SSID Mapping to VLAN
Location in GUI: Provision
» SD-Access
» Fabric Sites
» Wireless SSIDs
Diagram
Section titled “Diagram”Classes
Section titled “Classes”fabric_sites (catalyst_center.fabric)
Section titled “fabric_sites (catalyst_center.fabric)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
wireless_ssids | List | [wireless_ssids] | No |
wireless_ssids (catalyst_center.fabric.fabric_sites)
Section titled “wireless_ssids (catalyst_center.fabric.fabric_sites)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
vlan_name | String | Yes | ||
security_group_name | String | No |
Examples
Section titled “Examples”Example-1: Basic SSID to VLAN Mapping Configuration
This example demonstrates how to configure basic SSID to VLAN mapping within an SD-Access fabric site for wireless network segmentation. SSID mapping enables wireless clients to be placed into specific VLANs based on the SSID they connect to, providing network segmentation and policy enforcement for different user groups.
The SSID to VLAN mapping configuration includes:
- Fabric site specification (Global/Canada) for geographic organization
- SSID name (SSID_1) for wireless network identification
- VLAN name mapping (VLAN_GUEST) for network segmentation and traffic isolation
- The VLAN name used are VLANs defined as part of the Fabric Anycast gateway configuration, and should have
wireless_pool: true
- Direct association between wireless access and wired VLAN infrastructure
- Foundation for wireless policy enforcement and security controls
catalyst_center: fabric: fabric_sites: - name: Global/Canada wireless_ssids: - name: SSID_1 vlan_name: VLAN_GUEST
Example-2: Multiple SSID Mappings for Different User Types
This example shows how to configure multiple SSID to VLAN mappings within a single fabric site for comprehensive wireless network segmentation supporting different user categories and access requirements.
catalyst_center: fabric: fabric_sites: - name: Global/North_America/Corporate_Campus wireless_ssids: - name: CORPORATE_WIFI vlan_name: CORPORATE_USERS - name: GUEST_WIFI vlan_name: GUEST_ACCESS - name: IOT_DEVICES vlan_name: IOT_NETWORK - name: CONTRACTOR_WIFI vlan_name: CONTRACTOR_ACCESS
Example-3: Department-Based SSID to VLAN Mapping
This example demonstrates how to configure SSID to VLAN mappings organized by department or functional area for enterprise environments requiring departmental wireless network isolation.
catalyst_center: fabric: fabric_sites: - name: Global/Europe/Corporate_HQ wireless_ssids: - name: FINANCE_SECURE vlan_name: FINANCE_VLAN - name: HR_PRIVATE vlan_name: HR_VLAN - name: ENGINEERING_LAB vlan_name: ENGINEERING_VLAN - name: MARKETING_TEAM vlan_name: MARKETING_VLAN - name: EXECUTIVE_ACCESS vlan_name: EXECUTIVE_VLAN
Example-4: Multi-Site SSID Mapping with Consistent Naming
This example shows how to configure consistent SSID to VLAN mappings across multiple fabric sites for standardized wireless deployment in distributed enterprise environments.
catalyst_center: fabric: fabric_sites: - name: Global/North_America/New_York_Office wireless_ssids: - name: EMPLOYEE_SECURE vlan_name: EMPLOYEE_NETWORK - name: VISITOR_ACCESS vlan_name: VISITOR_NETWORK - name: BYOD_DEVICES vlan_name: BYOD_NETWORK - name: Global/Europe/London Office wireless_ssids: - name: EMPLOYEE_SECURE vlan_name: EMPLOYEE_NETWORK - name: VISITOR_ACCESS vlan_name: VISITOR_NETWORK - name: BYOD_DEVICES vlan_name: BYOD_NETWORK - name: Global/Asia Pacific/Tokyo Office wireless_ssids: - name: EMPLOYEE_SECURE vlan_name: EMPLOYEE_NETWORK - name: VISITOR_ACCESS vlan_name: VISITOR_NETWORK
Example-5: Security Zone SSID Mapping Configuration
This example demonstrates how to configure SSID to VLAN mappings based on security zones and trust levels for environments requiring strict wireless security segmentation and compliance.
catalyst_center: fabric: fabric_sites: - name: Global/Security/HighSecurityFacility wireless_ssids: - name: CLASSIFIED_NETWORK vlan_name: SECURE_ZONE_VLAN - name: INTERNAL_STAFF vlan_name: INTERNAL_ZONE_VLAN - name: VENDOR_LIMITED vlan_name: DMZ_ZONE_VLAN - name: QUARANTINE_NET vlan_name: QUARANTINE_VLAN
Example-6: Service Provider Multi-Tenant SSID Mapping
This example shows how to configure SSID to VLAN mappings for service provider environments with customer-specific wireless networks and tenant isolation requirements.
catalyst_center: fabric: fabric_sites: - name: Global/Service_Provider/Shared_Building wireless_ssids: - name: TENANT_A_CORPORATE vlan_name: TENANT_A_PRODUCTION - name: TENANT_A_GUEST vlan_name: TENANT_A_GUEST_VLAN - name: TENANT_B_CORPORATE vlan_name: TENANT_B_PRODUCTION - name: TENANT_B_GUEST vlan_name: TENANT_B_GUEST_VLAN - name: SHARED_SERVICES vlan_name: SHARED_SERVICES_VLAN
Example-7: Educational Institution SSID Mapping
This example demonstrates how to configure SSID to VLAN mappings for educational environments with different access requirements for students, faculty, staff, and guests.
catalyst_center: fabric: fabric_sites: - name: Global/Education/University_Campus wireless_ssids: - name: STUDENT_WIFI vlan_name: STUDENT_NETWORK - name: FACULTY_SECURE vlan_name: FACULTY_NETWORK - name: STAFF_ADMIN vlan_name: STAFF_NETWORK - name: RESEARCH_LAB vlan_name: RESEARCH_NETWORK - name: CAMPUS_GUEST vlan_name: CAMPUS_GUEST_VLAN - name: LIBRARY_PUBLIC vlan_name: LIBRARY_ACCESS_VLAN