How to dynamically assign VLAN ID to different users on same same SSID when using FlexConnect

Many wireless setups uses one SSID, where a range of different users are assigned different VLAN IDs depending on a number of criteria, such as department, geo-location and so forth.
But when using Cisco FlexConnect, the setup is somewhat “hidden”.
An example of such a setup is shown below:

Drawing1

One of the pre-requisits for FlexConnect to work, is that the VLAN is pre-created on the AP the user connect to.
This configuration can be done either on the AP or FlexConnect group.

What trips most people is that the WLAN-VLAN mapping only allows for one VLAN per SSID, such as shown below

WLAN-vlan-mapping-1

WLAN-vlan-mapping-2

In order to pre-create multiple VLANs for any given access point, you need to use ACL-mapping (Not very intuitive, but still) as shown below.

Flexconnect-ACL

If the Access Point is SSH-enabled, you can write “show interfaces summary” and see that subinterfaces has been created for your VLAN.

AP-sub-IF

Now, just remember to add the correct VLANs on the switch trunk and your set!

Download as PDF
5.00 avg. rating (99% score) - 1 vote

Author: Gos

Have been working in the IT business since 2003 and have had network and security as field of focus since 2008.

Leave a Reply

Your email address will not be published. Required fields are marked *