Hi list, If I may ask for your advice, I have a Cisco 5508 WLC. Need to use it to manage APs at multiple buildings which I plan on doing using AP Groups. I understand that if I have one SSID mapped to one VLAN I can do it within the AP group and all is well. In my case, I have to provide a single SSID, but be able to assign clients into vlans based on their credentials. ACS 5.2 takes care of that with Tunnel-Private-Group-ID. Currently, I only have it managing one building, so the problem is only looming, but need to start converting my fat APs to LWAPs in other places. That means "way more clients than I can fit into a /24 or even a /23". The way I have it configured right now is as follows: 1. I have interfaces created in the WLC with names corresponding to the value that gets sent in Tunnel-Private-Group-ID (this is done because there are multiple controllers, but I can adjust to a tag instead. Though I don't think this will help in my case) 2. I have these interfaces grouped into an interface group. 3. I have the WLAN created and mapped to the interface group (which I'm pretty sure is not important, since AP group overrides this) 4. I have an AP Group with my APs in just this one building and that has that very same WLAN mapped to the same interface group mentioned above 5. ACS sends back the interface name in Tunnel-Private-Group-ID and the client gets placed into an appropriate vlan based on client's credentials Now the issue 1. I need to add other buildings full of APs, so I'm guessing more AP groups (one per building) 2. If I map the next new AP group to the same interface group it will work and the clients will get placed into the same vlans as the clients above 3. The issue is that at some point I will exhaust the DHCP scopes. I'm thinking that somehow I need to be able to place clients into an appropriate vlan based no only on credentials but also on location (that is building). What I can't find is how to match clients based on AP location in my WLC 7.0 + ACS 5.2 setup. The best I could come up with is tracking all AP's mac addresses and match Called-Station-ID based on those address, but that's a nightmare in my opinion. How do others do it? I would imaging there are some kind of "spill over" features that have to exist out there or some other technique Thanks, --Andrey
participants (1)
-
Andrey Khomyakov