Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Managment VLAN - SSID mapping

I'm implementing a large WLAN for a hospital. they will be using Cisco VPN and RSA OTP to provide authentication and data confidentiality/integrity. They also desire a Wireless LAN Solution Engine.

I wish to create a "user" VLAN-SSID mapping, and a "wireless network management" VLAN-SSID mapping, so I can require users to use VPN to get off their local segment, but also use WLSE & HPOV to manage the WAPs via a managment interface.

To trunk the mgmt vlan, I think i need to map it to an ssid on the WAP. However, I do not want the mngmt vlan/ssid to accept client associations. I basically only want the mngmt vlan to exist on the wire and at the AP, not on the RF.

How would I accomplish this?

6 REPLIES
Cisco Employee

Re: Managment VLAN - SSID mapping

It is a little bit of a kludge to do this but.

On the vlan SSID page set the max allowed associations to 1 ( 0 will mean max number of associations will be 2047) This will allow only on client to associate, now you can block this one by creating a MAC address filter on that VLAN that has no MAC address in it and the default action for both multicast and unicast is discard.

You could do just the filter but if the filtre is ever turned off then you have the added bonus of only one client getting through

David

New Member

Re: Managment VLAN - SSID mapping

Hello,

One way I tried to do that was by, on the security setup page, where you choose the type of security association you want (Network EAP,OPEN, etc) I noticed that there was the option to NOT check any box. Is it a bug or a feature?

We are using that in order to have the "management Vlan" of the AP on it, and not to allow wireless clients to do it.

My question is, is that safe? Is ti recommended? are there any info against it?

Thank you

New Member

Re: Managment VLAN - SSID mapping

Hmmm....seems a lot cleaner than creating bogus MAC filters!

Cisco? Any response?

New Member

Re: Managment VLAN - SSID mapping

Hi,

this is exactly what I am doing too. I leave all the boxes unchecked, and it seems to work.

I assume that you are using SSID ID [0] for the "management vlan". Are you able to change the type of security association for SSID [0] using the CiscoWorks WLAN Solutions Engine? I cant seem to figure this one out.

New Member

Re: Managment VLAN - SSID mapping

I have configuered a management vlan 1, and a public vlan 112. my native vlan is 1, I have only the vlan 112 mapped to an ssid public.

I receive some warnings in the log, but it works fine.

New Member

Re: Managment VLAN - SSID mapping

Hello there,

I implement two VLANs: one for the users (public Vlan184) and one for management (WAPs only Vlan46). Everything works fine for my Cisco clients; however, the 802.1x clients cannot associate. I checked Cisco's configuration, but it's rather confusing.

Any pointers?

Thank you,

Carlos Tinajero

IBM-CCNA

365
Views
0
Helpful
6
Replies
CreatePlease login to create content