We have a client that has a multi storey office block, They wish to have sepearate SSIDs per floor and a common SSID for the ground restaurant area where all cllients can access without changing their WLAN profile., they are talking about 30 floors.
Initially I was thinking of dynamic VLANs and a single SSID or AP Groups however I am struggling to find the right solution.
As yet there are many unanswered questions, will they need to access different domains, etc.
QUestion is it possible?
I may need to explain in more detail but currently it would be like 30 SSIDs throughout the buillding and then 30 on the ground, obviously its not feasible so the only things I can think of is dynamic VLANS or is there something in NAC that might do it
The issue you will face is how many ssid's you will be able to create on the WLC. I know with 4.2, you can only have 16 SSID's. I believe they will eliminate this in the future release. WLAN Override would allow you to specify what ssid's will be asigned to which ap. AP Groups allow you to have an ssid be tied to multiple vlans, which is not what you are looking for. NAC is designed to remediate devices trying to access the network. This works alongside your wireless but will not help with the amount of ssid's you require.
The WLC can now handle 512 SSIDs but only push 16 to each AP, the issue with that is not enough SSIDs,
The client enquiry is loose and we are looking for a solution and my thought was a single SSID and managing the client access by VLANs either by AP groups or dynamic VLANs tied to either mac or client authentication?
You seem to understand the limitations of the controller. One possible solution would be to install double the normal APs on the bottom floor. Then you can distribute 15 SSIDs to one group and 15 SSIDs to another group using WLAN Override. As long as a good site survey is done to determine AP location, this should work fine, but it will be tricky. The extra APs might help with client density if this bottom floor will have a lot of people down there at once.
And as you say, you can perform dynamic VLAN assignment using a Cisco ACS server via client authentication. Someone else should confirm whether it can be done using MAC authentication, but I do believe you can do it that way as well. Then you can have one SSID for everyone to connect to.
Be careful about considering AP groups. If you have the same SSID on each floor, but each maps to a different VLAN, your organized VLAN structure will be mostly disregarded since users will roam through the floor/ceiling to other subnets.
What code are you using... Iknow with the 4.2, you can have up to 512 vlans, but only 16 ssid's can be configured. Anyways, your RF space will have so much noise from all the beacons. Each AP must beacon with every ssid configured on that AP, so the more ssid's the more beacons. Best practice is to keep the ssid's to a minimum of 4. Again, it's trial and error.... depending on the devices on the network, older clients, pda's, etc might have issues when they see alot of beacon information.
It sounds possible to me, we have just been playing with 802.1x using FreeRADIUS and now have a single SSID mapped to one default vlan, but with AAA Override enabled, so that RADIUS can be used to allocate users into any specific vlan that the controller has access to.
It seems to avoind the whole multiple SSID issue and works fine for us at the moment, although we are only using up to 6 vlan at present and no 30 odd.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...