04-05-2012 09:25 AM
I've setup a RAP at one of our campuses with 2 virtual AP's (2-WLAN's); 1 for guests and 1 for staff. Things are working well but now I need to rollout another 10 RAP's to our other locations. I'm thinking those RAP's should be configured the same way as the orginal (broadcasting same SSID's, same AAA profiles, etc...)
Just wondering if anyone has an opinion on this and what sort of gotcha's I might be up against in the future. For example, if campus "A" wants their password changed for the staff network, that will effect all other campuses staff network correct?
Also, if i got this route, I will need to change the name of the AP Group to better reflect our setup (ie, I might call it: RAP group). Is there any way of doing this?
Sorry in advance if I've left out some important info but I'm really new at this stuff - what I can tell you is:
we have: 1 - 3600 controller and 16 AP's; 10 of which will be RAP's and have been whitelisted.
04-05-2012 09:50 AM
Im not sure if there is simple way to rename an AP group. You can duplicate it from CLI by doing a show run, copying out the profile, and rename it in a text editor and paste it back in. Then reassign your RAPs to this group, and delete the original. I would like to know a better way if it exists.
As for what issues you might have when you have more RAPs, all settings in the AP group are shared. In the future if you want to add specific WLANs to one site but not others you would have to create a new AP Group, and modify the settings you want under that. In your example, yes all the site would share one key, so to change it at only one site I would follow these steps:
1. Duplicate your AP Group and make a more descriptive name
2. Browse to the settings you want to change, make the change, and use the Save-As option to create a new profile for the section you are editing(to prevent changes to the profile associated with the original AP Group)
3. Save your changes and reprovision the RAP into the new AP Group.
ACDX, ACCP, CISSP, CWNA
04-05-2012 10:38 AM
In addition to Eliasz's recommendation you can also do these:
One of the easiest ways to rename the AP group is the cloning option on the CLI
(MC1-Sunnyvale-3600) (config) #ap-group <name of the new AP group>
(MC1-Sunnyvale-3600) (AP group "new") #clone <the AP group that has to be cloned>
Say you have an AP group called RAP-ap-group and you have 10 RAPs in that group, Now if one AP has to use an additonal SSID or a different password for one of the current SSIDs then , an easy option to do this is using the AP specific configuration.
If you want employee SSID on RAP 9 to use a different password then create a new VAP with new SSID profile (this will have the new password) and AAA profile (you can use the old AAA profile). Now this new VAP can be added only to RAP-9 and the old VAP can be removed from only RAP-9 using the AP specific config.
However, if 5 out of 10 RAPs require password change on the employee SSID or require an additional SSID, then it is better to create a seperate AP group. In this case depending on the number of changes required you can either clone and edit the AP groups or create new AP groups.
04-05-2012 11:25 AM
Thanks for the replies,
I'm leaning towards separate AP groups just for ease of administration. Basically the AP groups will represent each individual campus (5 in 1 campus, 2 in another, etc)
Things is, all campuses will have the exact same SSID's (staff and guest) and I would like to share the same profiles and rules across the board.