Cisco Wireless LAN Controller Configuration Guide, Release 7.4
Downloads: This chapterpdf (PDF - 1.11 MB) The complete bookPDF (PDF - 17.94 MB) | Feedback



Information About WLANs

This feature enables you to control up to WLANs for lightweight access points. Each WLAN has a separate WLAN ID, a separate profile name, and a WLAN SSID. All controllers publish up to 16 WLANs to each connected access point, but you can create up to the maximum number of WLANs supported and then selectively publish these WLANs (using access point groups) to different access points to better manage your wireless network.

You can configure WLANs with different SSIDs or with the same SSID. An SSID identifies the specific wireless network that you want the controller to access.

Prerequisites for WLANs

  • You can associate up to 16 WLANs with each access point group and assign specific access points to each group. Each access point advertises only the enabled WLANs that belong to its access point group. The access point (AP) does not advertise disabled WLANs in its access point group or WLANs that belong to another group.

  • We recommend that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic.

Restrictions for WLANs

  • Peer-to-peer blocking does not apply to multicast traffic.

  • The WLAN name and SSID can have up to 32 characters. Spaces are not allowed in the WLAN profile name and SSID. WLAN name cannot be a keyword; for example, if you try to create a WLAN with the name as 's' by entering the wlan s command, it results in shutting down all WLANs because 's' is used as a keyword for shutdown.
  • You cannot map a WLAN to VLAN0, and you cannot map VLANs 1002 to 1006.
  • Dual stack clients with a static-IPv4 address is not supported.
  • When creating a WLAN with the same SSID, you must create a unique profile name for each WLAN.
  • All OfficeExtend access points should be in the same access point group, and that group should contain no more than 15 WLANs. A controller with OfficeExtend access points in an access point group publishes only up to 15 WLANs to each connected OfficeExtend access point because it reserves one WLAN for the personal SSID.

  • The Cisco Flex 7500 Series Controller does not support the 802.1X security variants on a centrally switched WLAN. For example, the following configurations are not allowed on a centrally switched WLAN:
    • WPA1/WPA2 with 802.1X AKM

    • WPA1/WPA2 with CCKM

    • Dynamic-WEP

    • Conditional webauth

    • Splash WEB page redirect

    • If you want to configure your WLAN in any of the above combinations, the WLAN must be configured to use local switching.

  • If you configured your WLAN with EAP Passthrough and if you downgrade to an earlier controller version, you might encounter XML validation errors during the downgrade process. This problem is because EAP Passthrough is not supported in earlier releases. The configuration will default to the default security settings (WPA2/802.1X).


    The OEAP 600 Series access point supports a maximum of two WLANs and one remote LAN. If you have configured more than two WLANs and one remote LAN, you can assign the 600 Series access point to an AP group. The support for two WLANs and one remote LAN still applies to the AP Group If the 600 Series OEAP is in the default group, the WLAN or remote LAN IDs must be lower than 8.

  • Profile name of WLAN can be of max 31 characters for a locally switched WLAN. For central switched WLAN, the profile name can be of 32 characters.

  • When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.


Some clients might not be able to connect to WLANs properly if they detect the same SSID with multiple security policies. Use this feature with care.