Multi-SSIDs with different VLANs

wey2go
Getting noticed

Multi-SSIDs with different VLANs

I have 6 x MR42s in a double storey building. They are connected to 3 x MS-120 switches which in turn connected to MX-84. 

 

All ethernet clients are getting the correct VLANs and their respectively DHCP-allocated IP addresses (from MX84 or on VLAN/subnet with their own DHCP server, they get the IP addresses from their own DHCP server). 

 

Say, I want to have 4 x SSIDs on all MRs with SSID.1 to SSID.4 having VLANs 100, 200, 300 and 400. 

 

How do I configure this? I have tried multiple attempts but always, the client unable to get an IP address allocated by a

DHCP server. 

 

Thanks. 

6 REPLIES 6
NolanHerring
Kind of a big deal

You need to configure the access-control setting for each SSID to have the VLAN you want it to have via the Bridge-Mode option.

You'll see an option to use VLAN tagging, so enable that and then you can choose what VLAN ID to use. Then when a client connects to SSID1, he'll get put on whatever VLAN you have setup. You will need to ensure that the ports that each AP connects to has all the VLANs allowed.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
ClaytonMeyer
Here to help

Nolan is correct but there is more necessary configuration. You'll need to make sure that all of the corresponding AP switch ports are configured as trunk ports. You'll need to trunk/tag VLANs 100-400 on those ports. Lastly, if the AP itself is in a separate "management" VLAN e.g. 2, you'll need to make VLAN 2 the native VLAN on those switch ports. Also, make sure that the uplink ports from those switches are also tagging those VLANs all the way back to wherever the SVI exists.

 

Mode: Trunk

Native: 2 (example)

Trunk: 100, 200, 300 400

 

So your clients' traffic will get tagged for their respective SSID and then that traffic will be properly handled at the switch level.


@ClaytonMeyer wrote:

Nolan is correct but there is more necessary configuration. You'll need to make sure that all of the corresponding AP switch ports are configured as trunk ports. You'll need to trunk/tag VLANs 100-400 on those ports. Lastly, if the AP itself is in a separate "management" VLAN e.g. 2, you'll need to make VLAN 2 the native VLAN on those switch ports. Also, make sure that the uplink ports from those switches are also tagging those VLANs all the way back to wherever the SVI exists.

 

Mode: Trunk

Native: 2 (example)

Trunk: 100, 200, 300 400

 

So your clients' traffic will get tagged for their respective SSID and then that traffic will be properly handled at the switch level.


@ClaytonMeyer Tried that even before I posted in the community. I can see devices can associate with the SSIDs but DHCP request fails if the DHCP server is on the MX or a Windows Server. DHCP request from the APs are working. Exploring further, Say, at Ground Floor, I have sub_tenant_A and 1st Floor sub_tenant_B. I have 4 APs on 1st Floor and 2 APs on Ground Floor. 4 x SSIDs configure on the APs (tenants and tenants_guests). When an end device is associated with the AP on Ground floor, choosing the SSID for sub_tenant_A works fine but not if choosing SSID for sub_tenant_B while associated in ground floor. Cannot get DHCP IP allocations. Vice versa.

Guests SSIDs are fine anywhere.

 

Giving up, I just turn off the SSID for sub_tenant_A for the APS in 1st Floor and vice-versa. Workable solution but not elegant.

 

Bruce
Kind of a big deal

Just to follow this up, if you want to try it again, then you need the trunk between the switch and the access point, as ClaytonMeyer wrote, and then for each SSID you need to configure it to tag the traffic. In the Meraki Dashboard go to Wireless -> Access Control, and under the Addressing and traffic section you need to be in 'Bridge mode', and then set VLAN tagging to 'Use VLAN tagging', and then for the VLAN ID, set All other APs to the VLAN ID for the SSID - so for SSID.1 set the VLAN ID to 100, then change to SSID.2 make the configuration changes again and set the VLAN ID to 200, and so on. If the wired part of the network is correctly configured then this should then tag the traffic from each SSID with the appropriate VLAN tag. Just remember that if the DHCP server isn't on the same VLAN/subnet as the client then you'll also need to configure DHCP forwarding for that VLAN/subnet.

wey2go
Getting noticed

@Bruce Thank you. I missed out on the "you'll also need to configure DHCP forwarding for that VLAN/subnet" step.

PhilipDAth
Kind of a big deal
Kind of a big deal

Another option you could consider is using a single SSID and using per-user VLAN tagging.  You can assign the VLAN via group policy, or via a RADIUS server (typically used with WPA2-Enterprise mode).

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/VLAN_Tagging

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels