This feature enables you to control up to WLANs for lightweight access points. Each WLAN has a separate WLAN ID, a separate profile name, and a WLAN SSID. All controllers publish up to 16 WLANs to each connected access point, but you can create up to the maximum number of WLANs supported and then selectively publish these WLANs (using access point groups) to different access points to better manage your wireless network.
You can configure WLANs with different SSIDs or with the same SSID. An SSID identifies the specific wireless network that you want the controller to access.
You can associate up to 16
WLANs with each access point group and assign specific access points to each
group. Each access point advertises only the enabled WLANs that belong to its
access point group. The access point (AP) does not advertise disabled WLANs in
its access point group or WLANs that belong to another group.
We recommend that you assign
one set of VLANs for WLANs and a different set of VLANs for management
interfaces to ensure that
properly route VLAN traffic.
Peer-to-peer blocking does not apply to multicast traffic.
The WLAN name and SSID can
have up to 32 characters. Spaces are not allowed in the WLAN profile name and
WLAN name cannot be a keyword; for
example, if you try to create a WLAN with the name as 's' by entering the
wlan s command, it results in shutting
down all WLANs because 's' is used as a keyword for shutdown.
You cannot map a WLAN to
VLAN0, and you cannot map VLANs 1002 to 1006.
Dual stack clients with a
static-IPv4 address is not supported.
When creating a WLAN with the
same SSID, you must create a unique profile name for each WLAN.
All OfficeExtend access
points should be in the same access point group, and that group should contain
no more than 15 WLANs. A controller with OfficeExtend access points in an
access point group publishes only up to 15 WLANs to each connected OfficeExtend
access point because it reserves one WLAN for the personal SSID.
The Cisco Flex
7500 Series Controller does not support the 802.1X security variants on a
centrally switched WLAN. For example, the following configurations are not
allowed on a centrally switched WLAN:
WPA1/WPA2 with 802.1X AKM
WPA1/WPA2 with CCKM
Splash WEB page redirect
If you want to configure your
WLAN in any of the above combinations, the WLAN must be configured to use local
If you configured your WLAN
with EAP Passthrough and if you downgrade to an earlier controller version, you
might encounter XML validation errors during the downgrade process. This
problem is because EAP Passthrough is not supported in earlier releases. The
configuration will default to the default security settings (WPA2/802.1X).
The OEAP 600 Series access
point supports a maximum of two WLANs and one remote LAN. If you have
configured more than two WLANs and one remote LAN, you can assign the 600
Series access point to an AP group. The support for two WLANs and one remote
LAN still applies to the AP Group If the 600 Series OEAP is in the default
group, the WLAN or remote LAN IDs must be lower than 8.
Profile name of
WLAN can be of max 31 characters for a locally switched WLAN. For central
switched WLAN, the profile name can be of 32 characters.
When multiple WLANs with the
same SSID get assigned to the same AP radio, you must have a unique Layer 2
security policy so that clients can safely select between them.
Some clients might not be
able to connect to WLANs properly if they detect the same SSID with multiple
security policies. Use this feature with care.