Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

High # of WLAN / SSIDs

Hi,

I've been tasked with rolling out a high number of WLANs with an accompanying SSID across our wireless deployment.  Here's the situation; we have many tenants, each of which has their own dedicated VLAN on our network.  We'd like to be able to allow them to log on wirelessly, to a matching WLAN which could then communicate to devices within their VLAN.  Presumably, I'd need to assign a unique SSID to each WLAN, and to make it easier for tenant clients to find their unique network.  The problem is that from what I've read, Cisco LAPs (1142s controlled by a 2504) can only broadcast 16 at a time.  We have about 60 VLANs to try and accommodate - is there a way that I can meet this goal without tripling up the number of LAPs we have deployed?

(currently they log in to a single SSID which is broadcast across a mesh of about 8 LAPs which cover our area)

Thanks for any insight!

11 REPLIES
Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

Take a look at AP Groups. Using AP Groups, you an define what SSID will be broadcasted from what AP's.

Here are some links

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: High # of WLAN / SSIDs

I started looking into that, but it appears that it would break up the mobility of a tenant who might need to leave their 'area' of the building and bring their laptop to a conference room located elsewhere.  The 8 LAPs we have deployed cover 2 floors and plenty of square footage adequately, but there's little overlap.  So I think in order to enable people to be able to log on from any possible location (conference rooms are scattered throughout the area), their SSID would need to be sort of omnipresent.  I don't think AP Groups would allow me to do that, unless I'm not understanding something about them?

Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

If all 60 AP's require to be enabled in that building, then there really isn't a solution for that. I thought that tenants will only require access in their own area and not a shared area. AP Groups will not work and there is real solution for what you want I accomplish. You are right about only 16 SSIDs can be assigned to an AP. having that many is a lot anyways. It is good practice to keep it to a minimum which is around 4. You can do more than 4 as long as you don't see any client connection issues.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

High # of WLAN / SSIDs

The difficulty here is that we'd like to be able to offer our tenants their own private LAN, with both ethernet and wireless connectivity.  Seems like this is a tall order, unless we roll out triple the LAPs, which isn't really an option due to the costs.

Perhaps there's a clever way to allow people to login to their own WLAN without the need to be bound by SSID count restraints?

Re: High # of WLAN / SSIDs

In a lab I took 16 SSIDs with the 1 meg PHY rate on 1 access point. My channel utilzation was like 50% with no traffic ... Something you should be aware of ...

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

One thing that you can look at is using AAA override "dynamic vlan assignment". You would need a radius server and your tenants would require I authenticate via username or password. You basically assign a user to a vlan based on their username. Then you can have one SSID and many secure vlans for each tenant.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

Cisco ACS or ISE allows you I store local usernames and passwords. If you have active directory you can also use Microsoft IAS or NPS for radius. They would either have I login using 802.1x or you can do a splash page (webauth).

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: High # of WLAN / SSIDs

Scott, thanks for that info.  I wondered if a per user solution might exist.  We don't have AD here, since all of these tenants are members of their own corporate entities, not ours.  But I suppose a Radius server might allow me to administrate access after I get a handle on 'dynamic vlan assignment' (presumably this also equates to WLAN?).  And I'll have to evaluate how much of an administrative swamp this will create since tenants (~250-300 users across ~60 corporate entities) are moving in and out of the environment semiregularly.

Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

I would look at just doing a WebAuth page and you can provide them with a generic username and password for them to login. If they are okay with that then that is an easy solution, if you have some tenants that don’t like the generic username, then you can have them give you a list of usernames and you provide them with a password. Cisco ACS would be good here, since you can just create these account locally. Microsoft radius, you couldn’t… you would have to tie that in with AD.

-Scott
*** Please rate helpful posts ***
New Member

Re: High # of WLAN / SSIDs

A generic password set per tenant would be best so administrative simplicity.  I don't need to control things at the user level - but we do have another goal similar to that; can I restrict the number of devices logging into that WLAN, either per WLAN or per account credential (which would result in the same outcome)?

Hall of Fame Super Silver

Re: High # of WLAN / SSIDs

Well.. you can on the WLC but the max is 8 or else you set it to ‘0’ for unlimited. You might be able to limit the dhcp scope but that would be kind of a work around.

-Scott
*** Please rate helpful posts ***
525
Views
0
Helpful
11
Replies
CreatePlease to create content