Register now or log in to join your professional community.
First setup a L3 interface on the controller, that is the controller-ip and assign a respective gateway and have it plugged into the network.
Upgrade the controller to the lastest AOS version considering the kind of AP's that would be terminating on the controller.
Create an ap-group --> map a Virtual AP --> map the respective aaa-profile and ssid-profile
we can add multiple SSID's as mentioned above to the respective group by configuring the
respective VAP's and aaa-profiles
Create a PSK based SSID for voice and create a voice-role (with acl's to prioritize the VoIP traffic) and map it to the initial role of the aaa-profile and map the aaa-profile and ssid-profile to the respective VAP.
Following are the ACL's:-
SIP-ACL
NOE-ACL
SVP-ACL
VOCERA-ACL
SKINNY-ACL
H-ACL
DHCP-ACL
TFTP-ACL
DNS-ACL
ICMP-ACL
Likewise, we can configure a SSID for employees either as a PSK or a Dot1X based on the requirement
and map the appropriate role with any any any permit acl in it
For the rules, we can configure it through the command:-
ip access-list session <session-name>
any any any permit
user-role <role-name>
access-list session <session-name>