Cisco Wireless LAN Controller Configuration Guide, Release 7.4
Configuring Remote LANs
Downloads: This chapterpdf (PDF - 1.19 MB) The complete bookPDF (PDF - 17.94 MB) | Feedback

Configuring Remote LANs

Configuring Remote LANs

Prerequisites for Configuring Remote LANs

  • You must remove all remote LANs from a controller's configuration before moving to a release that does not support the remote LAN functionality. The remote LAN changes to a WLAN in earlier releases, which could cause an undesirable or unsecured WLAN being broadcast on the wireless network. Remote LAN is only supported in release and later.

  • Remote LAN can be applied on a dedicated LAN port on an OEAP 600 series access point.

Restrictions for Configuring Remote LANs

  • Only four clients can connect to an OEAP 600 series access point through a remote LAN port. This number does not affect the fifteen WLAN limit imposed for the controller WLANs. The remote LAN client limit supports connecting a switch or hub to the remote LAN port for multiple devices or connecting directly to a Cisco IP phone that is connected to that port. Only the first four devices can connect until one of the devices is idle for more than one minute.

  • It is not possible to configure 802.1X on remote LANs through the controller GUI; configuration only through CLI is supported.

Information About Remote LANs

This section describes how to configure remote LANs.

Configuring a Remote LAN (GUI)

    Step 1   Choose WLANs to open the WLANs page.

    This page lists all of the WLANs and remote LANs currently configured on the controller. For each WLAN, you can see its WLAN/remote LAN ID, profile name, type, SSID, status, and security policies.

    The total number of WLANs/Remote LANs appears in the upper right-hand corner of the page. If the list of WLANs/Remote LANs spans multiple pages, you can access these pages by clicking the page number links.


    If you want to delete a Remote LAN, hover your cursor over the blue drop-down arrow for that WLAN and choose Remove, or select the check box to the left of the row, choose Remove Selected from the drop-down list, and click Go. A message appears asking you to confirm your decision. If you proceed, the remote LAN is removed from any access point group to which it is assigned and from the access point’s radio.

    Step 2   Create a new Remote-LAN by choosing Create New from the drop-down list and clicking Go. The WLANs > New page appears.
    Step 3   From the Type drop-down list, choose Remote LAN to create a remote LAN.
    Step 4   In the Profile Name text box, enter up to 32 alphanumeric characters for the profile name to be assigned to this Remote WLAN. The profile name must be unique.
    Step 5   From the WLAN ID drop-down list, choose the ID number for this WLAN.
    Step 6   Click Apply to commit your changes. The WLANs > Edit page appears.

    You can also open the WLANs > Edit page from the WLANs page by clicking the ID number of the WLAN that you want to edit.

    Step 7   Use the parameters on the General, Security, and Advanced tabs to configure this remote LAN. See the sections in the rest of this chapter for instructions on configuring specific features.
    Step 8   On the General tab, select the Status check box to enable this remote LAN. Be sure to leave it unselected until you have finished making configuration changes to the remote LAN.

    You can also enable or disable remote LANs from the WLANs page by selecting the check boxes to the left of the IDs that you want to enable or disable, choosing Enable Selected or Disable Selected from the drop-down list, and clicking Go.

    Step 9   Click Apply to commit your changes.
    Step 10   Click Save Configuration to save your changes.

    Configuring a Remote LAN (CLI)

    • See the current configuration of the remote LAN by entering this command:

      show remote-lan remote-lan-id

    • Enable or disable remote LAN by entering this command:

      config remote-lan {enable | disable} remote-lan-id

    • Enable or disable 802.1X authentication for remote LAN by entering this command:

      config remote-lan security 802.1X {enable | disable} remote-lan-id


      The encryption on a remote LAN is always “none.”

    • Enable or disable local EAP with the controller as an authentication server, by entering this command:

      config remote-lan local-auth enable profile-name remote-lan-id

    • If you are using an external AAA authentication server, use the following command:

      config remote-lan radius_server auth {add | delete} remote-lan-id server id

      config remote-lan radius_server auth {enable | disable} remote-lan-id