Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless LAN Across Multiple Non-Contiguous Floors in a Building...

Hi All,

It's been a few years since I've done anything in the way of Wireless networking but I'm just looking for some advice as it looks like I'll be revisiting it again quite soon.

We operate in a building where we have multiple floors but between some of them are floors owned by other companies. I'm guessing the typical way of doing wireless in this scenario would be to have a VLAN per floor and then force the reauthentication with you change AP's.

Saying that, does anyone have any advice on how to maintain continious connectivity in this kind of scenario, barring having a single VLAN stetched across all AP's and having AP's in the lift wells (a big no, no from a security perspective, WPA2 or otherwise)

Is there any way of maintaining a secure continuous wireless connection when traversing floors that are non-contiguous? I'd appreciate any advice. Thanks in advance.


Super Bronze

Re: Wireless LAN Across Multiple Non-Contiguous Floors in a Buil

Hi Dean

A good way to work around this VLAN issue is to use the new AireSpace/Controller based wireless systems.

Basically you can put APs anywhere (in any VLAN) and they tunnel all traffic from their management interface in the VLAN they are installed in back to the central controller, which in turn has interfaces in whatever VLANs you actually want to give access to.

This nicely works around the issues given rise to when you have different VLANs per floor with traditional wireless systems - when you roam between floors in those, you roam between subnets, and therefore need to reauthenticate and obtain a new IP address - a process which cuts off most apps and causes a break in communications.

Hope this helps


Please rate helpful posts..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Re: Wireless LAN Across Multiple Non-Contiguous Floors in a Buil

Thanks for getting back to me Aaron.

When you mean "AireSpace/Controller based wireless systems, am I right in assuming that if you need a WiSM enabled switch/module for routers or switches?

I'm trying to think of the most secure way of doing it allowing this "separated floor" mobility without going overkill at the same time (putting IPSEC/VPN tunnels, encryption and forced re-authenitcation all over the place which has been investigated in the past and failed miserably)

I was thinking of having AiroNet AP's (with directional antennas if possible) distributed on each floor along with AirDefense modules.

These would then connect in a dedicated Wireless LAN switch per floor (eg. some form of WiSM enabled Catalyst 3750) running it's own VLAN and dot1x and then have these connected into the standard floor switches and up into our core.

Would such as solution work? How would this work when traversing lift wells (provided AP's would be allowed to fitted into them)

Thanks again for your help.


Hall of Fame Super Red

Re: Wireless LAN Across Multiple Non-Contiguous Floors in a Buil

Hi Aaron,

Great answer here and great review of the 4400 series (just read it)! Very deserving of at least 5 points from this end.

Take care!