One ssid to multiples vlan without hreap, flex connect

Hi my name is Ivan
I have a question about a wireless solution
I have one cisco wlc 2112 with ios 7.0.230.0 with license to support 12 access points. My access points are nine (9) lap1231ag  and one (1) lap1310
I just have one wlan (ssid). My scenario of deployment is in layer 3. I have one interface management and ap manager in the WLC. All my Access Points
have differents ip address that WLC. I need to configure a unique ssid to associate my six (6) dynamics interfaces (each dymanic interface with different vlan subnet).
Each wlan profile (ssid) should have the same security in phase 2 (wpa2/psk).  My cisco access points don't support hreap. My wlc  support only (4)
interface into an interface group, and i need six (6) dynamics interfaces.
Is this possible to configure this scenario?
I have a research about  it, and i found this link:
https://supportforums.cisco.com/thread/2180009
They mention there, that i need HREAP, but my AP's dont support it.
How can i do it?
Regards

1°  It doesn't matter that my buildings are connected between layer 3 links, having my WLC in a different VLAN/Subnet.
Correct.  The APs do not have any requirement of being L2 adjacent to the WLC.  If your APs are already joined, they will no how to find the WLC once you move them to their new network.  I would suggest making sure you have High Availability configured specifying the APs primary WLC.  Regardless, if joined already, the AP "knows" the controller it wants to join.  If you have "new" APs that are installed at a different L3 network, you just want to make sure you have discovery methods for these new APs to find the WLC (option 43, dns, etc)
2° It doesn't matter what interface is associated to the WLAN in the WLAN profile.
That depends on your design.  "IF" you have "all" your APs placed in to respective custom AP groups, then no it doesn't matter as the group interface assignment will override the WLAN interface assignment.  "IF" you still have APs in the "default group" that are not being placed in a new AP group, then these APs will inherit the WLAN configuration so the interface should be assigned accordingly.  In some cases, customers may choose to build a dummy/blackhole interface that the WLAN is bound to in the event an AP winds up in the default group.  Just make sure any dummy interfaces you create are non-routable on your network.
3° It is not necessary to create an interface group.
No.  An interface group will bundle multiple dynamic interfaces in to a single group that can be assigned. For instance, if you bundle all these in to a group and then assign, via an AP group, for a WLAN to use the new interface "group", then clients will be placed on the respective dynamic interfaces within that group in a round-robin fashion (or whatever algorithim is in use depending on code release), therefore clients at site A may end up on any of the 6 interfaces.  The interface group is traditionally used when customers are running out of usable space and would like to expand through the use of additional network segments, rather than increasing a subnet size through a mask reduction.

Similar Messages

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • WLC and AAA - one SSID and more VLANs

    hi,
    i have an ACS 4.1, AP1242, WLC4404 and Catalyst 3750, and an Win2003 DHCP Server
    Switch Interface Config:
    interface Vlan10
    ip address 10.70.170.1 255.255.255.0
    ip helper-address 192.168.12.10
    interface Vlan20
    ip address 10.70.171.1 255.255.255.0
    ip helper-address 192.168.12.10
    at the WLC i have configured one SSID with
    - Allow AAA Override
    - Layer2 Sec: [WPA1,TKIP+WPA2,AES]
    - ACS 4.1 AAA
    - Key Management: 802.1x
    one SSID mapped to the management interface. and 2 VLANS with different interfaces:
    VLAN-ID1: 10
    Interface-1:
    IP Address 10.70.170.2
    Netmask 255.255.255.0
    Gateway 10.70.170.1
    DHCP: 192.168.12.10
    VLAN-ID2: 20
    Interface-2:
    IP Address 10.70.171.2
    Netmask 255.255.255.0
    Gateway 10.70.171.1
    DHCP: 192.168.12.10
    at the acs i have 2 users and two groups. Group1-User1 and Group2-User2 with the aaa attributes to change the vlan on login.
    [006] Service-Type: Authenticate only
    [064] Tunnel-Type: VLAN
    [065] Tunnel-Medium-Type: 802
    [081] Tunnel-Private-Group-ID: <VLAN-ID-1> or <VLAN-ID-2>
    my problem is, that the user will authenticate successfully, and also the Vlan and Interface assignment is correct,
    but the ip-address that the user will get is always the IP-Range from Interface2 (VLAN20). So when the USER2 authenticates, he get the VLAN2,
    and the right interface and the right IP Adress and the communication is right.
    but the USER1 gets the interface1 and VLAN10, but the IP from Interface2 (VLAN20).
    what can it be?
    thx

    FYI - If you're using ACS v4.1, you can also achieve this using the Airespace Attributes, by specifying the WLC interface name in the appropriate section.

  • How to use one application with multiple schema without copying application?

    Hi,
    Previously we are using oracle forms and by that we can manage by using a set of folders containing fmx and use different schema/database for different customers. so the source code comes from one individual file but used for different database users.
    is it possible to do this without copying application in apex?
    reason is because if applications are copied for each customer, and in a situation where a page has a bug, the developer must correct multiple pages across all the application. This would not be appropriate to manage.
    could this be done in apex? or is there any other approach?

    Hi,
    An application is tied to its parsing schema, so it is not possible to have one code base which you can then point to different schemas. I have seen some threads relating to dynamically setting the parsing schema, but I don't think it has worked to well, and would not be a supported configuration by Oracle.
    The normal way to do this is to have one schema and for each entity where it is logical you will have an extra key which is the customer id. I mention where it is logical, because not every entity needs its own data defined by customer. Some data will be common across all customers, such as lookup data and some entities will comprise child entities by which the data separation will be implied by the parent. You can then use Oracle's Virtual Private Database feature to implement a seperate view of the data through the application, based most likely on the customer who is logged on.
    Hope this helps.
    Regards
    Andre

  • Apply one formula to multiple cells without duplicating?

    I'm looking for a way to enter a formula and apply it to multiple cells.  I do NOT want to copy the forumla to all rows as I want the ability to easily change it.  I'd like one formula that can modify all my pricing.  I could easily have hundreds of values to compute and many tables....
    Does anyone have any ideas?
    Thanks!
    Joe
    Example:
    price item a
    price item b
    price item c
    price item d
    price option 1
    price option 2
    price option 3
    price option 4
    function:
    (((roundup (quantity / items-per-page,0) * price item [a,b,c or d]) * discount) + price option 1 + (quantity * price option 2) + price option 3) * markup
    quantity
    discount
    items-per-page
    item a
    item b
    item c
    item d
    25
    1.00
    4
    (function)
    (function)
    (function)
    (function)
    50
    0.90
    4
    (function)
    (function)
    (function)
    (function)
    100
    0.85
    4
    (function)
    (function)
    (function)
    (function)
    5000
    0.65
    4
    (function)
    (function)
    (function)
    (function)
    quantity
    discount
    items-per-page
    item a
    item b
    item c
    item d
    25
    1.00
    2
    (function)
    (function)
    (function)
    (function)
    50
    0.90
    2
    (function)
    (function)
    (function)
    (function)
    100
    0.85
    2
    (function)
    (function)
    (function)
    (function)
    5000
    0.65
    2
    (function)
    (function)
    (function)
    (function)
    etc..

    jdr,
    I think I understand part of the request:
    I suggest you make two tables for the Items and Option prices.
    Then make separate tables by option (I do not understand the options based on what you provided).  I also do not understand the markup
    In the table "Option 1"
    rows 1 and two in the table are header rows
    D3=IFERROR($B3×($A3÷$C3)×VLOOKUP(D$2, Item Price List::$A:$B, 2), "")
    this is shorthand for... select cell D3, then type (or copy and paste from here) the formula:
    =IFERROR($B3×($A3÷$C3)×VLOOKUP(D$2, Item Price List::$A:$B, 2), "")
    select cell D3, copy
    select cells, D3 thru D7, paste
    the formula I am providing addresses the bolded portion of the formula you provided:
    function:
    (((roundup (quantity / items-per-page,0) * price item [a,b,c or d]) * discount) + price option 1 + (quantity * price option 2) + price option 3) * markup
    I think looking at what I have provided will assists you in forming the solution on you own or help you provide additional details to assist in understanding your request

  • Is it possible to configure 2 SSIDs without using multiple VLANs?

    I am trying to set up a 1231G to allow normal users to connect using WEP and visitors to connect with no encryption in guest mode. Using one SSID, I can get one or the other to work using the guest-mode command on the SSID, but have the problem that WEP mandatory or optional on the radio interface disables either the normal user or the guest. If I set up 2 separate SSIDs for each of these user groups is it necessary to assign a separate VLAN for each to make this work? The AP is on a network that is not trunked.
    Thanks for any help or direction you can give me.
    --Sara

    Hi Sara,
    Hopefully the attached docs will answer your question:
    Cisco Aironet 1200 Series
    Using VLANs with Cisco Aironet Wireless Equipment
    Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
    Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
    Configuring Multiple SSIDs
    vlan vlan-id
    (Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
    Also this answer from Cisco Aironet 1200 Series FAQ;
    Q. How many service set identifiers (SSIDs) can you have per VLAN?
    A. You can have only one SSID per VLAN. The use of multiple SSIDs over a single VLAN is not supported with Aironet APs.
    Hope this helps! (sorry to be the bearer of bad news)
    Rob
    Please remember to rate helpful posts.......

  • Setting up AP Extreme n without it being connected to the Internet

    Is it possible to set up the new AirPort Extreme Base Station (N) (as a one-bas-station network) to give me access to a hard disk and one or more printers, but without it being connected to the Internet?
    I have tried setting up an AirPort network using WDS - with two AP Express base stations (one as the main base station, one as a remote), and a new APEXt n base station (as a remote). However, this will not work - well, the APEXt n will not join the network. I gave up, and set up a WDS network using just the two AP Express base stations. have detailed my trials and tribulations in a post in this thread:
    http://discussions.apple.com/message.jspa?messageID=4943448#4943448
    However, I have just found a post that tells me that the APEXt (both g and n types) base stations cannot be used in client mode, which I presume is what I have been trying to do when using WDS to connect the two AP Express base stations and one of the newest AP Extreme base stations - as described above... The post is in this thread:
    http://discussions.apple.com/thread.jspa?threadID=1081553&tstart=105
    So, back to my original question - should I be able to use my AP Extreme (n) without having to connect it to the Internet? And if it won't be set up that way, what might I be doing wrong - or is there something wrong with the AP Extreme base station?
    Thanks for any advice,
    Daniel.

    ...I have just found a post that tells me that the APEXt (both g and n types) base stations cannot be used in client mode, which I presume is what I have been trying to do when using WDS...
    No, WDS is not client mode. The AirPort Extreme base station (AEBS) can join a network using WDS.
    ...should I be able to use my AP Extreme (n) without having to connect it to the Internet?
    Sure

  • Multiple VLAN's, one SSID

    I'm getting to the point where my campus wireless network is growing past the subnet size that I'm comfortable dealing with.  I have a WiSM and WCS and am running the newest IOS on each.  Is there any way to use multiple VLAN's on one campus-wide SSID?
    Or, can I put the same SSID on the two controllers and map it to two separate VLAN's without causing roaming issues?
    Thanks,
    Eric

    Hi Eric,
    Yes we can do this and this feature is called AP Grouping on WLC... Here is the configuration example to do the same..
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
    Regards
    Surendra

  • Flex Connect Across Multiple VLANS same SSID

    I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
    Example below:
    1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
    2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
    3) Client walks back to first AP and connectivity is restored
    Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

    Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN.  The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x.  I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • WLC 4402 assign multiple VLANs to one SSID

    Is it possible to have one broadcasting SSID but clients seperated by, lets say say 7 different vlans in the WLC?  For example- each floor would be seperated by its own vlan and dchp pool, but they all connect to one SSID in the controller.  From what I just read it seems that each vlan would be assigned its own SSID?

    For anyone needing further info see here:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

  • HREAP & Local mode configuration for one SSID

    I'm looking to provide one SSID Corporate access to multiple sites using HREAP. My question is it possible to configure one SSID and switch the traffic locally?
    I have a controller in the main site that provides one SSID for Corporate access (AP's in Local mode) and would like to have the same SSID used at the remote sites, only difference is the break out locally.
    Do I need to configure the HREAP interface on the controller if it is switching locally at the remote site? If so what interface should it be? I thought it would be locally anyway?

    yes, you can do this.
    In the WLAN, select HREAP Local switching.  This does not mean that the WLAN is always locally switched, just that it can be.
    Put the AP that need to be HREAP/FlexConnect in that mode, reboot, then map the WLAN to the approrpriate VLAN for that site.
    For the AP that you want to do central switching, just leave them as they are.
    Steve

  • Multiple VLANs per SSID with local switch

    Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
    If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
    Thanks!

    dont think its possible...
    I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
    Example:
    AP1 -- ssid 1 --- vlan 10
    AP2 -- said 1 --- vlan 11 and so forth..
    Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
    Sent from Cisco Technical Support iPhone App

  • Binding multiple VLANs to single SSID on WLC

    I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.

    the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
    Here are a couple of links tha might help.
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html

  • How can I select multiple photos without tapping on each one individually

    How can I select multiple photos without tapping on each one individually?

    Op: without tapping on each one individually
    tap all the photos you want to delete.
    Note what the OP is asking.

  • HT2477 How do I select multiple images without clicking on each one? Is there a way to select duplicate photos to delete them?

    How do I select multiple images without clicking on each one? Is there a way to select duplicate photos to delete them?

    Consider adding the delete symbol to the Finder window tool bar.  This way you can highlight all the photos you want to delete at the same time then hit the "delete" symbol.
    Open a Finder window/View/Customize Toolbar - follow the directions in the customized pop down window.

Maybe you are looking for

  • Error in Account Determination. Sales organization

    Hi All, I received an error in my billing document. The error is: 1.  Error in account determination: table T030K key IFXO MWS P2 2.  Document 9317283268 saved (error in account determination) 3.  Doc. 9317258720 G/L account 69466400 requires a valid

  • Support for CUCM 8.6 in B200 M3

    Is the new B200 M3 a supported platform for deploying Cisco Unified Communication Manager 8.6? The tested reference configuration available at Unified Communication virtualization wiki does not list B200 M3 as a supported platform . Please can anyone

  • Adobe Indesign 2014 CC export epub with Fixed Layout

    When I export a book with he new beautiful new export filter "E Pub with fixed Layout" and send him to the central bookstore in the nederlands... They testing the epub and give tree errors Filename contains spaces, (this i can repair, but many work)

  • How to make a button click make text appear elsewhere on the screen

    I have a map of the US and  each state has a rollover that changes the color of the state...what i  am trying to figure out is how to click on the state and have text  appear to the side of the US map and have that text stay up until the user clicks

  • BorderLayout & createImage

    Hi all, I'm studying Java and trying to add multiple panels layout with BorderLayout on an existing working applet. I'm trying NOT to use Swing because I would like this applet to be able to run on Java 1.1.8 on my PDA (Psion 5MX). Your Help welcome.