Solved

Cisco Flex Connect Design Scenario

Posted on 2014-03-24
4
2,662 Views
Last Modified: 2014-03-26
Folks,
I have a doubt related with the Cisco Flexconnect scenario . I have a scenario where i need to centralize my wireless to 50 other branches , as the main controllers will be located in DC .

Well , these are the client requirements
1. Every site will have their own data , voice and management vlan (for AP) .
2. DHCP will be local

Now my question is as follows
1. In the main controller, i need to add for every site vlan (ie for 50 sites in total times 3 vlans ) in the controller and in the switch for SVI . ?
2. Is it recommended to have centralized AP management for all 50 sites together , so that i can have one native vlan in the remote site, lets say vlan 100 ( for AP management) . Or is it recommended to have different IP for AP management , in this case, what would be the native vlan, will it be the AP management ?
3. What happens when WAN link is down ? how long can the access point work without WAN connectivity ?

Highly appreciate your kind help and support.

Regards,

SID
0
Comment
Question by:infiniti7181
  • 2
  • 2
4 Comments
 

Author Comment

by:infiniti7181
Comment Utility
Folks any update :)
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
1] If the VLANs are switched at the site in true FlexConnect fashion, you don't need to create interfaces on the WLC for these.  All you need to do is configure FlexConnect groups if you want to use dissimilar VLAN IDs at each site.

For example, if you want to put APs 1, 2 and 3 at Site A, and APs 4, 5 and 6 at Site B you should create two FlexConnect groups, with APs 1-3 in one group and APs 4-6 in the other group.  This will let you specify VLAN ID 10 for data at Site A and VLAN ID 20 for data at Site B.

Make sense?

2] Following on from [1] you can have a dedicated VLAN/subnet for AP management (that's actually recommended) at each site.  Again, this VLAN ID can be different per site if you use FlexConnect groups and is defined by setting the Native VLAN ID parameter for each AP in its own FlexConnect tab.  The WLC will technically only need a management interface but it's better to create 'dummy' interfaces for each SSID so that there's no chance of traffic inadvertently being routed across the management VLAN.

So, you'd create 3 'dummy' interfaces, one for each SSID, then tag each one to the WLANs you created.  That satisfies the WLC's requirement to have an interface attached to each WLAN even though the traffic is locally switched at the branch LAN.

3] When the WAN link goes down the AP goes into standalone mode.  This has several sub-states based on how the WLANs are configured.  If your WLANs are configured to use local site switching and local authentication servers (the best approach for resiliency) you'll go days without noticing that the WAN link is down if your clients don't use the WAN link.  However, if you use local switching but centralized authentication servers (across the WAN link at the DC for example) this will have an impact on client connectivity.  What will happen then is this:

If the client is associated and authenticated at the time the WAN fails he continues to work until his authentication timer expires, or the session terminates.  If the WAN is still down the reauthentication fails as no authentication server is reachable.

If the client isn't already connected when the WAN is down (so a new client) he just won't connect.

Hope that helps!
0
 

Author Comment

by:infiniti7181
Comment Utility
Thanks for the assistance .
Just to be clear related with the vlan assignment just to be in sync with the new technology, which i am learning :)

Scenario is in this way
I have WLC in DC , where there is AP-Manager (VLAN 60), User WIFI (vlan 61), Voice Wifi (Vlan 62)
Now remote site there is management vlan (vlan 99) , user remote wifi (vlan 100) , voice remote wifi (vlan 101) .
In this case, i need to add interfaces in controller for vlan 60,61,62,vlan 99,100,101
or only add ones in DC .. bit confused here though .

Another question is . in remote site, the native vlan would be the management vlan which in this case is vlan 99 .

Regards,

SID
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Just create 3 interfaces - they will be used as dummy interfaces (attach one to each WLAN at the controller in the DC).

Create your FlexConnect groups then add the WLANs to each group and set the VLAN ID that you want to use for each site within the relevant group.

So, if you create 2 FlexConnect groups, one for SiteA and one for SiteB and both with the same WLANs, you can specify the VLAN ID for each WLAN per FlexConnect group.  This lets you use the data WLAN at SiteA on VLAN 100, but use VLAN 200 at SiteB.

The native VLAN is always the management VLAN.  That's how the AP knows which VLAN to put management traffic on.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Suggested Solutions

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now