Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC and AP in L3

Hello everyone

I hope if anyone can help me.

a Building has 3 companies (A,B and C)

and I have one WLC

in each company there is 3 AP

I want to configure WLC whereas any AP in company A cant communicate to other AP in company B and C

and the same to all companies

I mean totally separate in IP scheme (no routing between them)

can that done with WLC and LWAP ??

PLZ advice

  • Security and Network Management
New Member

Re: WLC and AP in L3

Are you referring to AP/WLC management traffic or user traffic?

If you want to separate user traffic you just set up dynamic interfaces, and not to route between them on your L3 device, whether you do it via ACL or VRF.

If you want to separate the AP management as well, you can put companies A, B, and C's AP's in three different management subnets, but they all have to come back and talk to the WLC.

Hall of Fame Super Gold

Re: WLC and AP in L3


If you mean that Company A's SSID will not be broadcasted into B & C "floor" and vice versa, then YES. It's called AP Groups.

You can "group" each AP into a "folder" (excuse my term) and from each so-called folder, you can specify what SSID's to enable/broadcast and what SSID not to use.

Is this what you are looking for?

New Member

Re: WLC and AP in L3

thank you all for your reply

I would like to ask you another question fo another scenario.

I have one WLC installed in one subnet, let's say in the head quarter network, while the LAPs are installed in the branches and there is WAN connectivity between the HQ and the branch and OSPF routing is enabled between this WAN network. How can I do my configuration in order to register the LAPs installed in the branch with WLC installed in the HQ?


Re: WLC and AP in L3

Specific to AP Groups, here is a video i did that will explain in detail how it works (AP GROUP LAB):

If you are going to do remote access points one thing you may want to consider H-REAP.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: WLC and AP in L3

If you can ping the controller from the subnet where the remote APs will reside, then you have all the layer 3 connectivity you need. (Unless you have ACLs blocking the LWAPP ports on the Management or AP Manager interfaces, of course.)

Hall of Fame Super Gold

Re: WLC and AP in L3

Hi Jaber,

As what George's post recommends, use H-REAP. You can also "mix" H-REAP with AP Groups too.