Creating Multiple SSIDs and Map with VLANs in Cisco 9120 AP / 9800 EWLC

The model I use is Cisco 9120AXI-E and the IOS-XE version is 17.05.01

First check whether the proper license is activated in your AP.

You will need to go the Expert mode in GUI to create VLANs. Otherwise the option will not be visible in the Configuration section.

Click on the Settings mark ⛭ (preferences) on GUI and select Expert mode and hit Save.

Now you will see an option to create VLANs in Configuration > Layer2

Click on it.

Now +Add and give the VLAN number, tick on IP options and give an IP and subnet mask to the SVI of the VLAN.

For my lab I created VLAN 10 and VLAN 20 with following IP details.

VLAN 10 - 

SVI 192.168.10.1  mask 255.255.255.0

VLAN 20 - 

SVI 192.168.20.1  mask 255.255.255.0

Now go to the Wireless Setup > Basic to create the SSIDs.

Hit +Add to create a Location

Don't forget to enter the native VLAN ID in General page here. In my case it is 100.

Now go to the next page > Wireless Networks and +Add to create SSIDs.

Here I created SSID-01 and gave the VLAN as 10 and the Security Method as WPA2 Personal which only needs a pre shared key to connect.

Also created SSID-02 and gave the VLAN as 20 and gave the same Security Method.

Now you will need to create a DHCP Pool for the Clients to connect.

Go to Administration > DHCP Pools and create 2 DHCP pools for 2 VLANs. 

Remember to add Gateway and DNS IPs on the Advanced page when creating these pools.

Following were my configuration.

VLAN 10 -

NETWORK 192.168.10.0

MASK 255.255.255.0

RANGE 192.168.10.15-192.168.10.25

GATEWAY 192.168.10.254

DNS 8.8.8.8

VLAN 20 -

NETWORK 192.168.20.0

MASK 255.255.255.0

RANGE 192.168.20.15-192.168.20.25

GATEWAY 192.168.20.254

DNS 8.8.8.8

192.168.10.254 and 192.168.20.254 are in the core switch of the network.

Now the Access switch must be configured like you connect a Flex mode AP.

interface GigabitEthernet1/0/1

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 100

 switchport trunk allowed vlan 10,20,100

 switchport mode trunk

Native VLAN takes the management plane traffic and all other APs in the cluster should have the communication through this VLAN which in my case is 100.

Other trunking should be well configured between CORE and Access Switch too.

When a client connects to SSID-01, it gets an IP from VLAN 10 and the traffic is forwarded to the DHCP given gateway of 192.168.10.254 and the routing table of CORE switch takes care of the rest.