Cisco Wireless LAN Controller Configuration Guide, Release 7.4
Configuring VLAN Select
Downloads: This chapterpdf (PDF - 1.2 MB) The complete bookPDF (PDF - 17.94 MB) | Feedback

Configuring VLAN Select

Configuring VLAN Select

Information About VLAN Select

Whenever a wireless client connects to a wireless network (WLAN), the client is placed in a VLAN that is associated with the WLAN. In a large venue such as an auditorium, a stadium, or a conference where there may be numerous wireless clients, having only a single WLAN to accommodate many clients might be a challenge.

The VLAN select feature enables you to use a single WLAN that can support multiple VLANs. Clients can get assigned to one of the configured VLANs. This feature enables you to map a WLAN to a single or multiple interface VLANs using interface groups. Wireless clients that associate to the WLAN get an IP address from a pool of subnets identified by the interfaces. The IP address is derived by an algorithm based on the MAC address of the wireless client. This feature also extends the current AP group architecture where AP groups can override an interface or interface group to which the WLAN is mapped to, with multiple interfaces using the interface groups. This feature also provides the solution to auto anchor restrictions where a wireless guest user on a foreign location can get an IP address from multiple subnets based on their foreign locations or foreign controllers from the same anchor controller.

When a client roams from one controller to another, the foreign controller sends the VLAN information as part of the mobility announce message. Based on the VLAN information received, the anchor decides whether the tunnel should be created between the anchor controller and the foreign controller. If the same VLAN is available on the foreign controller, the client context is completely deleted from the anchor and the foreign controller becomes the new anchor controller for the client.

If an interface (int-1) in a subnet is untagged in one controller (Vlan ID 0) and the interface (int-2) in the same subnet is tagged to another controller (Vlan ID 1), then with the VLAN select, client joining the first controller over this interface may not undergo an L2 roam while it moves to the second controller. Hence, for L2 roaming to happen between two controllers with VLAN select, all the interfaces in the same subnet should be either tagged or untagged.

As part of the VLAN select feature, the mobility announce message carries an additional vendor payload that contains the list of VLAN interfaces in an interface group mapped to a foreign controller’s WLAN. This VLAN list enables the anchor to differentiate from a local to local or local to foreign handoff.

Restrictions for Configuring VLAN Select

  • The VLAN select feature enables you to use a single WLAN that can support multiple VLANs.

Configuring Interface Groups

Information About Interface Groups

Interface groups are logical groups of interfaces. Interface groups facilitate user configuration where the same interface group can be configured on multiple WLANs or while overriding a WLAN interface per AP group. An interface group can exclusively contain either quarantine or nonquarantine interfaces. An interface can be part of multiple interface groups.

A WLAN can be associated with an interface or interface group. The interface group name and the interface name cannot be the same.

This feature also enables you to associate a client to specific subnets based on the foreign controller that they are connected to. The anchor controller WLAN can be configured to maintain a mapping between foreign controller MAC and a specific interface or interface group (Foreign maps) as needed. If this mapping is not configured, clients on that foreign controller gets VLANs associated in a round robin fashion from interface group configured on WLAN.

You can also configure AAA override for interface groups. This feature extends the current access point group and AAA override architecture where access point groups and AAA override can be configured to override the interface group WLAN that the interface is mapped to. This is done with multiple interfaces using interface groups.

This feature enables network administrators to configure guest anchor restrictions where a wireless guest user at a foreign location can obtain an IP address from multiple subnets on the foreign location and controllers from within the same anchor controller.

Controller marks VLAN as dirty when the clients are unable to receive IP address using DHCP. The VLAN interface is marked as dirty based on two methods:

Aggressive Method—When only one failure is counted per association per client and controller marks VLAN as dirty interface when a failure occurs three times for a client or for three different clients.

Non-Aggressive Method—When only one failure is counted per association per client and controller marks VLAN as a dirty interface only when three or more clients fail.

Restrictions for Configuring Interface Groups

  • The priority order for configuring VLAN interface select for WLAN is:

    • AAA override

    • AP group

    • DHCP server override

    • Interface group

  • While you configure VLAN-ACL mapping using the native VLAN identifier as part of Flex group configuration, the ACL mapping does not take place. However, if you use the same VLAN to configure ACL mapping at the access point level, the configuration is allowed.

Creating Interface Groups (GUI)

    Step 1   Choose Controller > Interface Groups.

    The Interface Groups page appears with the list of interface groups already created.


    To remove an interface group, hover your mouse pointer over the blue drop-down icon and choose Remove.

    Step 2   Click Add Group.

    The Add New Interface Group page appears.

    Step 3   Enter the details of the interface group:
    • Interface Group Name—Specify the name of the interface group.

    • Description—Add a brief description of the interface group.

    Step 4   Click Add.

    Creating Interface Groups (CLI)

    • config interface group {create | delete} interface_group_name—Creates or deletes an interface group

    • config interface group description interface_group_name description—Adds a description to the interface group

    Adding Interfaces to Interface Groups (GUI)

      Step 1   Choose Controller > Interface Groups.

      The Interface Groups page appears with a list of all interface groups.

      Step 2   Click the name of the interface group to which you want to add interfaces.

      The Interface Groups > Edit page appears.

      Step 3   Choose the interface name that you want to add to this interface group from the Interface Name drop-down list.
      Step 4   Click Add Interface to add the interface to the Interface group.
      Step 5   Repeat Steps 2 and 3 if you want to add multiple interfaces to this interface group.

      To remove an interface from the interface group, hover your mouse pointer over the blue drop-down arrow and choose Remove.

      Adding Interfaces to Interface Groups (CLI)

      To add interfaces to interface groups, use the config interface group interface add interface_group interface_name command.

      Viewing VLANs in Interface Groups (CLI)

      To view a list of VLANs in the interface groups, use the show interface group detailed interface-group-name command.

      Adding an Interface Group to a WLAN (GUI)

        Step 1   Choose the WLAN tab.

        The WLANs page appears listing the available WLANs.

        Step 2   Click the WLAN ID of the WLAN to which you want to add the interface group.
        Step 3   In the General tab, choose the interface group from the Interface/Interface Group (G) drop-down list.
        Step 4   Click Apply.

        Suppose that the interface group that you add to a WLAN has RADIUS Server Overwrite interface enabled. In this case, when a client requests for authentication, the controller selects the first IP address from the interface group as the RADIUS server.

        Adding an Interface Group to a WLAN (CLI)

        To add an interface group to a WLAN, enter the config wlan interface wlan_id interface_group_name command.