Configure Flexconnect VLAN Mappings on Mobility Express Controllers

Introduction

This document describes the steps to configure flexconnect VLAN mappings at the Access Point (AP) and flexconnect group level.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• Cisco Mobility Express deployment and basic configuration.
• Flexconnect configuration on the WLC

Components Used

The information in this document is based on these software and hardware versions:

• The Cisco 2802 AP that runs software Release 8.5.
• 2802 AP's that runs in flexconnect mode.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Note: On a mobility express Wireless LAN Controller (WLC), the VLAN related configuration can be done at the AP or at the flexconnect group level. It is recommended to apply the configuration at the flexconnect group level unless a few AP's need to have a different configuration.

Configure

VLAN Mappings at Flexconnect Group Level

On the mobility express there is only one flexconnect group which is called the default-flexgroup. All AP's by default are added to this group.

Step 1. You first need to configure VLAN tagging support on the AP. This can be done with the command config flexconnect group group_name vlan enable.

For ex:
 
(Mobility_Express) >config flexconnect group default-flexgroup vlan enable  

Note: VLAN support can be disabled as well, which deletes all the group level WLAN-vlan and vlan acl mappings on the AP. The command to do this is config flexconnect group default-flexgroup vlan disable.

Step 2. When you add VLAN support, native VLAN on the AP defaults to 1. This can be changed with the command config flexconnect group default-flexgroup vlan native vlan_id.

(Mobility_Express) >config flexconnect group default-flexgroup vlan native 10
 

Step 3. In order to add a VLAN mapping to the Service Set Identifier (SSID), you need to use this command config flexconnect group group_name wlan-vlan wlan wlan_id add vlan vlan_id.

For example:
(Mobility_Express) >config flexconnect group default-flexgroup wlan-vlan wlan 2 add vlan 20
 

This adds a mapping of VLAN 20 for SSID number 2. You can verify if the mappings are pushed to the AP, run the command show ap config general AP_name:

(Mobility_Express) >show ap config general AP00A3.8EFA.DC16
 
Cisco AP Identifier.............................. 4
Cisco AP Name.................................... AP00A3.8EFA.DC16
<output clipped>
Native Vlan Inheritance: ........................ Group
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 1 :........................................ 15 (Group-Specific)
WLAN 2 :........................................ 20 (Group-Specific) -----This shows that a group specific config of VLAN 20 has been applied to WLAN 2.

The native VLAN and group level WLAN-VLAN configuration can also be pushed with the GUI. You can navigate to Wireless Settings > WLANs > Edit WLAN > VLAN & Firewall. The Use VLAN Tagging option must be changed to Yes as shown in the image.

In order to delete the WLAN-VLAN configuration use the command config flexconnect group default-flexgroup wlan-vlan wlan wlan_id delete.

For ex:
(Mobility_Express) >config flexconnect group default-flexgroup wlan-vlan wlan 2 delete
 

Step 4. (optional) If there are ACL's that need to be configured for a particular VLAN this can be done with the command config flexconnect group default-flexgroup vlan add vlan_id acl in-aclname out-aclname.

For ex:
(Mobility_Express) >config flexconnect group default-flexgroup vlan add 30 acl acl_in acl_out 

This can be verified with the command show flexconnect group detail default-flexgroup

(Mobility_Express) >show flexconnect group detail default-flexgroup
 
Number of AP's in Group: 3 
<output clipped>
 
Vlan :........................................... 30
Ingress ACL :................................... acl_in
Egress ACL :.................................... acl_out

You can also verify if the ACL's are pushed to the AP's with the command show ap config general ap_name

(Mobility_Express) >show ap config general AP00A3.8EFA.DC16 
 
Cisco AP Identifier.............................. 4
Cisco AP Name.................................... AP00A3.8EFA.DC16
<Output clipped>
 
Group VLAN ACL Mappings
 
 
Vlan :........................................... 30
Ingress ACL :................................... acl_in
Egress ACL :.................................... acl_out
 

VLAN Mappings at AP Level

Step 1. You first need to configure VLAN tagging support on the AP. This can be done with the command config ap flexconnect vlan enabled ap_name:

(Mobility_Express) >config ap flexconnect vlan enable APA0EC.F96C.E348

If overide-ap option is set to enabled, then you get this error:

Request failed: Override flag is enabled at the flexconnect group.

The overide-ap option overides any AP specific configuration and it lets only the flex group config to take into effect. In order to fix this, you first need to disable the overide-ap option with the command config flexconnect group default-flexgroup vlan override-ap disable. Once this is done you can make the AP specific config.

Step 2. You can modify the native VLAN config if necessary with the command config ap flexconnect vlan native vlan_id ap_name.

For ex:
(Mobility_Express) >config ap flexconnect vlan native 1 APA0EC.F96C.E348

Step 3. You can now configure the VLAN-WLAN mapping with the command config ap flexconnect vlan wlan wlan_id vlan_id ap-name.

For ex:
(Mobility_Express) >config ap flexconnect vlan wlan 3 22 APA0EC.F96C.E348

You can verify that AP specific VLAN config has been mapped to the AP with command show ap config general ap_name.

For ex:
(Mobility_Express) >show ap config general APA0EC.F96C.E348
 
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... APA0EC.F96C.E348
<output clipped>
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 1 :........................................ 15 (Group-Specific)
WLAN 2 :........................................ 20 (Group-Specific)
WLAN 3 :........................................ 22 (AP-Specific)   ----WLAN 3 config is AP specific
 

This WLAN-VLAN mapping can also be removed with the command config ap flexconnect vlan remove wlan wlan_id ap_name.

For ex:
(Mobility_Express) >config ap flexconnect vlan remove wlan 3 APA0EC.F96C.E348

Step 4. (optional) If there is a requirement to configure VLAN ACL, at a AP level, it can be done with the command config ap flexconnect vlan add vlan_id acl in-aclname out-aclname ap_name.

For ex:
 
(Mobility_Express) >config ap flexconnect vlan add 22 acl acl_in acl_out APA0EC.F96C.E348
 
This can be verified with the show ap config general command as shown here:

(Mobility_Express) >show ap config general APA0EC.F96C.E348
 
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... APA0EC.F96C.E348
<output clipped>
FlexConnect VLAN ACL Mappings
Vlan :........................................... 22
Ingress ACL :................................... acl_in
Egress ACL :.................................... acl_out
 

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.