Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Get IP address in specific VLAN on specific site

Hi

I have 4 site connected by wired and wireless and one WLC 2504 version 7 (found architecture and ip adress in the attachement)

One each site I have one or many access point

One each site I have many VLAN

One each site I configured sub-interface and DHCP server on the router or the switch layer 3

Normaly I should configure the DHCP server in the WLC

In my case I have many DHCP server (one DHCP with diferent IP range per vlan for each site)

I  would like to know how I can configure router, switch and WLC so each  user can get a corespondant IP of specific site and specific site

Please advise

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Re: Get IP address in specific VLAN on specific site

HI Nic,

You must use Flexconnect configuration: FlexConnect is a wireless solution for branch office and remote office deployments.


Here is the example:

https://supportforums.cisco.com/docs/DOC-24082

http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/hreap.html

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Regards

Dont forget to rate helpful posts

VIP Purple

Get IP address in specific VLAN on specific site

If you are using "FlexConnect Central Switching" then all your branch user traffic it tunnel back to your WLC. So you cannot locally terminate those & cannot use local DHCP for each branch.

Even with FlexConnect Local switching you should be able to use AAA-override feature to change the VLAN users assigned through ISE. (Page 47 to 55 of the given presentation describes options available). I think that would be the best way to go ahead with this requirement.

Anyway you can test this if set up is already there for you..

HTH

Rasika

**** Pls rate all useful responses ****

4 REPLIES
VIP Purple

Re: Get IP address in specific VLAN on specific site

HI Nic,

You must use Flexconnect configuration: FlexConnect is a wireless solution for branch office and remote office deployments.


Here is the example:

https://supportforums.cisco.com/docs/DOC-24082

http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/hreap.html

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Regards

Dont forget to rate helpful posts

VIP Purple

Re: Get IP address in specific VLAN on specific site

This is typical FlexConnect/HREAP deployment. So for those sites you configure local DHCP, you have to put AP into FlexConnect/H-REAP mode  & configure the WLAN as H-REAP local switching.

In this way all your branch traffic will locally switched & get IP from the local DHCP server (does not matter what DHCP configuration under dynamic interface map to WLAN)

Below should help you as well

http://mrncciew.com/2013/03/10/h-reap-modes-of-operation/

http://mrncciew.com/2013/03/12/h-reap-with-radius/

BRKEWN-2016-Branch Wireless Design

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

Re: Get IP address in specific VLAN on specific site

Thanks for your answer

I would like to know if I can use  "FlexConnect Central Switching" to configure what I need

Because I use ISE

by default all user is in default vlan(Vlan2), and after authentication, the ISE puch the correspondant Vlan and the ACL (DACN or named airspaceACL)

So for each user: after conect on the access point , user should get IP address in the default Vlan, then after authentication by ISE (CWA), he should get new IP in his correspondant VLAN and get the ACL

The ACL is not per VLAN, the ACL is per user or user group sor 2 users in the same VLAN can have different ACL

Can I use "FlexConnect Central Switching" to configure it ?

If not, how can I configure this cenario ?

Thanks in advance for your help

Regards

VIP Purple

Get IP address in specific VLAN on specific site

If you are using "FlexConnect Central Switching" then all your branch user traffic it tunnel back to your WLC. So you cannot locally terminate those & cannot use local DHCP for each branch.

Even with FlexConnect Local switching you should be able to use AAA-override feature to change the VLAN users assigned through ISE. (Page 47 to 55 of the given presentation describes options available). I think that would be the best way to go ahead with this requirement.

Anyway you can test this if set up is already there for you..

HTH

Rasika

**** Pls rate all useful responses ****

204
Views
0
Helpful
4
Replies
CreatePlease to create content