Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking SSID selectively in H-REAP mode

Hi,

We have deployed 500 access-points in 100 sites using 8 controllers.  SSID is switched locally and access-points are in H-REAP mode.

Customer wanted us to host one more SSID, which will be used in only 10 sites. It will be using pre-configured user-name and password for authentication.

1. How to block the SSID from advertising to remaining 90 sites? If I configure any SSID in controller, it is pushed to all 100 sites. How to block SSID selectively.

2. Is there anyway to apply the acl on this SSID in local switching

Thanks,

Ramesh

7 REPLIES

Blocking SSID selectively in H-REAP mode

For the first part you would use the feature called AP Groups.  You would put the AP's for the 10 sites, into their own group(s) that allows the extra SSID.

For the second part, this is possible if you are running 7.2, FlexConnect ACLs.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Blocking SSID selectively in H-REAP mode

Thanks Stephen,

AP Groups is applicable to H-REAP APs? Are we allowed to use both H-reap group and AP-group together?. We have H-reap groups for roaming.

we have 4400 series controllers. I see latest version for this is 7.0.230.0. I think 7.2 is not applicable to 4400. not sure.

New Member

Blocking SSID selectively in H-REAP mode

Hi Stephen,

Correct me if Im wrong.

When you create the this additional SSID, it will be added into the default-group, and there is no way to remove any SSID from this default-group.

Based on this, I think, what it's needed is to create a new group, move "all" APs to this group, create the new SSID, and then only move the APs placed in the 10 sites back to the default-group. This way, APs in the new group carry exisitng SSIDs, and APs in default-group will carry the existing SSIDs and the newly-added SSIDs.

Re: Blocking SSID selectively in H-REAP mode

If you build the WLAN above 17 it will not be on the default group.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: Blocking SSID selectively in H-REAP mode

Yes the AP group should still be applicable ti limit which WLAN is at each site.

Ok if you are on a 4402 then you'll have to acl at the local l3 interface as it doesn't support running 7.2

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: Blocking SSID selectively in H-REAP mode

Ramesh:

I think you asked question 2 as a suggested solution to question 1, right?

So if we resolve question 1 the question 2 can be ignored.

As Steve mentioned, you only add AP groups and that is it.

Here is a config example: http://tiny.cc/j7tqcw

Although config example shows old versoin, it is still be applicable to newer versions (with some few differences). But if you know the concept you'll be able to do it with no problems.

Ask if you got to any issue while configuring this.

Good luck.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Re:Blocking SSID selectively in H-REAP mode

good point!

1110
Views
10
Helpful
7
Replies
CreatePlease login to create content