11-09-2011 04:00 AM - edited 07-03-2021 09:03 PM
Hi All,
I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.
We have several remote sites and a centralized WLC. The requirement are to have a common SSID (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).
I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.
I have enabled H-REAP with Centralized Authentication and Local switching but I'm not sure about the second part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC.
Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.
I hope the above is not very confusing.
Solved! Go to Solution.
11-09-2011 04:43 AM
Okay... so if you want Corporate to be local at each remote site you have to do the folowing:
That is it.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml
11-09-2011 04:43 AM
Okay... so if you want Corporate to be local at each remote site you have to do the folowing:
That is it.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml
11-09-2011 05:04 PM
Thanks for your help Scott,
Please confirm if I have understood this correctly.
Example: AP at the remote office is configred with static IP address 10.26.46.100/29 (Vlan 100) and primed.
The Corporate SSID to be switched locally here is using subnet 172.18.114.0/24 (Vlan 2) (the same as wired data subnet). Guest SSID uses 10.0.0.0/24 (Vlan 999) and Mobile uses 10.20.0.0/24 (Vlan 998).
If I configure the AP under the H-REAP tab with vlan support and enter vlan 100 as the native vlan ID, once the AP resets the interface and is back online, I go back and configure VLAN mapping and enter the Corporate SSID VALN 2. Will it work? And from reading the Design doco, I can enter whatever vlan ID here for the Corporate SSID or does it have to match the existing wired VLAN?
Thanks
11-09-2011 05:09 PM
It has to match the vlan you want at that remote site which is vlan 2. So basically the trunk port will only allow vlan 100 and vlan 2.
Sent from my iPhone
11-09-2011 05:17 PM
Thanks, and on the switch side of the trunk I don't need to allow vlan 999 and 998, only vlan 2 and 100.
Another question, how do the clients in the Corporate SSID get an IP address from the Data subnet of the wired client at the branch office, is it that all the requests are switched locally therefore making the wirless client as the wired ones?
Thanks
11-09-2011 05:19 PM
You only need to allow vlan 100 & vlan 2.
Sent from my iPhone
11-09-2011 05:23 PM
Just to make sure, vlan 2 & 100 is located at the remote site and vlan 998 & 999 is located centrally where the WLC is at.
11-09-2011 05:24 PM
That is correct, and VLAN 998 and 999 will be terminating in DMZ where vlan 2 will be terminating on the internal network.
11-09-2011 05:30 PM
Okay... just making sure:) That should do it then.
11-09-2011 05:53 PM
A minor issue, the corporate WALN is mapped to the management interface and it uses vlan 100 because that is the mangement VLAN. Now that I have enabled VLAN support and when I go to the VLAN mappings page I only get the corporate SSID with VLAN 100, and the other two WLANs aren't configurable because they aren't switched locally which is fine.
How will the above vlan mapping work for both the APs and Corporate SSID given that the corporate will be using VLAN 2, do I create a new interface and map the Corporate SSID to that VLAN (VLAN 2)? Can it be in the same subnet as the management?
Thanks
11-09-2011 06:25 PM
It can be on the same subnet if that is what you want.
Sent from my iPhone
11-09-2011 06:53 PM
Hi Scott, thanks for your help.
I didn't have to create another interface, because I was able to map the vlans both for Corporae and the native. When I first enabled vlan support I entered 100 as the native and once on the vlan mapping page the corporate SSID was also showing 100 as its vlan ID and that confused me which I thought I wasn't able to change, but I could change it.
11-09-2011 06:55 PM
Yes, you want to change that to (vlan) 2.
Sent from my iPhone
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: