Cisco WLC SSID anchored several subnets

Hello

I have a requirement to land a SSID on a controller of the anchor but that AP customer connect I need them to receive certain IP address.

Then...

I have a LWAP called AP1 connection to WLC1, WLC1 uses WLC2 as the anchor for the ssid SSID1 DC. When a user connects, I want the user to get an address of SUBNET1. If a user connects to AP2 is also linked to the WLC1 I want the user to get an address of SUBNET2

Now... If the AP is it is located directly on the WLC2 I could use groups AP to provide this feature, no one knows if its possible to combine it with anchor?

Thank you

RG

Fix... You can't do what you are trying to accomplish. If you were doing 802. 1 x, you can use override AAA to assign users to a vlan, but other than that, the WLC cannot perform this task.

Sent from my iPhone

Tags: Cisco Wireless

Similar Questions

  • The SSID on Cisco WLC support no.

    Hi all

    Can you please help me to provide details on the following Cisco wireless controller?

    1. no support SSID on Cisco WLC

    2. is it possible to limit the SSID on the access point (for example, I have 10 SSID configured on the controller, I want 10 first access points using SSID (SSID 1-5) and rest of the AP SSID 6-10)

    Thank you

    Jamal

    Hi Jamal,.

    Just to add to the great info of Robert (+ 5 points Robert)

    The feature you're looking for is called WLAN substitute in versions 4.x WLC.

    Allowing substitution WLAN

    By default, all defined WLAN transmission on the controller access points. However, you can use WLAN editable to select WLAN is transmitted and who are not on a per access point basis. For example, you can use WLAN to control override goes where in the guest WLAN network or you can use it to disable a specific WLAN in a certain area of the network.

    This doc.

    http://www.Cisco.com/en/us/docs/wireless/controller/4.0/Configuration/Guide/c40wlan.html#wp1114777

    Once you create a new WLAN, WLAN > page edition for the new WLAN. In this page, you can set various parameters specific to this general policy, RADIUS servers, political security WLAN key, and 802.1 x settings.

    * Check Admin status under general strategies to activate the WLAN. If you want AP broadcast the SSID in beacon frames, check the SSID broadcast.

    Note: You can configure up to 16 WLAN on the controller. The Cisco WLAN Solution can control up to sixteen WLAN for Lightweight APs. Each WLAN has an ID separated from WLAN (1 to 16), a WLAN SSID (name of the WLAN) separate and can be assigned to single security policies. Lightweight APs broadcast all Cisco WIFI WLAN SSID Solution assets and apply the policies that you set for each WLAN.

    The good doc.

    http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#C3

    In versions 5.x, you will use AP groups, because in versions 5.x WLC, WLAN substitute has been replaced by the "Groups of AP" feature;

    Creation of groups access Point

    After all the access points have joined the controller, you can create up to 150 groups of access point and assign up to 16 local wireless networks in each group. Each access point announces that the WLAN enabled that belong to his group of access point. The access point no announcement not disabled WLAN in its access point group or WLAN that belong to another group.

    http://www.Cisco.com/en/us/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1128591

    To learn more about George video AP discover excellent groups

    http://www.my80211.com/Cisco-Labs/2009/3/22/Cisco-AP-group-nugget.html

    I hope this helps!

    Rob

  • Two WLC 5508 anchor high availability

    Hello.

    It is possible use 2 WLC 5508 EN HOW to ANCHOR in an active scenario?.

    For example, if a WLC down the service, another Dungeon provide service to customers of anchor?

    At the moment we have just a WLC 5508 anchor mode. What do I have to configure high availability of the ANCHOR.

    Thank you very much!!!

    You have redundant WLC as anchor points, but if an anchor fails, the user must reconnect.

    There is a feature on the WLC HA, but it is mainly for foreigners redundancy WLC anchor no redundancy. With guest several anchors overseas WLC balance the load between the two. You will not be able to put a primary or backup.

    Sent by Cisco Support technique iPhone App

  • Cisco WLC 5508 & HP printer

    Hello

    I have some problems with cisco and hp airprint wlan systems.

    I use two cisco wlc 5508, a master and an anchor.

    the APs ar connectet to master wlc, DHCP and the point of diversion to the internet are on anchor wlc.

    so far, with my android phone, I can connect and hepatitis has access to the internet.

    now, I use an HP Multifunction (MFP M276nw) printer with Airprint. I connect to the WLAN even the hp printer on the same IP range.

    I can ping the printer from my android tablet, but I can never find the printer with a hp soft.

    If I connect the printer even with the same compressed to a point of user access to home normal is all ok thing.

    I think I have to configure something on my wlcs.

    any ideas?

    Thank you

    It seems that v7.5 supports Hello on anchor. You might want to look at this thread

    https://supportforums.Cisco.com/thread/2200019

    Sent by Cisco Support technique iPhone App

  • WLAN how can I use with Cisco WLC 2504

    I have two companies co-implantant and to decrease costs would like to implement a single Cisco WLC and separate traffic with the VLAN. I see that the controllers of the series Cisco WLC 2500 min supported number of WLAN: 5 and max: 75. That means actually? When I create more than 3 WLAN on a controller, the best practices page advises me against the use of more than 3 WLAN. Is it good to have more than 3 Wireless LANs, and what are the penalties to do?

    5 and 75 are the number of points WLC can support access light weight.

    By default, 2504 can manage up to 5 access points. You can increase this number up to 75 by adding the new license.

    Also, it can support up to 16 different WLANs (SSID)

    FC

  • Cisco ASA cannot create several tunnels at the same address in hand?

    We have several remote sites with Linksys WRVS4400N and Smoothwall firewall/vpn devices.  I need these sites to be able to connect to several tell-contiguous subnets to our main office.  This was done easily with smoothwall and linksys.  You create a separate tunnel for each subnet, and voila, you're done.  However, when I tried this with our ASA newly installed, it won't let me create several tunnels at the same address of the remote peer.  It is a problem because these sites have only a single IP address public static.  Did I miss something or ASA not allow connections to and from multiple subnets form a site with a unique address peer?

    Resembles the limitation on the WRVS4400N as Cisco ASA supports several subnets by tunnel.

    Is there anyway that you can configure a subnet more instead of specific subnets on the ACL?

    For example:

    If you 192.168.0.0/24 and 192.168.1.0/24, instead of having 2 subnets configured, you can combine them into 1 subnet 192.168.0.0/23

  • Cisco WLC license evaluation of Access Point

    Hello

    I would like to know what is happening to access connected to a Cisco WLC points if the evaluation license reached its expiration date and other licenses have not yet been installed all connected access points would cease immediately operation?

    Kind regards

    Mark

    Yes, they would stop working.

    Note: when you add licenses a reboot is required. Even if the number of supported the HA increases on reset controller is always necessary for these devices to register on the controller under the permanent license. I once added licenses and when I saw the number of the AP increase - I experimented with the restart - and when evaluating lic. expiration of my AP dropped the controller.

  • Cisco WLC 2504 - Access Points do not reach the controller

    Hello world

    We bougth a Cisco WLC 2504 with two AIR-AP2702I-UXK9 Access Points. The problem is that the AP do not join the WLC.
    The output from 'show join ap stats' shows the following:

    (Cisco Controller) > view join ap stats summary all the

    Database Mac EthernetMac AP AP name IP address Status
    00:35: 1a: B1:A9:60 00:f2:8 b: f4:1 has: 9 c AP00f2.8bf4.1a9c 192.168.10.23 joined not
    00:35: 1a: C9:99:B0 00:f2:8 b: 77:b7:fc AP00f2.8b77.b7fc not joined 192.168.10.24

    (Cisco Controller) > show join ap 00:35:1 detailed stats to: b1:a9:60

    Synchronization phase statistics
    -For the synchronization request has received... Does not apply
    -For the synchronization completed... Does not apply

    Discovery phase statistics
    -Applications received discovered... 114
    -Answers success of discovery... 114
    -Discovery failure processing... 0
    -Purpose of the last unsuccessful attempt of discovery... Does not apply
    -Attempt to finally successful discovery time... 20:15:40.106 16 June
    -Discovery attempt ultimately unsuccessful time... Does not apply

    Join the live statistics
    -Join applications received... 57
    -Join sent successful responses... 57
    -Processing of the join request without success... 0
    -Purpose of the last unsuccessful attempt to join... Does not apply
    -Attempt to join finally managed time... 20:15:50.414 16 June
    -Join finally failed time... Does not apply

    Configuration phase statistics

    -Configuration requests... 114
    -Answers configuration successful... 0
    -Processing configuration failed... 57
    -Purpose of the last unsuccessful attempt to Setup... Invalid license in the application configuration
    -Attempt to finally successful configuration time... Does not apply
    -Time finally failed configuration attempt... 20:15:50.810 16 June

    Last the decryption of the AP details failure messages
    -Last message decryption failure reason... Does not apply

    Details of recent disconnection AP
    -Last AP connection failure reason... Does not apply
    -Last reason for disconnection AP... Unknown failure reason

    Latest summary join error
    -Type of error that occurred in the last... Application of configuration rejected LWAPP
    -Reason for the error that took place the last... Invalid license in the application configuration
    -Time which occurred the last error to join... 20:15:50.810 16 June

    Details of sign-out AP
    -Last AP connection failure reason... Does not apply
    Ethernet Mac: c 00:f2:8 b: f4:1 has: 9 Ip address: 192.168.10.23

    Would be grateful for the help.

    Best regards
    Marc

    Hi Marc,

    Make sure first that your controller has software code 8.0.x or above, if first better it. Here's the code recommended by TAC

    http://www.Cisco.com/c/en/us/support/docs/wireless/wireless-LAN-Controller-software/200046-TAC-recommended-AireOS.html

    Then, try the UX above deployment guide to begin. Under Advanced tab WLAN, you need to enable "of the first universal ap' in order to use this app provisioning & connect to the AP.

    If you have more than 1 AP, then you must start 1AP using this application. Other access points that you can feed them upward, while AP original is also powered, so they'll use protocal called NDP & start them automatically

    Let us know how it goes

    HTH

    Rasika

    Pls note all useful responses *.

  • License of Cisco WLC

    Hi all

    Could someone help me, I have Cisco WLC 5508 with details of license as the photo below as a status "in use".  My question can I used another license with inactive status?

    5508 as the 2504 can only use licenses that have been purchased and installed or if eval has not expired. If you exceed the number of licenses of AP, then you need to activate the eval, if not expired. You will not be able to do both. The newer controllers who have the right of use license, you would be able to do.

    -Scott

    Please evaluate the useful messages *.

  • Cisco WLC 2504 internal DHCP does not work properly

    Hi all

    I m trials with a Cisco WLC 2504 and some APs of 1832. I set up a DHCP scope on the interface of the controller with 2

    a large number of different configurations, but the DHCP protocol does not work and Don t Access Point to obtain an IP address. My first question: is it possible to do DHCP for Access Points or only for wireless clients?

    These are my interfaces:

    Interface of the PA-Manager:

    My DHCP scope:

    Advanced DHCP:

    I forgot something? Is there anyone using DHCP for its access points?

    Thank you!

    Hello

    On Cisco WLC internal DHCP, you can add the option 43 to say where APs must register. In this case, they will try to resolve the DNS CISCO-CAPWAP-CONTROLLER or CISCO-LWAPP entry.

    Let me explain briefly how AP-Manager works on WLC:

    1. Boots of Access Point and sends a discovery request to the management interface of the controller using the intellectual property you configured as DHCP Option 43 (as described above, it can be resolved by the DNS entry)
    2. Controller, sends it a response discovered that contains the name of the system, addresses AP-Manager, the number of access points already connected to each interface AP-Manager and the overall capacity of the controller.
    3. Joints access point controller using the less loaded interface AP Manager.

    With this, every AP Manager must have a good configured interface and be connected to a different port, no LAG.

    I drop a post here sometimes there is which might help:

    https://supportforums.Cisco.com/document/118311/configuring-multiple-AP-...

    Thank you

    PS: Please do not forget to rate and score as correct answer if this answered your question

  • Migration of Cisco WLC 5508 to 5520

    Hi all

    I need to migrate cisco 5508 to 5520 wlc. This Cisco 5508 WLC is in production, it is possible, I can import this 5508 configuration file and export again 5520.

    Please provide the steps to follow while making the migration.

    (1) how cisco WLC-2 AP WLC-1 transfer since both have the same versions of IOS. Any URL available Cisco?

    WLC-2, enter the command "config primary ap .

    (2) applicant tried to transfer 2 points of access for LAP 1130 2 WLC WLC - 1 2 days back but still not reflective in WLC - 1. Measures to solve the problems there?

    Distance or console in the AP.  Post the output of the command 'sh' full record when trying to move the access of a controller to another point is entered.

  • authenticate the cisco WLC 5508 with cisco ACS 1120 (version 5.0) using GANYMEDE +.

    My installation has cisco WLC 5508 and ACS 1120 ver 5.0. How to authenticate users who access to the WLC via the ACS 1120 users GANYMEDE +. I am able to authenticate users for routers and cisco switches, but when I try the same for the CMT, it fails.

    Can someone explain please the config/basic steps that must be configured on both services ACS & WLC.

    You use plain vanilla 5.0 or have installed patches?

    the ACS 5.1 has new GANYMEDE related functionaity, including support for custom services and attributes. If they are necessary for the WLC yo need support it would improve.

    He could also relevant corrective patch from calendar 5.0 but I can't find any relevant specific at this stage CDETS

  • Cisco WLC and Apple TV Hello

    Hello

    I followed the guide on http://www.cisco.com/en/US/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html on activation of Cisco WLC 7.5 with Apple TV good morning however I have a weird problem. I have some clients unable to see the apple TV connected to a different wireless access point while some may see the Apple connected TVs. I have attached my setup for reference. I would like to inquire about the use of LSS and so perhaps someone has encountered similar problems? The apple TV is discovered by the wlc on mdns-domain names.

    According to the document, multicast has been activated not however the discovery of the apple tv is intermittent of apple customers. Customer can discover apple tv 1 and 3 but not apple tv 2 and sometimes it can discover all 3 apple TV while client B is able to perceive all apple TV devices 3. All 3 apple TV devices are discovered by WLC and only apple TV service has been activated on WLC.  I was wondering if anyone has seen a similar question? Not too sure what can be the cause of it?

    Any suggestion is appreciated.

    Some of the docs didn't do it, but it is required as all my installation requiring Hello, set multicast implementation.

    Thank you

    Scott

    Help others using the system of rating and marking answers questions like "answered."

  • Several subnets in the site to Site VPN

    Hi guys,.
    I would like to set up a site of tunnel VPN stie with several subnets. I could not find a configuration which is my problem. I hope you can help me with the solution.
    You can find my design network attach to this subject.
    This is my setup on the ASA:

    (1) NAT excemption for network traffic, go to the Site to site VPN.
    NAT (MGMTLAN, INT STSVPN) static source 192.168.10.0 192.168.10.0 static destination 192.168.31.0 192.168.31.0
    NAT (inside, INT STSVPN) static source 192.168.15.0 192.168.15.0 static destination 192.168.38.0 192.168.38.0

    (2) the Accesslist with traffic to encrypt
    object-group network 192.168.10.0
    object-network 192.168.10.0 255.255.255.0

    object-group network 192.168.15.0
    object-network 192.168.15.0 255.255.255.0

    the 192.168.38.0 object-group network
    object-network 192.168.38.0 255.255.255.0

    the 192.168.31.0 object-group network
    object-network 192.168.31.0 255.255.255.0

    object-group network STSVPN-LOCAL
    Group-object 192.168.10.0
    purpose of group - 192.168.15.0

    object-group network STSVPN-US
    purpose of group - 192.168.38.0
    purpose of group - 192.168.31.0

    ACL_STSVPN-US allowed extended ip access-list object-STSVPN-LOCAL object group STSVPN-American

    (3) proposal phase 1
    IKEv2 crypto policy 10
    aes-256 encryption
    sha256 integrity
    Group 14
    FRP sha256
    second life 86400

    (4) proposal phase 2
    Crypto ipsec ikev2 proposal ipsec IKEV2-IPSEC-ESP-AES-SHA
    Protocol esp encryption aes-256
    Protocol esp integrity sha-256

    (5) group tunnel
    tunnel-group 4.4.4.4 type ipsec-l2l
    tunnel-group 4.4.4.4 General attributes
    Group Policy - by default-GrpPolicy-STSVPN-US
    IPSec-attributes tunnel-group 14.4.4.4
    IKEv2 remote-authentication pre-shared key abcd
    IKEv2 authentication local pre-shared key abcd

    GroupPolicy
    Group Policy GrpPolicy-STSVPN-US internal
    Group Policy attributes GrpPolicy-STSVPN-US
    value of VPN-filter STSVPN-US
    Ikev2 VPN-tunnel-Protocol

    (5) crypto card
    10 CM-STSVPN crypto card matches the address STSVPN-US
    10 CM - STSVPN peer set 4.4.4.4 crypto card
    card crypto 10 CM-STSVPN set ikev2 proposal ipsec IKEV2-IPSEC-ESP-AES-SHA
    interface card crypto INT-STSVPN CM-STSVPN
    Crypto ikev2 enable INT-STSVPN
     
    /////////////////////////////////////////////////////////////////////

    The router configuration:

    (1) part SA

    proposal of crypto ikev2 ki2. PROP
    encryption aes-cbc-256
    sha256 integrity
    Group 14
    IKEv2 crypto policy ki2. POL
    proposal ki2. PROP
    ikev2 KR1 encryption keys
    peer ASALAB
    address 2.2.2.2
    pre-shared key local abcd
    pre-shared key remote abcd
    Profile of crypto ikev2 ki2. TEACHER
    match one address remote identity 2.2.2.2 255.255.255.255
    address local identity 4.4.4.4
    sharing front of remote authentication
    sharing of local meadow of authentication
    door-key local KR1
     
    (2) Transformset

    Crypto ipsec transform-set TS. VPN2, esp esp - aes hmac-sha256-256
    tunnel mode

    (3) access-list

    IP ACL extended access list. VPNIKE2
    IP 192.168.31.0 allow 0.0.0.255 192.168.10.0 0.0.0.255
    IP 192.168.38.0 allow 0.0.0.255 192.168.15.0 0.0.0.255
     
    (5) crypto card

    crypto CM card. 30 VPN ipsec-isakmp
    defined peer 2.2.2.2
    the transform-set TS value. VPN2
    group14 Set pfs
    ki2 ikev2-profile value. TEACHER
    match address ACL. VPNIKE2
     
    //////////////////////////////////////////////////////////////////////

    This configuration is correct to allow both subnets on each side of the VPN tunnel to communicate with each other.

    192.168.31.0 subnet cannot communicate with 192.168.10.0
    192.168.38.0 subnet cannot communicate with 192.168.15.0

    Hello Jay,

    I went during the configuration of the two aircraft and noticed a few errors on the configuration of the SAA. Details here:

    (1) the access list configured for VPN traffic is named ACL_STSVPN-US, however the address for correspondence configured on the map encryption uses a group of objects name instead:

    address for correspondence card crypto 10 CM - STSVPN STSVPN-US

    You must change this setting to avoid any problems with the negotiation of traffic:

    no matching address card crypto 10 CM-STSVPN STSVPN-US

    10 CM-STSVPN crypto card matches the address ACL_STSVPN-US

    (2) you also have the same error on the configured vpn filter. However, you could not use the access list ACL_STSVPN-United States for VPN filter since the ASA will filter incoming packets only. In this case the appropriate ACL will be configured for remote network (ROUTER) to local networks (ASA). It will look something like this:

    access-list VPN_filter extended permitted ip object-STSVPN-US group LOCAL STSVPN

    access-list VPN_filter extended permitted ip object-STSVPN-US group LOCAL STSVPN

    Group Policy attributes GrpPolicy-STSVPN-US
    VPN-Filter VPN_filter value

    Keep in mind that the VPN filter is in the rules that determine whether to allow or deny packets of data tunnelees coming through the device security, based on criteria such as the source, destination, and Protocol address address. If you want to use the IP Protocol, the filter will not make a difference.

    (3) group 14 of the PFS is configured on the router crypto map, but not on the SAA. You need to even add it in the card encryption ASA or remove it from the router.

    ASA:

    card crypto 10 CM-STSVPN set group14 pfs

    Router:

    crypto CM card. 30 VPN ipsec-isakmp

    No group14 set pfs

    Hope this help you to raise the tunnel,

    Luis.

  • several subnets by VLANS and ports link

    Hello

    I need some clarification.

    Our iSCSI SAN storage (Dell MD3660i0 requires a separate subnet by port.

    We require paths multiple access and balancing in VMware.

    To achieve this in ESXi 5.1 we need binding ports... BUT the binding of ports is supported only if the vmks are all in the SAME domain in accordance with these two KBs broadcasting

    VMware KB: Considerations for use binding software iSCSI ports in ESX/ESXi

    VMware KB: When the use of several VMkernel ports with port required to access the storage of two or more tables on different br...

    OK... probably so I simply put my all subnets in ISCSI storage in one VLAN and everything will be ok (one VLAN is after all a broadcast domain, both are stuff of L2)... This would respond to the requirements of KBs... If VMware means "area of distribution" in the true sense of the term.

    So my question is can you configure the port in this way binding? It is supported by VMware?

    VMware has come back to me (in fact the author of one of the kb/s I've referenced)

    http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=2038869

    He confirmed that the terminology used in the KB is misleading and "broadcast domain", it actually means "subnet" so not layer 3 layer 2.

    This means that you can NOT have multiple subnets in a broadcast domain (VLAN) AND use the SW iSCSI port binding.

    BUT

    He told me (he is very familiar with the Dell MD3660i iSCSI kit), you don't have to have binding of ports to achieve several Multipathing and load balancing. If you have a requirement for several subnets of your iSCSI SAN provider then just create multiple vmks on different subnets, and DO NOT make the port binding. The fact that they are on different subnets will be enough to achieve the multiple paths

    It updates the KB to make this much clearer.

    I hope this helps someone

Maybe you are looking for

  • Publish a Podcast

    I created my first Podcast using Garageband. It seems very well.  How do I publish it on iTunes? I created the RSS feed using my Sound Cloud account.  When I download it says that it is not the right type of file.  I must make files AIFF, WAVE (WAV),

  • I seem to have two versions of numbers?

    Can anyone help be kind this please. I have two numbers of icons in the system tray. Don't know how to tell my Mac to get rid of the old version because I think that it is still using the default. Any help much appreciated. Execution Elcapitan btw on

  • loud beeping noise on ideapad y650

    There is a horrible, loud beep which occurs whenever I plug the power chord or the battery is low. These two events occur often, so noise is not something that I can easily ignore. I went into the control panel and off all system sounds, but apparent

  • LaserJet P1102w: Printer does not print more than 2 pages

    After I've upgraded to Windows 10, I noticed that my printer would print no more than one page, even if several page were supposed to print. (I can't tell if this coincides directly with my move to Windows 10, because it seems that the problem did no

  • My clock lost blackBerry smartphones

    I'm relatively new to the Blackberry Tour and today wanted to move my clock at a location more accessible and easier bedside mode. I had clicked on "move" and began to scroll and the clock disappeared.  I have not clicked Delete, nor was I invited wi