This feature enables you to control up to WLANs for lightweight access points. Each WLAN has a separate WLAN ID, a separate profile name, and a WLAN SSID. All controllers publish up to 16 WLANs to each connected access point, but you can create up to the maximum number of WLANs supported and then selectively publish these WLANs (using access point groups) to different access points to better manage your wireless network.
You can configure WLANs with different SSIDs or with the same SSID. An SSID identifies the specific wireless network that you want the controller to access.
You can associate up to 16
WLANs with each access point group and assign specific access points to each
group. Each access point advertises only the enabled WLANs that belong to its
access point group. The access point (AP) does not advertise disabled WLANs in
its access point group or WLANs that belong to another group.
We recommend that you assign
one set of VLANs for WLANs and a different set of VLANs for management
interfaces to ensure that
properly route VLAN traffic.
When you change the WLAN profile name, then FlexConnect APs (using
AP-specific VLAN mapping) will become WLAN-specific. If FlexConnect Groups are
properly configured, the VLAN mapping will become Group-specific.
Peer-to-peer blocking does not apply to multicast traffic.
The WLAN name and SSID can
have up to 32 characters. Spaces are not allowed in the WLAN profile name and
name cannot be a keyword; for example, if you try to create a WLAN with the
name as 's' by entering the
wlan s command,
it results in shutting down all WLANs because 's' is used as a keyword for
You cannot map a WLAN to
VLAN0, and you cannot map VLANs 1002 to 1006.
Dual stack clients with a
static-IPv4 address is not supported.
When creating a WLAN with the
same SSID, you must create a unique profile name for each WLAN.
All OfficeExtend access
points should be in the same access point group, and that group should contain
no more than 15 WLANs. A controller with OfficeExtend access points in an
access point group publishes only up to 15 WLANs to each connected OfficeExtend
access point because it reserves one WLAN for the personal SSID.
The Cisco Flex
7500 Series Controller does not support the 802.1X security variants on a
centrally switched WLAN. For example, the following configurations are not
allowed on a centrally switched WLAN:
WPA1/WPA2 with 802.1X AKM
WPA1/WPA2 with CCKM
Splash WEB page redirect
If you want to configure your
WLAN in any of the above combinations, the WLAN must be configured to use local
If you configured your WLAN
with EAP Passthrough and if you downgrade to an earlier controller version, you
might encounter XML validation errors during the downgrade process. This
problem is because EAP Passthrough is not supported in earlier releases. The
configuration will default to the default security settings (WPA2/802.1X).
The OEAP 600 Series access
point supports a maximum of two WLANs and one remote LAN. If you have
configured more than two WLANs and one remote LAN, you can assign the 600
Series access point to an AP group. The support for two WLANs and one remote
LAN still applies to the AP Group If the 600 Series OEAP is in the default
group, the WLAN or remote LAN IDs must be lower than 8.
Profile name of
WLAN can be of max 31 characters for a locally switched WLAN. For central
switched WLAN, the profile name can be of 32 characters.
When multiple WLANs with the
same SSID get assigned to the same AP radio, you must have a unique Layer 2
security policy so that clients can safely select between them.
WLAN is local switching, associate the client to local-switching WLAN where AVC
is enabled. Send some traffic from client, when you check the AVC stats after
90 sec. Cisco WLC shows stats under top-apps but does not show under client.
There is timer issue so for the first slot Cisco WLC might not show stats for
the clients .Earlier only 1 sec stats for a client is seen if the timers at AP
and at WLC are off by 89 seconds. Now clearing of the stats is after 180
seconds so stats from 91 secs to 179 secs for a client is seen. This is done
since two copies of the stats per client cannot be kept due to memory
constraint in 5500.
Some clients might not be
able to connect to WLANs properly if they detect the same SSID with multiple
security policies. Use this feature with care.