Multiple VLANs per SSID with local switch

Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
Thanks!

dont think its possible...
I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
Example:
AP1 -- ssid 1 --- vlan 10
AP2 -- said 1 --- vlan 11 and so forth..
Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
Sent from Cisco Technical Support iPhone App

Similar Messages

  • Multiple Vlans Per SSID

    Hi
    We are just putting in a new Controller - 5500 type
    We are using a WCS .
    Someone has raised the issue of whether we can have multiple vlans
    per SSID - as otherwise we may have very large broadcast domains
    due to the overall design being to have  Maybe 3 SSIDs
    Guest
    Staff
    Engineering
    I think in SWAN we could get away with dynamic vlans.
    We would like to have multiple vlans in each SSID to avoid the above.
    Can we do this in the new setup.
    Kind Regards
    Steve

    Hi Steve,
    yes it works just the same.
    Enable AAA override on the controller and have interfaces configured for each vlan. Then the ACS can simply push the vlan depending on the user authentication. Users are then split in separate vlans.
    Another way of doing is to group APs. You can have a group of APs serving SSID Guest in vlan 1, Employee in vlan 2 and another group of APs serving the same SSIDs but in vlan 3 and 4. It's "per-user" vlan load balancing or "geographic" vlan load balancing.
    However, broadcast domains should not be a major concern in wireless as broadcasts are blocked by default. The WLC will proxy for ARP and DHCP.
    Regards,
    Nicolas

  • Flex Connect Across Multiple VLANS same SSID

    I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
    Example below:
    1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
    2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
    3) Client walks back to first AP and connectivity is restored
    Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

    Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN.  The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x.  I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

    Hi,
    I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
    Router (RV016 10/100 16-Port VPN Router) as gateway mode:
    IP : 172.16.0.1/24
    DHCP Server :
    IP : 172.16.0.2/24 GW: 172.16.0.1
    2 subnets :
    172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
    172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
    Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
    IP 172.16.0.254 (vlan 8 default)
    Vlan 1 : 172.16.1.1
    Vlan 2 : 172.16.2.1
    1 device connected on each vlan
    a workstation on the vlan 1
    a laptop on the vlan 2
    In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
    But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
    I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
    I hope the explanations are clear enough and my English too
    Any help will be highly appreciated,
    Zoubeir

    Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
    A couple things I notice in your description-
    48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
    The connection between the switches, is it 1u, 2t?
    The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
    We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
    The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
    We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
    Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
    -Tom
    Please rate helpful posts

  • Multiple VLANs through to layer 2 switch

    So long as each switch supports VLANing (which most manageable switches do), then yes. Some model numbers on the switches would help here though to be sure.
    Also, keep in mind that assigning VLANs is a layer 2 function, not layer 3. So long as you tag the VLANs you need to pass between the switches on the feed ports between them, you should be able to have them running without issue.
    Could you provide a little more detail as to what you're trying to accomplish so that we can better advise you how to proceed?

    Hello,
    Is it possible to send multiple vlans across a layer 3 dell powerconnect to a Meraki layer 2 switch and configure the ports to access the different vlans? 
    Is it also multiple vlans across a layer 3 dell powerconnect to a layer 2 dell powerconnect switch and configure the ports to access the different vlans? 
    I've been playing aound with this and I can't seem to get it done.
    Thanks for any help in advance.
    This topic first appeared in the Spiceworks Community

  • Help needed to configure H-REAP with local switching

    Hi All,
    We are using following devices for campus Wi-fi.
    1. WLC - 4402
    2. AP (1131ag, 1042n) which support H-REAP.
    I want to configure HREAP central auth and local switching. I have enabled from local to HREAP after that I go to HREAP tab and native vlan 1 (by default)(I have changed native vlan 1 to 51.) vlan support is enabled. then click on vlan mapping and my wlan (guestwlan) is there with vlan id 24.
    I have assigned static IP to AP (192.168.51.40/24 gw 192.168.51.254).
    DHCP is running on controller.
    switch port configure is below:
    interface FastEthernet0/18
    description WiFi access point
    switchport trunk native vlan 51
    switchport mode trunk
    no ip address
    end
    Issue : authentication done through RADIUS (Cisco ACS 4.2) but no getting IP address from DHCP.
    Please help.
    Thanks in Adv.
    Thanks,
    AS

    Hi AS,
    Do not use the DHCP on the WLC.
    Use a DHCP on the neighbor swtich if possible for the native VLAN.
    Regards,
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • CISCO WLC , connecting SSID with local net user

    Dears,
    Created Local Net User
    created SSID and Broadcasted, users can connect to SSID with PSK
    But not able to connect using Local net user created in WLC
    Edwin

    Hi,
    What kind of Layer 2 Security are you using on your SSID?
    You can't have both PSK and Local user database authentication on the same SSID.
    Best regards,
    Sebastian

  • Multiple events per date with only one photo each - Unwanted

    I have the eyefi wireless sd card in my camera and it is setup to transmit my photos into iphoto automatically, which it does. However, the problem arises in that iphoto creates multiple events for the same date each containing only one photo. I would prefer that iphoto create individual events per date and have the multiples of that date's photos within. I thought I had the settings configured to do so as I have preferences set for autosplit events one per day but I still see events such as - July 3, 2008 - July 3, 2008 - July 3, 2008 - each with only one photo inside.
    I am wondering if it is something in iphoto's settings or the way in which eyefi transmits the photos into iphoto.
    Any thoughts?

    I do not have a WiFi connection to my camera so can not test but am just guessing
    I can think of two possibilities
    - 1 - if you are taking the photos with the WiFi connected then each time you snap a photo it may be being sent which would be looked at as a new import and therefore create a new event - to stop this I believe you would have to not have a full time WiFi connection to your camera or somehow set the camera to send batched - not each one - iPhoto will take each batch into and follow the rules for making events for that batch even if you camera is sending many batches of One photo
    - 2 - You have the preference for making batches set to one every two hours and there is a long time between photos - I'm guessing that #1 is more likely
    LN

  • ISE works with Local-switch Mode

    Hi guys,
    My AP is configured to work as Flexconnect mode with my WLC, that means that my wireless data will be switched locally without getting through my WLC, is that ok for my ISE to controll my wireless access?
    Regards,

    Yes; FlexConnect supports central authentication with both locally and centrally switched traffic models.
    Lots of info about FlexConnect here;
    http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_01.html

  • Guest VLAN and SSID with a DHCP router

    I want to offer customers wireless access in my building. I've added VLAN 30 to my WAP with no encryption and broadcast the GUEST ssid. I also have a Netgear router plugged into a port with VLAN 30 access. I was hoping the wireless clients would get a DHCP address from this router since they are all on the same VLAN, but I cannot get it too work.
    Does anyone have any insight on this, or another way to setup the guest VLAN?

    You can create a guest VLAN.
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a00800e02cb.html#1074827

  • Need help configuring multiple VLANs and SSIDs

    Hi,
    We bought a Cisco SGE2000P 24Port switch and 10 WAP4410N access points. Our intent is to provide a secure network to our LAN, and a guest network to the Internet.
    We are thinking 3 VLANs would be best for this: VLAN 100 connected to the LAN, VLAN 1000 for the Internet Router and Filter, and VLAN 1100 for the Guest Wireless access.
    We have the switch configured for all three of these, and 1 initial access point configured for the VLANS, too.
    We have not yet moved the current Internet connection to VLAN 1000 because we aren't sure how to setup routing between VLANS.
    Here are some specifics on how the traffic needs to route:
    1. We have the DHCP server, which is the PDC, handling both scopes for the LAN and Guest VLAN.
    2. The web filter in VLAN 1100 needs to authenticate with the DHCP server as there are different filter rules based on authenticated user. Any users coming from VLAN 1100 will have a default filter rule without requiring any authentication.
    3. Certain traffic coming in from the Internet needs to be able to get to VLAN 100. The router has a built-in firewall that handles NAT and port forwarding, so as long as traffic can be forwarded to VLAN 100 we should be good.
    4. Traffic on VLAN 1100 (guest Wireless network) should only be allowed to go to Internet (VLAN 1000).
    Right now I have the VLANs configured and the ports assigned to the Access Points are set for TAGGED and on VLAN 100 and VLAN 1100.
    The SGE2000P has the following IP addresses assigned to the VLANS:
    10.7.3.252 - VLAN 100
    10.7.40.254 - VLAN 1000
    192.168.254.254 - VLAN 1100
    Has anyone been able to setup a similar configuration? We have scoured the Internet for documentation but it seems to be very difficult to find!
    Thank you!
    Gary Smith

    Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
    With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport voice vlan 100
    This results in the same configuration as:
    interface FastEthernet0/1
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport trunk allowed vlan 100
    With the exception of CDP packets being sent advertising the Voice VLAN.
    With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
    Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
    I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
    HTH
    Andy

  • Question on example "configuring qllc to eth with local switching"

    Hello,
    I am reffering to the example on page
    http://www.cisco.com/en/US/partner/tech/tk331/tk336/technologies_configuration_example09186a0080093fba.shtml
    Let's consider that the Mainframe is on the ethernet side (OSA card) and the station on the serial side. Then I guess the example will work fine.
    To make things more complecated, now suppose that there is another station on another serial let say s0/1, with its own x.121 address, whereas the station is on s0/0. Now, if the station also wants to speak x.25 with the server on s0/1, how this could be accomplished? Does the configuration of the s0/0 with the x25 map and qllc dlsw commands, forbids the station from talking to other serial interfaces? Or if I just add a x.25 route to the s0/1, then whenever station asks for the x.121 address of the server it will be guided there?
    Regards, Apostolos.

    I am sorry but I think the question as it was set was a bit confusing. So, please let me rephrase it using the same example as basis. Let's consider we have two AS400 (a & b) connected with x25 to two serials on a router. This router is connected with a x.25 serial interface with another router, at serial s0/0, which has two connections:
    i) Ethernet to mainframe (OSA)
    ii) Serial (s0/1) x25 to another server (Stratus)
    AS400A is to speak with OSA card whereas AS400B is to speak with the stratus server.
    If I configure the serial interface to map x25 address of AS400A to a vmac and guide this to OSA, then will the other AS400B be able to connect to the Stratus?

  • Can the RV180W have multiple SSIDs with different security configurations?

    I am trying to configure the RV180W with a guest network and regular wireless network. The regular wireless network is just a bridge to the wired network, using WPA2-Pers for authentication. I built and enabled another wireless SSID, using a different VLAN and no authentication. I can get both SSIDs to function at the same time if I turn off security. Once I turn on Security, the regular one no longer functions.

    It is actually all in the manual:
    SEE: PDF MANUAL
    Page 63 of PDF and onwards
    Do note that you need to assign multiple VLAN per SSID. Check the manual it is there :D
    and based on the manual you need to enable multiple VLAN support: See page 34 of the manual: Configuring Virtual LAN (VLAN) Membership
    Don't forget to rate and mark as answer helpful posts! :)

  • Flexconnect - local-switching - Interface Groups - multiple subnets/vlans

    So I'm trying to setup an "interface-group-like" configuration on some Flexconnect APs with local switching enabled in order to support multiple subnets/VLANs linked to a single SSID.
    Does anyone know if this is possible or have any suggestions?
    I've tried:
    AP Groups - One SSID which would require central switching for it to be of use (I think).
    AP Groups - Creating an additional SSID and then placing the APs in a group per site. This works but is going to be difficult to manage if I have 400+ sites running this sort of setup.
    For reference, my end goal is to have multiple (400+) branch sites with the same WLAN mapped to 3 or 4 different VLANs in order to split the subnets up into smaller chunks (/23s or /24s). These VLANs are all switched locally and are uniform in numbering across all the sites from a layer 2 perspective.
    Thanks,
    Ric

    Interface groups is not an available feature on FlexConnect. FlexConnect doesn't support layer 3 roaming if devices roam from one FlexConnect ap to another and the wlan to vlan mappings are different. This is a limitation to FlexConnect along with a few others listed in the FlexConnect deployment guide.
    -Scott

  • Flex connect with a per user ACL with APs locally switched

    Hi all,
    Does flex connect allow a per user ACL to be downloaded to the session with local switched, central authentication? We are using ISE for the central policy engine and have setup dACL for wired but am about to embark on WLAN. The controller is a 5508 and the. APs are 3700's.
    Second question- if the flex connect APs don't do any form of per user ACL, the other option is to have the units in regular mode where they are both centrally switched and centrally authenticated which I understand to support a per user ACL. Our WAN links are between 10mbps - 30mbps and the most latency would be around 40ms. Will this cause issues at all with the size WAN links and latency?
    Thanks
    Sent from Cisco Technical Support iPad App

    Well you are running v7.6 so FlexConnect per user radius ACL's are supported per this doc since v7.5.
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc9
    As far as WAN latency, 200ms is good, but it depends in your WAN utilization now and how many AP's you plan on installing and the increase in wireless traffic across your WAN. There is a minimum requirement, but it's up to you in the end to make sure you have enough bandwidth or else you will need to QoS the capwap traffic to ensure the APs don't bounce from connected to stand alone.
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for