This feature enables you to control up to WLANs for lightweight access points. Each WLAN has a separate WLAN ID, a separate profile name, and a WLAN SSID. All controllers publish up to 16 WLANs to each connected access point, but you can create up to the maximum number of WLANs supported and then selectively publish these WLANs (using access point groups) to different access points to better manage your wireless network.
You can configure WLANs with different SSIDs or with the same SSID. An SSID identifies the specific wireless network that you want the controller to access.
You can associate up to 16 WLANs with each access
point group and assign specific access points to
each group. Each access point advertises only the
enabled WLANs that belong to its access point
group. The access point (AP) does not advertise
disabled WLANs in its access point group or WLANs
that belong to another group.
We recommend that you assign one set of VLANs for WLANs and a different set of VLANs for management interfaces to ensure that controllers properly route VLAN traffic.
The controller uses different attributes to differentiate between WLANs with the same Service Set Identifier (SSID).
WLANs with the same SSID and same Layer 2 policy cannot be created if the WLAN ID is lower than 17.
Two WLANs with IDs that are greater than 17 and that have the same SSID and same Layer 2 policy is allowed if WLANs are added in different AP groups.
This requirement ensures that clients never detect the SSID present on the same access point radio.
Peer-to-peer blocking does not apply to multicast traffic.
The WLAN name and SSID can
have up to 32 characters. Spaces are not allowed in the WLAN profile name and
WLAN name cannot be a keyword; for
example, if you try to create a WLAN with the name as 's' by entering the
wlan s command, it results in shutting
down all WLANs because 's' is used as a keyword for shutdown.
You cannot map a WLAN to
VLAN0, and you cannot map VLANs 1002 to 1006.
Dual stack clients with a
static-IPv4 address is not supported.
When creating a WLAN with the
same SSID, you must create a unique profile name for each WLAN.
All OfficeExtend access
points should be in the same access point group, and that group should contain
no more than 15 WLANs. A controller with OfficeExtend access points in an
access point group publishes only up to 15 WLANs to each connected OfficeExtend
access point because it reserves one WLAN for the personal SSID.
The Cisco Flex
7500 Series Controller does not support the 802.1X security variants on a
centrally switched WLAN. For example, the following configurations are not
allowed on a centrally switched WLAN:
WPA1/WPA2 with 802.1X AKM
WPA1/WPA2 with CCKM
Splash WEB page redirect
If you want to configure your
WLAN in any of the above combinations, the WLAN must be configured to use local
If you configured your WLAN
with EAP Passthrough and if you downgrade to an earlier controller version, you
might encounter XML validation errors during the downgrade process. This
problem is because EAP Passthrough is not supported in earlier releases. The
configuration will default to the default security settings (WPA2/802.1X).
The OEAP 600 Series access
point supports a maximum of two WLANs and one remote LAN. If you have
configured more than two WLANs and one remote LAN, you can assign the 600
Series access point to an AP group. The support for two WLANs and one remote
LAN still applies to the AP Group If the 600 Series OEAP is in the default
group, the WLAN or remote LAN IDs must be lower than 8.
Profile name of
WLAN can be of max 31 characters for a locally switched WLAN. For central
switched WLAN, the profile name can be of 32 characters.
When multiple WLANs with the
same SSID get assigned to the same AP radio, you must have a unique Layer 2
security policy so that clients can safely select between them.
Some clients might not be
able to connect to WLANs properly if they detect the same SSID with multiple
security policies. Use this feature with care.