Wireless Access

Hi,

My question is specific to an scenario where in the default gateways are outside the controller and on a L3 switch.

For bridge mode SSIDs, its understood that the SVI creation against the client VLAN or even the client VLAN creation is not a requirement.

However for tunnel mode SSIDs is it fine with just creating the client VLAN or we need to create  even an SVI against the client VLAN.

As always, appreciate the valuable responses here with some explaination on same.

You can just create a VLAN.  You do not need to configure an ip address on that VLAN, on the controller.

Thanks Joseph.

Couple more quick queries:

1)  For bridge mode SSIDs as well, do we need to create the VLAN       (Layer 2) on the controller? Or can we avoid creating even a L2 VLAN for bridge mode SSIDs

2) For Tunnel mode SSIDs: Thanks for making it clear that we don't require the L3 interface mandatorily.

However what is the recommendation. From trouble shooting standpoint, it could come handy for pinging from the Tunnel mode SSID's source interface to check if DHCP/ other services are reachable from the corresponding L3 interface on the SSID.

Please share your thoughts on same.

1.  No.

2.  If you ping a device where the controller does not have an ip interface it will ping from the controller's ip, instead.  Having an ip address on the interface will allow you to ping from the same subnet yes.

Thanks again Joseph for prompt responses.

Recently I ran into an issue for the bridge mode SSIDs There were L2-VLANs that were created for bridge SSIDs on controller. And the moment, i deleted those L2-VLANs for bridged SSID, the client dropped and were not able to join back the controller.

Only  after creating back the L2 VLANs on the controller for the bridge SSIDs, i was able to get the client association moving fine.

Thus I am really confused, whether we really require to create an L2 VLAN for the bridge SSIDs or not?

From general understanding and your response, no. But after deleting them, the clients association started failing.

You don't have to create a VLAN on the controller itself, but in the configuration, like the Virtual AP, the VLAN number does have to be typed in.

All the Virtual APs(configuration --> advanced services --> All profiles --> WLAN --> Virtual AP) do reflect the VLANs these bridge SSIDs are to be part of.

Yet when I deleted the bridge SSID VLANs(configuration --> Network --> VLANs), the clients on bridge SSIDs dropped.

They were able to join back again only when I created back the L2 vlan back on the controllers (configuration --> Network --> VLANs) for these individual bridge SSIDs

I am not aware of your exact configuration, and I see in another thread you are using a bridged SSID on a mesh AP, so I do not know what exact configuration you are using, but it is not typical.  Please create the VLANs on the controller if that is happening.

Is it not recommended to use Bridge SSID on Mesh Point APs?

Thanks

I didn't say that.  I mean it is not seen often.