Configuring VLAN Groups

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for VLAN Groups

  • A VLAN should be present in the device to be able to add it to the VLAN group.

  • For VLAN group to function properly, in addition to enabling DHCP snooping globally, you must ensure that DHCP snooping is enabled in all the VLANs.

Restrictions for VLAN Groups

The number of VLANs mapped to a VLAN group is not limited by Cisco IOS Software Release. But if the number of VLANs in a VLAN group exceed the recommended value of 32, the mobility behavior is unexpected and in the VLAN group, L2 multicast breaks for some VLANs. So it is the responsibility of the administrator to configure feasible number of VLANs in a VLAN group. When a VLAN is added to a VLAN group mapped to a WLAN which already has 32 VLANs, a warning is generated. But when a new VLAN group is mapped to a WLAN with more than 32 VLANs, an error is generated.

For expected behavior of the VLAN group, the VLANs mapped in the group must be present in the device. The static IP client behavior is not supported.

Information About VLAN Groups

Whenever a client connects to a wireless network (WLAN), the client is placed in a VLAN that is associated with the WLAN. In a large venue such as an auditorium, a stadium, or a conference room where there are numerous wireless clients, having only a single WLAN to accommodate many clients might be a challenge.

The VLAN group feature uses a single WLAN that can support multiple VLANs. The clients can get assigned to one of the configured VLANs. This feature maps a WLAN to a single VLAN or multiple VLANs using the VLAN groups. When a wireless client associates to the WLAN, the VLAN is derived by an algorithm based on the MAC address of the wireless client. A VLAN is assigned to the client and the client gets the IP address from the assigned VLAN. This feature also extends the current AP group architecture and AAA override architecture, where the AP groups and AAA override can override a VLAN or a VLAN group to which the WLAN is mapped.

Behavior change introduced in Cisco IOS XE Release 3.7.0E: When a client associates with a WLAN and the WLAN is applied to a VLAN group, an index is calculated based on the MAC address of the client and the number of VLANs in the VLAN group using a hash algorithm. Based on this index, a VLAN is assigned to the client. If the index is "dirty," another index is generated in a round-robin manner and the VLAN is assigned to the client based on the newly generated index.

The system marks VLAN as "dirty" for 30 minutes when the clients are unable to receive IP address using DHCP. The system might not clear the "dirty" flag from the VLAN even after 30 minutes for a VLAN group. This is expected behavior because the timestamp of each interface has to be checked to see if it is greater than 30 minutes, due to which there is a lag of 5 minutes for the global timer to expire.

How to Configure VLAN Groups

Creating VLAN Groups (CLI)

SUMMARY STEPS

  1. configure terminal
  2. vlan group WORD vlan-list vlan-ID
  3. end

DETAILED STEPS

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global command mode.
Step 2

vlan group WORD vlan-list vlan-ID

Example:

Device(config)#vlan group vlangrp1 vlan-list 91-95

Creates a VLAN group with the given group name (vlangrp1) and adds all the VLANs listed in the command. The VLAN list ranges from 1 to 4096 and the recommended number of VLANs in a group is 32.

Step 3

end

Example:

Device(config)#end

Exits the global configuration mode and returns to privileged EXEC mode. Alternatively, press CTRL-Z to exit the global configuration mode.

Removing VLAN Group (CLI)

SUMMARY STEPS

  1. configure terminal
  2. vlan group WORD vlan-list vlan-ID
  3. no vlan group WORD vlan-list vlan-ID
  4. end

DETAILED STEPS

Step 1

configure terminal

Example:

Device# configure terminal

Enters global command mode.
Step 2

vlan group WORD vlan-list vlan-ID

Example:

Device(config)#vlan group vlangrp1 vlan-list 91-95

Creates a VLAN group with the given group name (vlangrp1) and adds all the VLANs listed in the command. The VLAN list ranges from 1 to 4096 and the recommended number of VLANs in a group is 32.

Step 3

no vlan group WORD vlan-list vlan-ID

Example:

Device(config)#no vlan group vlangrp1 vlan-list 91-95

Removes the VLAN group with the given group name (vlangrp1).

Step 4

end

Example:

Device(config)#end

Exits the global configuration mode and returns to privileged EXEC mode. Alternatively, press CTRL-Z to exit the global configuration mode.

Adding a VLAN Group to WLAN (CLI)

SUMMARY STEPS

  1. configure terminal
  2. wlan WORD number
  3. client vlan WORD
  4. end

DETAILED STEPS

  Command or Action Purpose
Step 1

configure terminal

Example:

Device# configure terminal

Enters global command mode.
Step 2

wlan WORD number

Example:

Device(config)#wlan wlanname 512

Enables the WLAN to map a VLAN group using an identifier. The WLAN identifier values range from 1 to 512.
Step 3

client vlan WORD

Example:

Device(config-wlan)#client vlan vlangrp1

Maps the VLAN group to the WLAN by entering the VLAN identifier, VLAN group, or the VLAN name.
Step 4

end

Example:

Device(config-wlan)#end

Exits the global configuration mode and returns to privileged EXEC mode . Alternatively, press CTRL-Z to exit the global configuration mode.

Viewing VLANs in VLAN Groups (CLI)

Commands Description
show vlan group Displays the list of VLAN groups with its name and the VLANs that are available.
show vlan group group-name <group_name> Displays the specified VLAN group details.
show wireless vlan group <group_name> Displays the specified wireless VLAN group details.

Where to Go Next

After configuring VLAN groups, you can configure the following:

  • VLANs

  • VLAN Trunking Protocol (VTP)

  • VLAN trunks

  • Voice VLANs

Additional References

Related Documents

Related Topic Document Title

For complete syntax and usage information for the commands used in this chapter.

VLAN Command Reference (Catalyst 3850 Switches)

Layer 2/3 Command Reference (Catalyst 3850 Switches)

VLAN access-maps

Security Configuration Guide (Catalyst 3850 Switches)

Security Command Reference (Catalyst 3850 Switches)

VLAN and Mobility Agents

Mobility Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Cisco Flexible NetFlow

Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Flexible Netflow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

IGMP Snooping

IP Multicast Routing Command Reference (Catalyst 3850 Switches)

IP Multicast Routing Configuration Guide (Catalyst 3850 Switches)

IPv6

IPv6 Configuration Guide (Catalyst 3850 Switches)

IPv6 Command Reference (Catalyst 3850 Switches)

SPAN

Network Management Command Reference (Catalyst 3850 Switches)

Network Management Configuration Guide (Catalyst 3850 Switches)

Platform-independent configuration information

Identity Based Networking Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Error Message Decoder

Description Link

To help you research and resolve system error messages in this release, use the Error Message Decoder tool.

https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi

Standards and RFCs

Standard/RFC Title

RFC 1573

Evolution of the Interfaces Group of MIB-II

RFC 1757

Remote Network Monitoring Management

RFC 2021

SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2

MIBs

MIB MIBs Link

All supported MIBs for this release.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/support

Feature History and Information for VLAN Groups

Release

Modification

Cisco IOS XE 3.2E

This feature was introduced

Cisco IOS XE 3.3SE

VLAN GUI support.