AP Group Vlans

Answered Question
May 28th, 2008

The setup is in a Lab enviornment with an East and West campus to simulate two buildings, and everything was working fine until we wanted to use AP Group Vlans. Once we configured the AP Group Vlans, updated the AP Templates and pushed them out - it broke.

All of a sudden, all three wlans (broadcasting SSID's) could not be seen, but all AP radio's were up. We rebooted the AP's but nothing changed. We RESET one AP and once it found it's controller (via DHCP Option 43), all WLANs came back online for the EAST campus...the WEST Campus still cannot be seen. We have rebuilt every aspect of the setup from scratch and this still happens.

Here's my question - If a WLAN is tied to the Mgt Interface at the WLAN level but is then tied to another interface in the AP Group VLAN, does the AP Group VLAN setting trump the WLAN level setting (Controller ->WLANS->WLAN ID->Interface) OR do the WLAN/Interface assignments have to match between the Controller WLAN level and AP Group VLAN settings?

My thought is that the AP Group VLAN - WLAN to Interface config overrides the initial Controller WLAN to Interface config.

Here's the setup:

WCS 4.2.62.11

East Campus:

Cat6506 - 12.2.18 SXF5

2 x WiSM - 12.2.18 SXF5

Interfaces - East_EAP, East_WEP

WLANs/SSID - LLeap/lableap, LPeap/labpeap, LWep/labwep

West Campus:

Cat6506 - 12.2.18 SXF5

1 x WiSM - 12.2.18 SXF5

Interfaces - West_EAP

WLANs/SSID - LLeap/lableap, LPeap/labpeap

Each campus is on a seperate subnet to simulate two different buildings.

All WiSM's/Controllers have the same Virtual Interface and are in the same Mobility Group - we want to roam between buildings.

I am tying the Leap and Peap WLAN's to the same Interface (Eap_East or Eap_West) in each respective campus and WEP on its own Interface.

(This is done in the AP Group VLAN config - Under Controller->WLAN->WLAN ID all WLANs default to Mgt Interface)

I have AP Group VLANs setup for each Campus:

Lab_East_Group --> LLeap/LPeap tied to East_Eap Interface. LWep tied to East_Wep Interface

Lab_West_Group --> LLeap/LPeap tied to West_Eap_Interface (no wep in the West Campus).

AP Templates are setup for each Campus specifying Primary, Secondary and Tertiary Controllers, Group Vlan Name and WLAN Override enabled:

AP Template Lab_East --> Group VLAN - Lab_East_Group, WLAN Override enables Leap/Peap/Wep Wlans

AP Template Lab West --> Group VLAN - Lab_West_Group, WLAN Override enables Leap/Peap Wlans

I have this problem too.
0 votes
Correct Answer by Scott Fella about 8 years 6 months ago

You are correct and what you need to do is have only those three controllers in one Mobility groups. Unless you need all wlc on a single mobility group. The most stable code I think is 4.1.185. If you decide to go to 4.2 then go with 4.2.112. I have that code running in a couple of my clients.

I would also upgrade the boot image.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Wed, 05/28/2008 - 06:32

When you pushed out the template, one thing is to make sure the WLC firmware and WCS is at the same level. If this is okay, then you either had an issue with the template or pushed it out to the wrong ap's.

The AP Group setting will override the interface configured on the WLAN. Management is usually left alone and is default.

With regardes to roaming between buildings, do you have signal when roaming between buildings? If not, then they should be put on different mobility groups.

If you require that the wlc's fail over to the other building, you will need all the ssid's configured on all wlc's. Also you will need the interfaces configured on both sides.

The thing that might not work for you is if an ap joins the wlc on the other side for some reason. The ap will look for the ap groups and the settings for that group. Interface must be there and the users will be placed on the building subnet.

Here is a simple link:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

plandobait Wed, 05/28/2008 - 08:42

We do have a signal when roaming between buildings (in this setup) - where we don't they will be placed in seperate mobility groups.

Regarding failover - If we have a WLAN/SSID with a Primary on Cont 1, Secondary on Cont 8 and Tertiary on Cont 16, then I only need that WLANs Interface configured on those three controllers - correct?

WLC is at firmware 4.1.171.0

WCS is at firmware 4.2.62.11

I'll look into updating the WLC firmware.

Thanks for the reply.

Kevin Rogers

Correct Answer
Scott Fella Wed, 05/28/2008 - 09:51

You are correct and what you need to do is have only those three controllers in one Mobility groups. Unless you need all wlc on a single mobility group. The most stable code I think is 4.1.185. If you decide to go to 4.2 then go with 4.2.112. I have that code running in a couple of my clients.

I would also upgrade the boot image.

plandobait Tue, 06/03/2008 - 10:20

The code upgrade solved all the probs we were experiencing. thanks for the help and info!

Actions

This Discussion