How to dynamically assign VLAN ID to different users on same same SSID when using FlexConnect

Many wireless setups uses one SSID, where a range of different users are assigned different VLAN IDs depending on a number of criteria, such as department, geo-location and so forth.
But when using Cisco FlexConnect, the setup is somewhat “hidden”.
An example of such a setup is shown below:


One of the pre-requisits for FlexConnect to work, is that the VLAN is pre-created on the AP the user connect to.
This configuration can be done either on the AP or FlexConnect group.

What trips most people is that the WLAN-VLAN mapping only allows for one VLAN per SSID, such as shown below



In order to pre-create multiple VLANs for any given access point, you need to use ACL-mapping (Not very intuitive, but still) as shown below.


If the Access Point is SSH-enabled, you can write “show interfaces summary” and see that subinterfaces has been created for your VLAN.


Now, just remember to add the correct VLANs on the switch trunk and your set!

5.00 avg. rating (99% score) - 1 vote

Leave a Reply

Your email address will not be published. Required fields are marked *