate ways to achieve my goal?
  Appreciate any help you guys can send my way.
  Matt

  Matthew
  What is the speed of the connection from the 4500 to the ASA and what is the combined speeds of the internet connections ?
  You definitely don't want to do all the inter vlan routing on the 3750. You could connect it up as shown in your diagram but leave all the routing between vlans on the 4500s. Then you -
  1) connect the 3750 to the 4500 using a L3 point to point link
  2) connect the 3750 to the ASA using a L3 point to point link
  3) do PBR on the 3750 interface connected to the 4500 for traffic coming from the 4500.
  If the 4500 supervisor/IOS version doesn't support routed links on that end just use an access port in a dedicated vlan ie. no other ports in the vlan and create a new SVI for it.
  You would need to update your routing to reflect the next hop on the ASA, Meraki, 3750 and the 4500.
  Disadvantages are -
  1) you only have fast ethernet ports on the 3750 so if the combined internet speed is greater than that then it will be a bottleneck.
  2) it is a single point of failure ie. if it is lost all internet via both connections is lost.
  The alternative would be to not have the 3750 in the path but connected to the 4500 via a trunk link and then route just vlan 160 and 180 on the 3750 ie. move their SVI(s) onto the 3750. Then the 3750 could have a direct connection to the Meraki device and point the default route that way (no PBR needed). The trunk would only allow those specific vlans on it.  This would mean a failure of the 3750 would not mean ASA internet lost but it would mean loss of connectivity for the two vlans routed on the 3750.
  You would need to add routes to the Meraki for return traffic plus routes on the 3750 and 4500 for inter vlan routing.
  The main disadvantages here are -
  1) inter vlan routing between the vlans routed on the 4500s and the vlans on the 3750 will be limited by the 100Mbps connection. However you could use an etherchannel trunk so you could get greater overall throughput and some redundancy
  2) more importantly though i suspect you are running HSRP between the 4500s for the client vlans and moving the SVIs onto the 3750 means a single point of failure for those vlans. 
  Personally i would tend towwards option 1) because of the SVI HSRP issue and perhaps because there may be a lot of inter vlan traffic and even with an etherchannel it would be too much. 
  But, single point of failure issues aside, a lot does depend on internet bandwidth in option 1) vs inter vlan traffic in option 2).
  So it's a tradeoff and personally i don't think either are ideal  so i'll have another think on this in the morning to see if there is anything more obvious that i have missed or maybe someone else will add to the post.
  Jon

• Multiple Macs with multiple user accounts

  I have a Mac computer connected to airport and use Time Machine for backups. This works well.
  I have now purchased a second Mac and would like to include this second Mac so that I can move between Macs and work. There does not appear to be any mechanism to allow this.

  After searching the web and the discussion here, here's my minimal impact solution for multiple Macs with multiple users in a household:
  1) Set up Mac1 for myself only
  2) Set up Mac2 for the wife and kid
  3) Set up each Mac to backup to the Airport base station using Time Machine (this would create two separate backups on the Airport base station's drive, which from what I've read has its own problems)
  4) On Mac1 setup "empty user accounts" for the wife and kid. These will not have any files in them - just an access mechanism. If they want to access their files, they can use Time Machine's "The Browse Other Backup Disks Option" to get their file from Mac2, work on it and then drop it in the Shared Folder. Next time they are on Mac2, remember to copy the updated/created file from the Shared Folder into their Mac2 user account. If possible, get Time Machine to not backup the "empty user accounts".
  5) Do the same for me on Mac2.
  Not the most elegant solution, but until Apple get off their backside and make this seamless, I can't think of anything else :-( .
  P.S. iCloud is not a soluton since it costs hundreds of dollars a year, uses up intenet data allowance and is slow.

• Multiple Quizzes with multiple results (in Captivate 6)

  Hey guys, Thanks for reading!
  Does anyone know if it is possible to do multiple tests with multiple results in captivate 6? or if it is possible to have a pre-test with a quiz, and have separate results for each?
  I've been having a play with captivate 6 and when I put a quiz in, it overrides the results slide for my pre-test.
  Looking at the results slide master properties I can choose to have results for one of my quizzes but not both (even on separate slides):
  It wont even let me insert another slide based on the other result.
  I would like to know if multiple quizzes with multiple results is possible in Captivate 6?, or if I am simply doing something wrong?
  Thanks!

  Sorry for way-late reply...
  It's really more how your LMS handles 'courses' and the terminology it uses.
  Essentially, most often, a 'SCORM Package' (SCO) is a 'course'. I'd rather call each SCO a 'lesson' as, to me, 'courses' should be setup in the LMS with a series of 'Lessons'.
  Regardless of the terminology, each 'SCO' is launched by the LMS and one score can be recorded for it via SCORM.
  So if you need multiple final scores recorded, each of those final scores need to be in their own SCO.
  A common approach is a Pre-Test SCO (or 'lesson', or 'course', whatever term), a 'Content' SCO perhaps with some interspersed scored interactions, and a Post-Test SCO...all three merged together as a 'course' (or whatever term) within the LMS.
  That said, as said, it really all depends on how your LMS handles various SCOs...
  Clear as mud?
  E

• Creating multiple vlans across multiple switches

  Hi All,
  How should I create multiple vlans across multiple switches?
  For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP?  Just trying to practice and learn.. Any help will be greatly appreciated:)
  VLAN 100: [DHCP-workstations]
  172.26.4.0/24
  172.26.5.0/24
  VLAN 200: [Servers]
  172.16.1.0/24
  172.16.2.0/24
  VLAN 300: [Printers]
  192.168.129.0/24
  192.168.130.0/24
  VLAN 800: [Management for switches/routers]
  10.160.1.0/24

  Hi
  You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
  Thanks
  Ankur
  "Please rate the post if found useful"

• Binding multiple VLANs to single SSID on WLC

  I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.

  the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
  Here are a couple of links tha might help.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html

• Bridging multiple VLAN with sg 200-08 and wap321

  Hi all
  Equipment:
  ASA 5505
  2x gs 200-08
  2x wap321
  Is there a possibility, to bridge 2 VLAN between one and another side with two WAP 321 and use the AP's also as WDS Bridge to extend the Wireless Network?
  I need to extend the Range of the WLAN but also want to use 2 different VLAN on both sides of the network. There is no Possibility to establish a wired Connection, so i try to use the AP's in "workgroup bridge" mode, but i always can use only one VLAN on the other side.
  Thanks for any help

  Hi Luis
  The Problem is, there is no wired connection between the WAP321.
  The topology is like this:
  VLAN1------ASA5505--  --SG200-08---------WAP321             WAP321--------SG200-8-------VLAN1
                                               I                                                                                                 I
  VLAN2---------------------------                                                                                               -----------VLAN2
  VLAN1 and VLAN2 are also available in the WLAN on 2 Different SSID's:
  SSID: inside -> VLAN1
  SSID: outside -> VLAN2
  If i understand the Cluster mode right,there is a wired connection required between the WAP321 .
  In meantime i tried to connect the WAP321 over WDS, but always only VLAN1 is available on the "right" side of the Network.
  Is there a Possibility, to Bridge multiple VLAN's over a WDS connection?
  Best Regards
  Dominique

• Multiple VLAN's, one SSID

  I'm getting to the point where my campus wireless network is growing past the subnet size that I'm comfortable dealing with.  I have a WiSM and WCS and am running the newest IOS on each.  Is there any way to use multiple VLAN's on one campus-wide SSID?
  Or, can I put the same SSID on the two controllers and map it to two separate VLAN's without causing roaming issues?
  Thanks,
  Eric

  Hi Eric,
  Yes we can do this and this feature is called AP Grouping on WLC... Here is the configuration example to do the same..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
  Regards
  Surendra

• Dynamic vlans with multiple fallback-vlans?

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  I've got a problem with dynamic vlans. Trying to figure out configuration for the topology similar to the one in the picture.
  I’ve got four vlans for PCs, one vlan per department. I have to add fifth vlan (50) for devices that can be connected to any of the three switches: A, B, C. these devices need to be on their own vlan, no matter to which switch they are connected to. On the other hand, PCs connected to any port on those switches should be assigned to appropriate vlan (10,20,30 or 40).
  I was thinking about using dynamic vlans with list of mac addresses of devices that need to be on vlan 50 but not sure what to do with PCs. I don’t think I can use fallback vlan as I can set up only one fallback vlan for whole network and not per switch or port.
  I cannot use list of mac addresses of all pcs as there’s simply too many of them (my network is way bigger than in the picture, I simplified it only to present the idea). I imagine I would need multiple fallback vlans for different switches.
  Has anyone got any idea that could help me please? Maybe there’s some other and easier way?

  In new software (for Cisco switches) we provide multiple fallbacks for MAC authentication (MAB):
  1. 802.1x
  2. web authentication
  3. guest vlan (if no supplicant on the PC)
  4. auth fail vlan (if radius denies you access)
  So you could keep a list of MAC addresses for vlan 50 and do MAB for these devices if MAB fails you can use 802.1x for your PCs.
  This will require configuring 802.1x supplicants on all PC (Windows comes preloaded with one) and maintaining a radius of users who are able to log into the network. A lot of people use their Active directory pre-existing database as a backend to store their usernames and passwords for user authentication with dot1x.
  With using both dot1x and MAB you can now distinguish easily between two different processes and use your radius server to assign vlans based upon almost anything you can think of.
  -Elly

• OTV site vlan with multiple overlay interface

  Hi,
  I have an OTV multihoming sites. 2 sites. 2 otv edge device each site.
  and with multiple overlay interface sharing 1 joint interface
  otv edge device connected to multiple VDC.
  each internal / downlink will forward different vlan for each vdc.
  ================================
  example
  int overlay 1
  otv extends-vlan 10
  int overlay 2
    otv extends vlan 20
  int eth 2/1
  description trunk to VDC1
  switchport trunk allowed vlan 10,100
  int eth 2/2
  description trunk to VDC2
  switchport trunk allowed vlan 20,100
  otv site-vlan 100
  ================================
  i understand that i can only use 1 site vlan.
  so in order for the failover to happen, both eth 2/1 and eth2/2 must fail?
  what if only int eth2/1 fail? will the int overlay 1 failover to secondary otv device?
  thanks,
  ivan

  "So when querying the adjacency server the ED then knows which other ED is within the same site?"
  Yes for the first part of the question, using the site Vlan unique to each site.
  Why do you need a routed link between ED's at local site? You dont need to connect those back-back over L3. Moreover if you want to use it for L3 ADJ over peer-link, you need to make sure that VLAN that you are using is not allowed on the VPC member ports, just on the peer-link, else VPC loop alrorithm will break your traffic.
  Are you planning to use multicast or a Unicast deployment? I remember I tried testing the topology in a POC for one of my customer, things did not work as expected in multicast deployment mode and worked fine in Unicast Adjacency server mode. I need to go back and check my notes on this.
  I would rather have the join-interface go back to a routed core at site rather than back-back connecivity as it opens up the tested Multicast deployment mode.
  Cheers,
  -amit singh

• Mapping Multiple VLANs to Multiple SSIDs as one-one in WLC 5508 via H-REAP?

  Hi All,
  Can anyone please show me how to map a SSID/WLAN ID to a local vlan of a LAP in WLC 5508 using H-REAP local switched? The reason of doing this is to separate Data subnet/traffic from Voice as currently all 7925 handsets using same SSID as PCs. I would like to create two VLANs on APs and map them to two SSIDs. I could not see any option in WLC5508 to do this. Also when I change the AP mode from H-REAP to local and configuring sub interface using dot1q on the interface Gi0 then unable write running-config to startup-config because I get NVRAM Verification Failed as WLC protects any local changes on any registered LAP at NVRAM.
  Your help is much appreciated.

  Mehdi:
  I am talking about HREAP groups, not AP groups.
  You can not achieve what you want if you are using the same SSID on same AP with only a WLC (same AP with same SSID is mapped to different VLANs). You may need a radius server to dynamically assign a VLAN to the clients if you are using same SSID for data and voice.
  If you are using different SSIDs for voice and data, you can map each SSID to its corresponding VLAN on the remote site using the VLAN mapping option under HREAP tab in the AP config page.
  You can not configure the AP from its console. Lightweight APs can only be configured from the controller. (a few exceptions are available that do not apply here) .
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• AP1300 Bridging Multiple Vlans with Dot1q

  I have a pair of AIR-BR1310G-E-K9 to do ptp bridging. Topology is like this:
  host-switch-rootAP---nonRootAP-switch-host
  We have multiple vlans and have followed this doco:
  <http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html>
  The native vlan is all good and can ping across end-to-end. However, the when I attach a host to the switch in another vlan i.e. user vlan - there is no connectivity. Essentially, we want to dot1q over the ptp bridge setup.
  running version:
  c1310-k9w7-mx.124-10b.JA1
  appreciate any input.
  Ajaz

  yes. standard trunk config on both switches:
  5SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  5SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  5SL_SWITCH#
  11SL_SWITCH#srif 0/24
  Building configuration...
  Current configuration : 186 bytes
  interface FastEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,100
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  11SL_SWITCH#show interfaces trunk
  Port Mode Encapsulation Status Native vlan
  Fa0/24 on 802.1q trunking 1
  Port Vlans allowed on trunk
  Fa0/24 1,100
  Port Vlans allowed and active in management domain
  Fa0/24 1,100
  Port Vlans in spanning tree forwarding state and not pruned
  Fa0/24 1,100
  11SL_SWITCH#
  furthermore the vlans exist in the db and when i trunk between the switches - I can ping the SVI's.
  Do you want me to post the AP config?

• Would like assistance with multiple devices with multiple iTunes accounts syncing on one PC

  I have had an iPhone for some years now and have been syncing with my PC without issue (first with iPhone 3gs and now with iPhone 4s). My wife bought me an iPad 3 retina in December 2012 which syncs with the same PC as my phone and shares the same iTunes account. Apps downloaded onto one device are automatically downloaded to the other, iMessages are sent and received to both devices also.
  My Wife now has an iPad mini with retina (using her own existing iTunes account which she previously used for an iPhone she no longer uses). I synchronised her new iPad mini with my PC assuming iTunes would manage the device and related account and contents separately to my existing account and 2 devices. However this has caused an issue with the sharing of apps. Since doing so I have started seeing updates available on my devices for apps which I have never downloaded, but my wife has.  If I tell my iPad to update said apps, I am asked for my Wife's iTunes account password. 
  On doing some searching via google I now understand that I should have created a second windows profile on my PC for my wife and installed iTunes onto this profile for the purposes of syncing her device.
  I would very much like to do this, but would like some assistance on the best course of action for doing so. If I proceed and created a second profile and sync her device to this, I presume I would need to tell iTunes to treat her iPad as a new device (and wonder what would happen to her existing content)? Assuming we do this, I presume the issue of my seeing her app updates would still persist?
  Could someone advise if they have any experience with similar issues/queries?

  How to use multiple iPods, iPads, or iPhones with one computer
  http://support.apple.com/kb/HT1495
  How to Share a Family iPad
  http://www.macworld.com/article/1163347/how_to_share_a_family_ipad.html
  Using iPhone, iPad, or iPod with multiple computers
  http://support.apple.com/kb/ht1202
  iOS & iCloud Tips: Sharing an Apple ID With Your Family
  http://www.macstories.net/stories/ios-5-icloud-tips-sharing-an-apple-id-with-you r-family/
  How To Best Use and Share Apple IDs across iPhones, iPads and iPods
  http://www.nerdsonsite.com/blog/2012/06/07/help-im-appleid-confused/
   Cheers, Tom

• How do set up multiple devices with multiple graphs in labview

  Hello,
  I am new at LabView, and we are trying to setup a test rig to measure voltage, pressure and flow rates. We are currently using a NI-6009USB box and Labview version 8.2.  Our problem lies in setting up the actual measurements on separate graphs. How do i go about setting up the daq-assistant to measure mulitple devices, and graph them on their own graphs?  We also need to know how to program in when measuring flow, how to convert it from square wave form to a calibrated curve?
  Any help would be greatly appreciated!
  Nate

  When you configure the DAQ Assistant, you will be first asked to select the measurement type. Assuming that you have voltage sensors because you have the 6009, you select Analog Input>Voltage. You then get a list of devices. Since you only have one, it should be listed as Dev1. Expand that and then pick the channels you have connected to the sensors. Just like it says at the bottom of the of the channel window, you can select multiple channels with  <CTL> or <SHIFT> click. After you've done that, the next window is where you select your sample rate, number of samples, etc. You can also select a custom scale for each channel. This is where you would enter any formula you have from the sensor vendor in order to convert a voltage reading to scaled units.
  The output of the DAQ Assistant is a dynamic data type. You can wire this to a single graph to display all readings together or use the Split Signals function to break out individual channels for separate graphs.
  Message Edited by Dennis Knutson on 02-22-2007 03:33 PM
  Attachments:
  Split Signals.PNG ‏4 KB