Onplus with multiple VLAN

Hi,
i am trying to set the network agent N100 on a trunk port on a switch (2960) without success regarding dhcp???
The problem is that the agent is not getting any ip address from a dhcp pool from a Cisco 1841 router acting as DHCP server. The topology is like this:
Router---------------------------------------------------------------------Switch--------------------------------------------------------------------On100
         fa0/0
         fa0/0.10
         fa0/0.20
The router is on the stick with subinterfaces. Ports connecting the router and On100 on the switch are 802.1q trunk ports. I also made a simulation of this topology on the GNS3 and with wireshark i can see  that dhcp discover are comming inbound fa0/0 but when i type the command:
R#show ip dhcp server statistics there are no received dhcp discover packets???It's very strange.
Did any one have experience with multiple vlan topology?
Thanks

Delo,
Take a look at the document link below.  Beginning on page 3 contains a sample configuration.  I would recommend reading the entire document to get your arms around the VLAN discovery functionality.  I can appreciate that when reading some of the documentation it can be confusing and lead you to believe that it can discover additional networks using Layer 3 routing.  That said, the one thing to keep in consideration is that OnPlus/ON100, other than the Network Scanning functionality, will not traverse Layer 3 boundaries to do additional discovery/monitoring.  You can manually add devices that are only accessible via Layer 3 and select to do some monitoring on those devices however they must be added manually and it will not attempt to access those devices via SSH/Telnet or SNMP.  As such, it won't do functions like backing up configurations.
OnPlus autodiscovery will only use Layer 2 and that is why you would need the VLAN Trunking with DHCP in each VLAN or to SPAN a switch port.  With VLAN trunking the ON100 will have an IP in the other VLAN and be able to discover devices on that now "local LAN".  With port spanning, the ON100 would discover based on packets it receives.  It can appear a little confusing but as long as  you keep in mind that the ON100 won't discover over a Layer 3, that will help to clarify some of the confusion.
http://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdfhttp://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdf

Similar Messages

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • Remote APs with multiple vlan / dhcp

    On one of our 5508 controllers we have approx 40 APs, about 20 local and 20 flexiconnect. Until now we have only had one vlan on the flexiconnect APs, but our local APs have several SSIDs connecting to different Vlans and assigned different dhcp addresses correctly.
    We now have the need to have multiple SSIDs on some sites being assigned different IPs.
    I have created the interfaces, with the correct ip and dhcp server, linked with the correct AP group. The SSID is shown and can be connected, but the original ip is being assigned and not the new range.
    I have not yet created any security policies so the new range has full access to the entire network and the controller can ping the new remote vlans.
    If i hard connect to the switch on the new vlan, I am assigned the correct new IP range, so this is working.
    I cannot see why devices connected to the new SSID are not being assigned the correct IP range.

    You need to review the FlexConnect configuration guide. You need to trunk the ap port if more than one vlan is required, you also need to enable FlexConnect local switching in the WLAN, you need to also define the WLAN to vlan mapping on each FlexConnect AP.
    It varies depending if you want to place traffic locally at the site or tunnel it back.
    https://supportforums.cisco.com/docs/DOC-24082
    Sent from Cisco Technical Support iPhone App

  • ARD 3.1 on a Cisco network with multiple VLANs

    I really hope someone can help me with this one because it's giving me all sorts of headaches.
    I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
    Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

    I really hope someone can help me with this one because it's giving me all sorts of headaches.
    I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
    Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

  • Bridging problem with multiple vlans

    Hello Everyone, I am using two 1310 bridges in a root / non-root setup. The switches on both sides of the wireless bridge were setup to trunk native vlan 253. Each wireless bridge also had vlan 253 setup as a Radio and Ethernet Interface. In this config, the wireless bridges could associate and ping each other, but the switches on each side could not ping each other?s management vlan interface (Vlan 25). The only way to get traffic to pass to the corresponding switches on each side of the wireless bridge was to use vlan 253 for everything. We also see this problem with some of our other 1310 bridge connections at other plants. Has anyone seen this problem or a similar problem before?

    Hi Craig,
    Er, dunno if you have any insight on my issue. I'm trying to get 2 AP1231s (12.3-8) in bridge mode (root/non-root, antennas transmit/receive right) that have 4 VLANs going across the airwaves. Now, the bridges are associated, they can see each other's IP address, but will they ping? Absolutely not! VLAN20 is the native assigned to bridge-group 1, I've tried IP addresses on the BVI1, dot11Radio 0.20 and fa0.20 interfaces with no luck. There's no other fancy configuration options applied, just 4 VLANs going across two associated bridges. Any ideas? Appreciate any assistance you can offer.
    I'd already found the document that Rob recommended beforehand and that proved useful in getting the units to associate. Now I just need a ping! A PC connected to the non-root bridge's Ethernet port via a Xover cable is able to ping the non-root bridge but that's as far as it goes.
    Root bridge config attached. No IP assigned on this copy but as advised, tried a few scenarios!
    Thanks, Paul

  • Help with Multiple VLANS and IP Phone Setup.

    Although i have a 3com, I have a cisco IP Phone. I have the IP Phone connected to the 3com swithport using a hybrid port. It's a tagged member of vlan3 (voice net) and an untagged member of vlan1(native data)
    The ip phone gets the right DHCP address for vlan3 ( 10.x.x.x ) but the laptop connected to the ip phone gets the IP for vlan 3 as well.
    I want the laptop to get the IP of the native vlan ( 192.168.x.x)
    what would the port setup need to be ? does it need to be a trunk ? i have the PVID of the port set to vlan3, this allows the IP phone to get its vlan3 DHCP address.
    any help would be greatly appreciated.
    The 3com OS is very similar to the latest of CISCO IOS'.
    so explain wtih syntax and i'm sure the 3com can relate.

    Based on your description of a 'Hybrid Port' this sounds like Cisco's 'Multi-VLAN Port' that was a feature of the 2900XL/3500XL series switches. This feature has however long since gone......
    With a Cisco switch an access port supporting an Access VLAN & a Voice VLAN is effectively a Trunk with only one Tagged VLAN and the Native VLAN:
    interface FastEthernet0/1
    switchport mode access
    switchport access vlan 10
    switchport voice vlan 100
    This results in the same configuration as:
    interface FastEthernet0/1
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 10
    switchport trunk allowed vlan 100
    With the exception of CDP packets being sent advertising the Voice VLAN.
    With regards to other IP Phone vendors and DHCP Vendor Options - the answer is it depends....
    Nortel use Vendor Option 144 to inform the IP Phone of the Voice VLAN and Option 128 for the Server (PBX) to use. Ericsson uses Vendor Option 43 that can be configured to tell the IP Phone the VLAN and the Web server to read the config file from.
    I don't think you will get this working automatically with your 3Com switches, you can however manually configure the VLAN on the Cisco IP Phones.
    HTH
    Andy

  • Complex NAT and ACL issue with multiple VLANS

    Hello Forum. 
    We have about 12 different VLANS behind an ASA 5515-x. One of those vlans contains a webserver and a DNS server (different machines, different IP addresses). ASDM 7.1.3
    From outside the firewall, people need to be able to get to the webserver via http, https and a custom  port (3390). From outside the firewall, no one needs DNS access.
    From INSIDE the firewall, things are much more complicated. They need access to the DNS server from all VLANS and they need access to Webserver from all VLANS
    The VLANS themselves are defined on the core switches, not the ASA The Vlan labels and network subnets increment by 5 (except in the first 5 numbers) and the VLAN subnets are equal to the vlan name. So for example VLAN 10 is on the 10.10.10.x subnet, vlan 20 is on the 10.10.20.x subnet, and so on. Each subnet is 24 bits
    WHAT WORKS:
    Outside_in: http, RDP work fine. Pretty sure I will be able to get https myself, so not looking for help there
    Inside_in: traffic from vlan 10 to vlan 5 works fine, but I think that is in part to the any any allow rule on the vlan 10 interface. Apart from that, all vlans can get out to the web, but they cannot get proper DNS resoliution or access the webserver across vlans
    I have looked at the access lists, I have looked at NATting the DNS, but it is not working, and I am not sure why. Any assistance would be appreciated

    Tried that, no joy. It said that the problem was a NAT issue, but I cannot figure it out. The NAT rule looks right, but is not because it doesn't work

  • Multiple Vlans on a single port.

    hi,
    Can i configure single port with multiple vlans on L2 2950 switch, if yes then what are the commands.
    Thanks,
    Vishal D.

    Paresh,
    i think i have not quoted the question properly.
    see by doing 'switchport mode trunk' it will flow the traffic of all vlan right.
    but if i want to give access of selected vlans then what to do,
    i have tried the command 'switchport trunk allowed vlan 1,2,3'
    do i have to give encapsulation on that port, but on 2950 encap cannot be configured.
    now can u tell me wht is possible to do.
    Thanks for ur reply.
    Vishal.

  • Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

    Hi,
    I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
    Router (RV016 10/100 16-Port VPN Router) as gateway mode:
    IP : 172.16.0.1/24
    DHCP Server :
    IP : 172.16.0.2/24 GW: 172.16.0.1
    2 subnets :
    172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
    172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
    Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
    IP 172.16.0.254 (vlan 8 default)
    Vlan 1 : 172.16.1.1
    Vlan 2 : 172.16.2.1
    1 device connected on each vlan
    a workstation on the vlan 1
    a laptop on the vlan 2
    In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
    But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
    I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
    I hope the explanations are clear enough and my English too
    Any help will be highly appreciated,
    Zoubeir

    Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
    A couple things I notice in your description-
    48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
    The connection between the switches, is it 1u, 2t?
    The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
    We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
    The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
    We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
    Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
    -Tom
    Please rate helpful posts

  • Bridge with clients & multiple VLANs on 1242 AP

    Hi,
    I am trying to set up a test as per the attached diagram. I am looking to use 2x 1242 access points to bridge to a remote part of the network.
    I currently have 2 VLANs on the network, all network devices are on VLAN 1 for management and client access is on VLAN 2.
    What I am trying to achieve is to bridge between the two access points and also have clients connect to VLAN 2 on each access point.
    Firstly, are the 1242's capable of this or would I need to look at a 1300 Bridge?
    I have attached a copy of the base config I have on both AP's, the only difference between them is the root or non-root role.
    My bridge link currently works and I can ping across it on VLAN 1 but I cannot get a client to connect to the SSID on VLAN2. Although the SSID is set to guest mode I cannot see it being broadcast and if I manually try and connect nothing happens.
    Is there anything basic I am missing here or can anyone offer advice on bridging multiple VLANs with 1242 AP's?
    Thanks,
    Paul

    Ooops....forgot to add the attachments first time.
    Thanks,
    Paul.

  • Dynamic vlans with multiple fallback-vlans?

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman";
    mso-ansi-language:#0400;
    mso-fareast-language:#0400;
    mso-bidi-language:#0400;}
    I've got a problem with dynamic vlans. Trying to figure out configuration for the topology similar to the one in the picture.
    I’ve got four vlans for PCs, one vlan per department. I have to add fifth vlan (50) for devices that can be connected to any of the three switches: A, B, C. these devices need to be on their own vlan, no matter to which switch they are connected to. On the other hand, PCs connected to any port on those switches should be assigned to appropriate vlan (10,20,30 or 40).
    I was thinking about using dynamic vlans with list of mac addresses of devices that need to be on vlan 50 but not sure what to do with PCs. I don’t think I can use fallback vlan as I can set up only one fallback vlan for whole network and not per switch or port.
    I cannot use list of mac addresses of all pcs as there’s simply too many of them (my network is way bigger than in the picture, I simplified it only to present the idea). I imagine I would need multiple fallback vlans for different switches.
    Has anyone got any idea that could help me please? Maybe there’s some other and easier way?

    In new software (for Cisco switches) we provide multiple fallbacks for MAC authentication (MAB):
    1. 802.1x
    2. web authentication
    3. guest vlan (if no supplicant on the PC)
    4. auth fail vlan (if radius denies you access)
    So you could keep a list of MAC addresses for vlan 50 and do MAB for these devices if MAB fails you can use 802.1x for your PCs.
    This will require configuring 802.1x supplicants on all PC (Windows comes preloaded with one) and maintaining a radius of users who are able to log into the network. A lot of people use their Active directory pre-existing database as a backend to store their usernames and passwords for user authentication with dot1x.
    With using both dot1x and MAB you can now distinguish easily between two different processes and use your radius server to assign vlans based upon almost anything you can think of.
    -Elly

  • OTV site vlan with multiple overlay interface

    Hi,
    I have an OTV multihoming sites. 2 sites. 2 otv edge device each site.
    and with multiple overlay interface sharing 1 joint interface
    otv edge device connected to multiple VDC.
    each internal / downlink will forward different vlan for each vdc.
    ================================
    example
    int overlay 1
    otv extends-vlan 10
    int overlay 2
      otv extends vlan 20
    int eth 2/1
    description trunk to VDC1
    switchport trunk allowed vlan 10,100
    int eth 2/2
    description trunk to VDC2
    switchport trunk allowed vlan 20,100
    otv site-vlan 100
    ================================
    i understand that i can only use 1 site vlan.
    so in order for the failover to happen, both eth 2/1 and eth2/2 must fail?
    what if only int eth2/1 fail? will the int overlay 1 failover to secondary otv device?
    thanks,
    ivan

    "So when querying the adjacency server the ED then knows which other ED is within the same site?"
    Yes for the first part of the question, using the site Vlan unique to each site.
    Why do you need a routed link between ED's at local site? You dont need to connect those back-back over L3. Moreover if you want to use it for L3 ADJ over peer-link, you need to make sure that VLAN that you are using is not allowed on the VPC member ports, just on the peer-link, else VPC loop alrorithm will break your traffic.
    Are you planning to use multicast or a Unicast deployment? I remember I tried testing the topology in a POC for one of my customer, things did not work as expected in multicast deployment mode and worked fine in Unicast Adjacency server mode. I need to go back and check my notes on this.
    I would rather have the join-interface go back to a routed core at site rather than back-back connecivity as it opens up the tested Multicast deployment mode.
    Cheers,
    -amit singh

  • Bridging multiple VLAN with sg 200-08 and wap321

    Hi all
    Equipment:
    ASA 5505
    2x gs 200-08
    2x wap321
    Is there a possibility, to bridge 2 VLAN between one and another side with two WAP 321 and use the AP's also as WDS Bridge to extend the Wireless Network?
    I need to extend the Range of the WLAN but also want to use 2 different VLAN on both sides of the network. There is no Possibility to establish a wired Connection, so i try to use the AP's in "workgroup bridge" mode, but i always can use only one VLAN on the other side.
    Thanks for any help

    Hi Luis
    The Problem is, there is no wired connection between the WAP321.
    The topology is like this:
    VLAN1------ASA5505--  --SG200-08---------WAP321             WAP321--------SG200-8-------VLAN1
                                                 I                                                                                                 I
    VLAN2---------------------------                                                                                               -----------VLAN2
    VLAN1 and VLAN2 are also available in the WLAN on 2 Different SSID's:
    SSID: inside -> VLAN1
    SSID: outside -> VLAN2
    If i understand the Cluster mode right,there is a wired connection required between the WAP321 .
    In meantime i tried to connect the WAP321 over WDS, but always only VLAN1 is available on the "right" side of the Network.
    Is there a Possibility, to Bridge multiple VLAN's over a WDS connection?
    Best Regards
    Dominique

  • AP1300 Bridging Multiple Vlans with Dot1q

    I have a pair of AIR-BR1310G-E-K9 to do ptp bridging. Topology is like this:
    host-switch-rootAP---nonRootAP-switch-host
    We have multiple vlans and have followed this doco:
    <http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html>
    The native vlan is all good and can ping across end-to-end. However, the when I attach a host to the switch in another vlan i.e. user vlan - there is no connectivity. Essentially, we want to dot1q over the ptp bridge setup.
    running version:
    c1310-k9w7-mx.124-10b.JA1
    appreciate any input.
    Ajaz

    yes. standard trunk config on both switches:
    5SL_SWITCH#srif 0/24
    Building configuration...
    Current configuration : 186 bytes
    interface FastEthernet0/24
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,100
    switchport mode trunk
    switchport nonegotiate
    spanning-tree portfast trunk
    end
    5SL_SWITCH#show interfaces trunk
    Port Mode Encapsulation Status Native vlan
    Fa0/24 on 802.1q trunking 1
    Port Vlans allowed on trunk
    Fa0/24 1,100
    Port Vlans allowed and active in management domain
    Fa0/24 1,100
    Port Vlans in spanning tree forwarding state and not pruned
    Fa0/24 1,100
    5SL_SWITCH#
    11SL_SWITCH#srif 0/24
    Building configuration...
    Current configuration : 186 bytes
    interface FastEthernet0/24
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,100
    switchport mode trunk
    switchport nonegotiate
    spanning-tree portfast trunk
    end
    11SL_SWITCH#show interfaces trunk
    Port Mode Encapsulation Status Native vlan
    Fa0/24 on 802.1q trunking 1
    Port Vlans allowed on trunk
    Fa0/24 1,100
    Port Vlans allowed and active in management domain
    Fa0/24 1,100
    Port Vlans in spanning tree forwarding state and not pruned
    Fa0/24 1,100
    11SL_SWITCH#
    furthermore the vlans exist in the db and when i trunk between the switches - I can ping the SVI's.
    Do you want me to post the AP config?

  • Multiple VLANs per SSID with local switch

    Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode? 
    If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
    Thanks!

    dont think its possible...
    I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
    Example:
    AP1 -- ssid 1 --- vlan 10
    AP2 -- said 1 --- vlan 11 and so forth..
    Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for