Configuring AP Groups

30 Thursday May 2013

By creating AP Groups you can control What SSIDs advertise on which APs, What dynamic interface map to each AP group (to reduce the broadcast size while having the same SSID). In latest codes of WLC software, via AP Group you can control RF profiles as well.Therefore you can have different RF characteristics to certain APs in your network.Also it supports 802.11u settings via AP Group. WLC code used in this post is 7.0.116.0.

You can create access point groups (AP Groups) and assign up to 16 WLANs to each group. Each access point advertises only the enabled WLANs that belong to its access point group. The access point does not advertise disabled WLANs in its access point group or WLANs that belong to another group.
You can create up to 50 access point groups for Cisco 2100 Series Controller and controller network modules; up to 300 access point groups for Cisco 4400 Series Controllers, Cisco WiSM, and 3750G wireless LAN controller switch; and up to 500 access point groups for Cisco 5500 Series Controllers.

By default there is a AP Group called “default-group” created on your WLC and all the WLANs where WLAN ID is between 1-16 map to this group. All the access points in the WLC also map to this group. This mean any WLAN (ID 1-16) will be available in any of the APs belong default group. If your WLAN ID is greater than 16, you have to create an AP group to advertise that WLAN (or SSID). Also if you want to advertize certain WLANs on particular APs (AP Group), you have to create an AP group for this.

Here is the topology for this post. 3502-a will be on AP group called “APG1” & 3502-d will be on “APG2” ap group. Both APs having 4402-c as primary controller & 4402-d as secondary controller. APG1 will map to vlan11 interface & APG2 will map to vlan12 interfaces on 4402-c (primary controller). In the event of AP fail-over to 4402-d (secondary controller) APG1 will map to vlan41 & APG2 will map to vlan42.

First we will create dynamic interfaces on 4402-c as shown below. Ensure that DHCP configured on the switch to support clients get dynamic IPs.

3750-b
ip dhcp excluded-address 192.168.11.1 192.168.11.100
ip dhcp excluded-address 192.168.11.150 192.168.11.254
ip dhcp excluded-address 192.168.12.1 192.168.12.100
ip dhcp excluded-address 192.168.12.150 192.168.12.254
ip dhcp pool VLAN11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.1 
   domain-name mrn.com
ip dhcp pool VLAN12
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1 
   domain-name mrn.com

(4402-c) >config interface create vlan11 11
(4402-c) >config interface address dynamic-interface vlan11 192.168.11.33 255.255.255.0 192.168.11.1
(4402-c) >config interface dhcp dynamic-interface vlan11 primary 192.168.11.1

(4402-c) >config interface create vlan12 12                                                         
(4402-c) >config interface address dynamic-interface vlan12 192.168.12.33 255.255.255.0 192.168.12.1
(4402-c) >config interface dhcp dynamic-interface vlan12 primary 192.168.12.1

First we will create an WLAN called “wlan<16” (with WLAN ID 6). For simplicity we will disable the L2 security & make it open SSID. Other settings will be leave as default.

(4402-c) >config wlan create 6 wlan<16 wlan<16
(4402-c) >config wlan interface 6 vlan11
(4402-c) >config wlan security wpa disable 6
(4402-c) >config wlan enable 6

Now we will configure APG1 & APG2 & map interface vlan11 & vlan2 for the WLAN created.

(4402-c) >config wlan apgroup ?               
add            Creates a new AP Group.
delete         Deletes a existing ap group.
description    Configures a description for an AP group.
interface-mapping Adds or deletes a new apgroup/WLAN/interface mapping.
nac-snmp       Configures NAC SNMP functionality on given AP-Group. 
radio-policy   Configures Radio Policy on given AP-Group. 

(4402-c) >config wlan apgroup add ?               
<apgroup name> Specify the name of the apgroup to configure.

(4402-c) >config wlan apgroup add APG1 ?              
<description>  (optional) Specify the description for the AP group.

(4402-c) >config wlan apgroup add APG1 "AP Group 1"
(4402-c) >config wlan apgroup add APG2 "AP Group 2"

(4402-c) >config wlan apgroup interface-mapping ?               
add            Adds a new apgroup/WLAN/interface mapping.
delete         Adds a new apgroup/WLAN/interface mapping.

(4402-c) >config wlan apgroup interface-mapping add ?               
<apgroup name> Specify the name of the apgroup to configure.

(4402-c) >config wlan apgroup interface-mapping add APG1 ?               
<WLAN or Remote LAN Id> Enter WLAN or Remote LAN Identifier between 1 and 512.

(4402-c) >config wlan apgroup interface-mapping add APG1 6 ?              
<Interface Name> Specify the interface name.

(4402-c) >config wlan apgroup interface-mapping add APG1 6 vlan11
(4402-c) >config wlan apgroup interface-mapping add APG2 6 vlan12

Then you can assign APs to AP group created as shown below.

(4402-c) >show ap summary 
Number of APs.................................... 2
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
------------------  -----  --------------------  -----------------  ----------------  ----  -------  ------
3502-a               2     AIR-CAP3502I-N-K9     cc:ef:48:72:0b:bd      3750-B Port1  LAG      AU       1
3502-d               2     AIR-CAP3502I-N-K9     44:d3:ca:af:43:43      3750-A Port4  LAG      AU       3

(4402-c) >config ap group-name ?               
<groupname>    Enter the group name of Cisco APs as String

(4402-c) >config ap group-name APG1 ?               
<Cisco AP>     Enter the name of the Cisco AP.

(4402-c) >config ap group-name APG1 3502-a
Changing the AP's group name will cause the AP to reboot.
Are you sure you want to continue? (y/n) y

(4402-c) >config ap group-name APG2 3502-d
Changing the AP's group name will cause the AP to reboot.
Are you sure you want to continue? (y/n) y

You can check the connectivity by enabling 1 AP at a time to see correct IP range is given to user. First we will disable 3502-a & check the client IP once associated.

(4402-c) >config ap disable 3502-a
(4402-c) >show client summary 
Number of Clients................................ 1
MAC Address       AP Name           Status        WLAN/GLAN      Auth Protocol         Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
04:f7:e4:ea:5b:66 3502-d            Associated    6              Yes  802.11n(5 GHz)   29   No

(4402-c) >show client detail 04:f7:e4:ea:5b:66
Client MAC Address............................... 04:f7:e4:ea:5b:66
Client Username ................................. N/A
AP MAC Address................................... 64:ae:0c:91:94:20
AP Name.......................................... 3502-d            
Client State..................................... Associated     
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 6  
BSSID............................................ 64:ae:0c:91:94:2f  
Connected For ................................... 45 secs
Channel.......................................... 149
IP Address....................................... 192.168.12.101
Association Id................................... 1  
Authentication Algorithm......................... Open System
Reason Code...................................... 1  
Status Code...................................... 0  
config wlan apgroup add mrn-default

Let’s enable 3502-a & disable 3502-d. As you can see below since my client had vlan12 IP this time, client is moved to 3502-a without changing its IP.

(4402-c) >config ap enable 3502-a             
(4402-c) >config ap disable 3502-d
(4402-c) >show client summary 
Number of Clients................................ 1
MAC Address       AP Name           Status        WLAN/GLAN      Auth Protocol         Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
04:f7:e4:ea:5b:66 3502-a            Associated    6              Yes  802.11n(5 GHz)   29   No

(4402-c) >show client detail 04:f7:e4:ea:5b:66
Client MAC Address............................... 04:f7:e4:ea:5b:66
Client Username ................................. N/A
AP MAC Address................................... 2c:3f:38:2a:b1:20
AP Name.......................................... 3502-a            
Client State..................................... Associated     
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 6  
BSSID............................................ 2c:3f:38:2a:b1:2f  
Connected For ................................... 30 secs
Channel.......................................... 149
IP Address....................................... 192.168.12.101
Association Id................................... 1  
Authentication Algorithm......................... Open System
Reason Code...................................... 1  
Status Code...................................... 0  
Session Timeout.................................. 0  
Client CCX version............................... No CCX support
Mirroring........................................ Disabled
QoS Level........................................ Silver
802.1P Priority Tag.............................. 3
WMM Support...................................... Enabled
Power Save....................................... OFF
Current Rate..................................... m7
Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
    ............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
NPU Fast Fast Notified........................... Yes
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ vlan12
VLAN............................................. 12
Quarantine VLAN.................................. 0
Access VLAN...................................... 12

But if you deauthenticate the client & forced to join again you will see client will get an vlan11 IP.

(4402-c) >show client summary 
Number of Clients................................ 1
MAC Address       AP Name           Status        WLAN/GLAN      Auth Protocol         Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
04:f7:e4:ea:5b:66 3502-a            Associated    6              Yes  802.11n(5 GHz)   29   No

(4402-c) >config client deauthenticate 04:f7:e4:ea:5b:66

(4402-c) >show client detail 04:f7:e4:ea:5b:66
Client MAC Address............................... 04:f7:e4:ea:5b:66
Client Username ................................. N/A
AP MAC Address................................... 2c:3f:38:2a:b1:20
AP Name.......................................... 3502-a            
Client State..................................... Associated     
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 6  
BSSID............................................ 2c:3f:38:2a:b1:2f  
Connected For ................................... 27 secs
Channel.......................................... 149
IP Address....................................... 192.168.11.101
Association Id................................... 1  
Authentication Algorithm......................... Open System
Reason Code...................................... 1  
Status Code...................................... 0

As you can see with AP group client will put in to configured vlans as they associate to network. But if they moved from an AP to another AP (in different AP group) client will keep the original IP address.

Now lets see how this works when AP fail-over to a secondary controller (4402-d).

3750-d
interface Vlan41
 ip address 192.168.41.1 255.255.255.0
 ip helper-address 192.168.10.3
!
interface Vlan42
 ip address 192.168.42.1 255.255.255.0
 ip helper-address 192.168.10.3

(4402-d) >config interface create vlan41 41
(4402-d) >config interface address dynamic-interface vlan41 192.168.41.44 255.255.255.0 192.168.41.1
(4402-d) >config interface dhcp dynamic-interface vlan41 primary 192.168.10.3

(4402-d) >config interface create vlan42 42
(4402-d) >config interface address dynamic-interface vlan42 192.168.42.44 255.255.255.0 192.168.42.1
(4402-d) >config interface dhcp dynamic-interface vlan42 primary 192.168.10.3

(4402-d) >config wlan create 6 wlan<16 wlan<16
(4402-d) >config wlan interface 6 vlan41
(4402-d) >config wlan security wpa disable 6
(4402-d) >config wlan enable 6

Let’s configure the secondary controller for two APs.

(4402-c) >config ap secondary-base 4402-d 3502-a 192.168.40.44
(4402-c) >config ap secondary-base 4402-d 3502-d 192.168.40.44

(4402-c) >show ap config general 3502-a
Cisco AP Identifier.............................. 4
Cisco AP Name.................................... 3502-a
Country code..................................... AU  - Australia
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-N
AP Country code.................................. AU  - Australia
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N 
Switch Port Number .............................. 29
MAC Address...................................... cc:ef:48:72:0b:bd
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.20.61
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.20.254
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ 3750-B Port1
Cisco AP Group Name.............................. APG1
Primary Cisco Switch Name........................ 4402-c
Primary Cisco Switch IP Address.................. 192.168.10.33
Secondary Cisco Switch Name...................... 4402-d
Secondary Cisco Switch IP Address................ 192.168.40.44
Tertiary Cisco Switch Name....................... 
Tertiary Cisco Switch IP Address................. Not Configured

Now if you disconnect 4402-c (or shutdown G1/0/1-2) you will see two APs fail over to 4402-d.

(4402-d) >show ap summary 
Number of APs.................................... 2
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
------------------  -----  --------------------  -----------------  ----------------  ----  -------  ------
3502-a               2     AIR-CAP3502I-N-K9     cc:ef:48:72:0b:bd      3750-B Port1  LAG      AU       1
3502-d               2     AIR-CAP3502I-N-K9     44:d3:ca:af:43:43      3750-A Port4  LAG      AU       3

(4402-d) >show ap config general 3502-a
Cisco AP Identifier.............................. 0
Cisco AP Name.................................... 3502-a
Country code..................................... AU  - Australia
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-N
AP Country code.................................. AU  - Australia
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N 
Switch Port Number .............................. 29
MAC Address...................................... cc:ef:48:72:0b:bd
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.20.61
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.20.254
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ 3750-B Port1
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................ 4402-c
Primary Cisco Switch IP Address.................. 192.168.10.33
Secondary Cisco Switch Name...................... 4402-d
Secondary Cisco Switch IP Address................ 192.168.40.44
Tertiary Cisco Switch Name....................... 
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED

Since we have not created any AP Group on secondary controller by default both ap will be put into default group. So client will be get vlan41 IPs as that is map to “wlan<16” WLAN.

(4402-d) >show client summary 
Number of Clients................................ 1
MAC Address       AP Name           Status        WLAN/GLAN      Auth Protocol         Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
04:f7:e4:ea:5b:66 3502-a            Associated    6              Yes  802.11n(5 GHz)   29   No

(4402-d) >show client detail 04:f7:e4:ea:5b:66
Client MAC Address............................... 04:f7:e4:ea:5b:66
Client Username ................................. N/A
AP MAC Address................................... 2c:3f:38:2a:b1:20
AP Name.......................................... 3502-a            
Client State..................................... Associated     
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 6  
BSSID............................................ 2c:3f:38:2a:b1:2a  
Connected For ................................... 80 secs
Channel.......................................... 149
IP Address....................................... 192.168.41.101
Association Id................................... 1  
Authentication Algorithm......................... Open System
Reason Code...................................... 1  
Status Code...................................... 0

Now let’s configure the two AP groups configured on 4402-c & see when fail-over occur those two AP goes into correct group as they were in the primary controller.

(4402-d) >config wlan apgroup add APG1 "AP Group 1"
(4402-d) >config wlan apgroup add APG2 "AP Group 2"

(4402-d) >config wlan apgroup interface-mapping add APG1 6 vlan41
(4402-d) >config wlan apgroup interface-mapping add APG2 6 vlan42

Now this time you can see 3502-a will go into APG1 where as 3502-d goes into APG2 as they were in the primary controller.

(4402-d) >show ap summary 
Number of APs.................................... 2
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
------------------  -----  --------------------  -----------------  ----------------  ----  -------  ------
3502-a               2     AIR-CAP3502I-N-K9     cc:ef:48:72:0b:bd      3750-B Port1  LAG      AU       1
3502-d               2     AIR-CAP3502I-N-K9     44:d3:ca:af:43:43      3750-A Port4  LAG      AU       3

(4402-d) >show ap config general 3502-d
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... 3502-d
Country code..................................... AU  - Australia
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-N
AP Country code.................................. AU  - Australia
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N 
Switch Port Number .............................. 29
MAC Address...................................... 44:d3:ca:af:43:43
IP Address Configuration......................... Static IP assigned
IP Address....................................... 10.10.20.4
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.10.20.1
Domain........................................... 
Name Server...................................... 
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ 3750-A Port4
Cisco AP Group Name.............................. APG2
Primary Cisco Switch Name........................ 4402-c
Primary Cisco Switch IP Address.................. 192.168.10.33
Secondary Cisco Switch Name...................... 4402-d
Secondary Cisco Switch IP Address................ 192.168.40.44
Tertiary Cisco Switch Name....................... 
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED

(4402-d) >show ap config general 3502-a
Cisco AP Identifier.............................. 2
Cisco AP Name.................................... 3502-a
Country code..................................... AU  - Australia
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-N
AP Country code.................................. AU  - Australia
AP Regulatory Domain............................. 802.11bg:-A    802.11a:-N 
Switch Port Number .............................. 29
MAC Address...................................... cc:ef:48:72:0b:bd
IP Address Configuration......................... DHCP
IP Address....................................... 192.168.20.61
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 192.168.20.254
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ 3750-B Port1
Cisco AP Group Name.............................. APG1
Primary Cisco Switch Name........................ 4402-c
Primary Cisco Switch IP Address.................. 192.168.10.33
Secondary Cisco Switch Name...................... 4402-d

You can verify clients are getting vlan42 & vlan41 IP depend on where they are associated to (3502-d & 350-a respectively)

(4402-d) >config ap disable 3502-a
(4402-d) >show client summary 
Number of Clients................................ 1
MAC Address       AP Name           Status        WLAN/GLAN      Auth Protocol         Port Wired
----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
04:f7:e4:ea:5b:66 3502-d            Associated    6              Yes  802.11n(5 GHz)   29   No

(4402-d) >show client detail 04:f7:e4:ea:5b:66
Client MAC Address............................... 04:f7:e4:ea:5b:66
Client Username ................................. N/A
AP MAC Address................................... 64:ae:0c:91:94:20
AP Name.......................................... 3502-d            
Client State..................................... Associated     
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 6  
BSSID............................................ 64:ae:0c:91:94:2f  
Connected For ................................... 35 secs
Channel.......................................... 36 
IP Address....................................... 192.168.42.101
Association Id................................... 1  
Authentication Algorithm......................... Open System
Reason Code...................................... 1  
Status Code...................................... 0

Therefore it is important to configure AP groups in all primary, secondary & tertiary controllers in a similar manner if you want to advertise same set of WLANs, map to required dynamic interface.

As an exercise you can try to use a WLAN ID greater than 16 (called “wlan>16”) & see how it works in a similar scenario.

28 thoughts on “Configuring AP Groups”

Juan Carlos said:

March 18, 2014 at 5:51 am

Configure wlc using cli could be a challenge, if you are familiar with cisco ios, forget it, wlc is very different.
New wlc 5760 with ios xe is more friendly for cisco networkers.

I guest is a question of practice as rasika did when he passed cciew lab, so i have a lot of work in order to get confortable with wlc cli

Reply
Bruno Dinis said:

July 11, 2014 at 2:53 am

great post.

Btw do you know how to configure a new default group? When I plug in a new AP in the network it goes to AP Group 1 and not to the default-group that have every ssid’s configured on the WLC?!

Cheers!

Reply
- nayarasi said:
  
  July 13, 2014 at 12:40 pm
  
  If it is a new AP it should go to default-group.
  
  If this AP previously assign to APG1 then it will automatically goes to that AP group instead of default group.
  
  HTH
  Rasika
  
  Reply
  - Bruno said:
    
    July 14, 2014 at 6:28 pm
    
    But Rasika, I will install 350 new AP’s and I want them to automatic join the “AP Group 1” and not the “default-group”.
    
    can I set up “AP Group 1” as the default?
  - nayarasi said:
    
    July 14, 2014 at 6:58 pm
    
    Hi Bruno,
    
    There is no way you can set AP Group 1 as default AP Group.
    You have to use either WLC GUI or CLI to do this.
    
    If you have list of AP_Names then you can do it via CLI like below.
    
    config ap group-name AP-Group1 AP_01
    config ap group-name AP-Group1 AP_02
    config ap group-name AP-Group1 AP_03
    config ap group-name AP-Group1 AP_04
    config ap group-name AP-Group1 AP_05
    
    HTH
    Rasika
  - db said:
    
    July 14, 2014 at 7:41 pm
    
    Ok Rasika, glad to know. Thankyou very much!
babak said:

September 29, 2014 at 4:31 pm

HI
every where I search is about 4402! can you please show me the config about 5508?!! its very different and the problem Im having is the client stick to its IP address and it wont release it even if it is on different AP. I used the interface grouping in the SSID. can you please give me hint on this? its killing me

Reply
- nayarasi said:
  
  September 29, 2014 at 4:43 pm
  
  Are you talking about clinet roam to different AP (in different AP group), but still keep the same IP ?
  
  That’s the normal behavior to support smooth roaming.
  
  If new client associate to those AP in different AP group, then they will get different subnet IP if that configured. But if client roams he will retain original IP even it moved to different AP
  
  HTH
  Rasika
  
  Reply
  - babak said:
    
    September 29, 2014 at 4:48 pm
    
    Well , here is the problem. I re-image 40 clients in IT room which is belong to AP with VLAN A. then after its done and update and everything I send them back to their original location to operate. In their location when they boot up they have to get an IP from VLAN B but they some how stick to their previous IP from range A. they are connected but its like they are on the roam state! Thanks for your help. this thing is putting me under massive work pressure .
Ale said:

August 26, 2015 at 5:21 am

Hi Rasika,
Is it possible to automatize the process of assigning an AP GROUP to each NEW AP?
For Example, all the new Outdoors AP I need it in the “Oudoor” AP Group, and all the Indoor AP in the “Indoor” AP Group.

I need to install 100 Outdoors AP (docsis and fiber) and it is very difficult to coordinate the work between the people who install it and configure ir.

Thanks for all!

Reply
- nayarasi said:
  
  September 1, 2015 at 1:46 pm
  
  Hi
  
  I do not think there is an easy way of doing it.
  
  But sometime using CLI may be faster than GUI configuration of this task. As long as you know the AP names you can assign them to required ap group. (below use Outdoor as AP Group name )
  
  config ap group-name Outdoor AP-01
  y
  config ap group-name Outdoor AP-02
  y
  config ap group-name Outdoor AP-03
  y
  
  HTH
  Rasika
  
  Reply
- Babak said:
  
  September 12, 2015 at 9:20 pm
  
  Hello
  
  I’m writing this email asking for some info. By the way I’m still waiting for the eap debug u promised 🙂 Anyway I’ve got my ccna wireless yesterday. Im heading for ccnp cuwss which is a site survey. I’m wondering what sort of application and equipment u suggest me to buy for my home lab at this level. I don’t want to spent money with no reason and like to know your view I already have 3500 and 3700 ap. wlc 5508 and wcs. But im not sure what sort of software do i need for site survey I wil appreciate if u guide me about what I possibly need
  
  Thanks and thanks and thanks for all your efforts Babak
  
  Sent from my iPhone 6
  
  >
  
  Reply
  - nayarasi said:
    
    September 16, 2015 at 6:23 am
    
    Hi Babak,
    As you know this year my focus shifted towards “inner peace” 🙂
    So could not spend much time on blogging WiFi stuff. That’s the reason for not having that 3rd post on 802.1X.
    
    Give some time, I will do this for you 🙂
    
    Regarding your query for CUWSS, I have post a reply in CSC
    https://supportforums.cisco.com/discussion/12605041/cuwss-home-lab-requirement
    
    Hope that is useful
    
    Rasika
  - babak said:
    
    September 16, 2015 at 10:23 am
    
    Hi Rasika
    Thanks for the reply and thanks for th einfo you posted on the Cisco forum for me.
    
    By the way enjoy the ” inner peace” project but just to let you know you are hunted by the wireless topic! you are so deep into it that there is no way out for you. you will be back and I’ll wait 🙂
    enjoy your time and thanks for everything
nerv said:

April 12, 2016 at 9:10 pm

Great info, btw would like to ask, if i have two different AP group and i would like to create a SSID but using the same VLAN for both groups. Is it possible ?

Reply
- nayarasi said:
  
  April 13, 2016 at 12:41 pm
  
  Yes that is possible
  
  Reply
Isuru said:

July 29, 2016 at 2:36 pm

Hi Rasika,

I need to clarify this. lets say I have 5 SSIDs in a AP group and 1 SSID is currently disabled. users are connecting to other 4 SSIDs.
Will there be any disconnection / interruption to the users connecting to other 4 SSIDs, If I need remove that disabled SSID from this AP group?

Thank you in advance for your support.

Reply
- nayarasi said:
  
  July 29, 2016 at 2:37 pm
  
  No, you should be fine with this
  
  Reply
Joel said:

October 27, 2016 at 9:30 am

Hi, if a disable All 802.11a on my WLC, can I enable this feature on specific aps ??

Reply
- nayarasi said:
  
  October 27, 2016 at 10:49 am
  
  Hi Joel
  which feature you refer here ?
  
  AP Group is always created, if you want to have set of APs to advertise particular SSIDs and have given RF settings
  
  HTH
  Rasika
  
  Reply
  - Joel said:
    
    October 27, 2016 at 11:54 am
    
    HI Rasika,
    
    I have a lot of APs without Antennas of 5.0 Ghz, for that reason we have disable 802.11a in the wlc, my cuestion is..Can I create an AP Group like “Aps_with_antennas5.0” and enable only in that group the 802.11a ??
    
    Thanks ¡¡¡
  - nayarasi said:
    
    October 27, 2016 at 12:46 pm
    
    Yes that is possible, you hv a god use case to use “AP group”
    
    HTH
    Rasika
  - Joel said:
    
    October 27, 2016 at 12:52 pm
    
    Thats Good Rasika,
    
    Can you share me any information about this kind of configuration ?? or features that I can check or uncheck on the Ap Group ??
    
    Thanks ¡¡¡
Michele said:

January 24, 2017 at 7:17 pm

Hi everyone,
i kinda understand AP groups but i am wondering which is the difference between them and interface groups. I asked also in Cisco forums but i don’t get the concepts.
Can you please clarify my doubts?
Thanks

Reply
- nayarasi said:
  
  January 25, 2017 at 5:43 am
  
  Hi Michele,
  
  Interface group is just combining multiple subnets to same WLAN. If you do not have continuous block of IP, then you can use interface group to add those discontinued subnets to same wlan.
  
  AP Group is different where you can assign certain charateristics (subnet,RF charactersitics , wlan) to selected group of APs.
  
  HTH
  Rasika
  
  Reply
Stacey said:

November 5, 2019 at 1:33 am

is there away on the 8540 controller, to set a time limit on an individual SSID of an AP group? if so can you walk me through it

Reply
Aaron Revak said:

March 10, 2022 at 2:37 am

I love your site. I come here whenever trying to find information about best practices. We have 37 access points and about 150 wireless clients. We work in a two-floor building and clients are mostly spread out. I have never used AP groups, but I am going to replace my controller soon so I am interested in them. If I wanted to add several AP groups for the sake of increasing WLAN performance, would it be worth the work?

Reply
- nayarasi said:
  
  March 11, 2022 at 8:14 am
  
  Hi Aaron, Thank you for kind appreciation of my blog. AP group is useful if you want to selectively advertise SSID on certain APs (group of APs), control RF setting on those group and map users into different vlan based on AP group. If that is something you need go with AP groups
  
  HTH
  Rasika
  
  Reply