[Webinar] Streamline your web hosting managementRegister Today


Cisco Flex Connect Design Scenario

Posted on 2014-03-24
Medium Priority
Last Modified: 2014-03-26
I have a doubt related with the Cisco Flexconnect scenario . I have a scenario where i need to centralize my wireless to 50 other branches , as the main controllers will be located in DC .

Well , these are the client requirements
1. Every site will have their own data , voice and management vlan (for AP) .
2. DHCP will be local

Now my question is as follows
1. In the main controller, i need to add for every site vlan (ie for 50 sites in total times 3 vlans ) in the controller and in the switch for SVI . ?
2. Is it recommended to have centralized AP management for all 50 sites together , so that i can have one native vlan in the remote site, lets say vlan 100 ( for AP management) . Or is it recommended to have different IP for AP management , in this case, what would be the native vlan, will it be the AP management ?
3. What happens when WAN link is down ? how long can the access point work without WAN connectivity ?

Highly appreciate your kind help and support.


Question by:infiniti7181
  • 2
  • 2

Author Comment

ID: 39953637
Folks any update :)
LVL 47

Accepted Solution

Craig Beck earned 2000 total points
ID: 39953927
1] If the VLANs are switched at the site in true FlexConnect fashion, you don't need to create interfaces on the WLC for these.  All you need to do is configure FlexConnect groups if you want to use dissimilar VLAN IDs at each site.

For example, if you want to put APs 1, 2 and 3 at Site A, and APs 4, 5 and 6 at Site B you should create two FlexConnect groups, with APs 1-3 in one group and APs 4-6 in the other group.  This will let you specify VLAN ID 10 for data at Site A and VLAN ID 20 for data at Site B.

Make sense?

2] Following on from [1] you can have a dedicated VLAN/subnet for AP management (that's actually recommended) at each site.  Again, this VLAN ID can be different per site if you use FlexConnect groups and is defined by setting the Native VLAN ID parameter for each AP in its own FlexConnect tab.  The WLC will technically only need a management interface but it's better to create 'dummy' interfaces for each SSID so that there's no chance of traffic inadvertently being routed across the management VLAN.

So, you'd create 3 'dummy' interfaces, one for each SSID, then tag each one to the WLANs you created.  That satisfies the WLC's requirement to have an interface attached to each WLAN even though the traffic is locally switched at the branch LAN.

3] When the WAN link goes down the AP goes into standalone mode.  This has several sub-states based on how the WLANs are configured.  If your WLANs are configured to use local site switching and local authentication servers (the best approach for resiliency) you'll go days without noticing that the WAN link is down if your clients don't use the WAN link.  However, if you use local switching but centralized authentication servers (across the WAN link at the DC for example) this will have an impact on client connectivity.  What will happen then is this:

If the client is associated and authenticated at the time the WAN fails he continues to work until his authentication timer expires, or the session terminates.  If the WAN is still down the reauthentication fails as no authentication server is reachable.

If the client isn't already connected when the WAN is down (so a new client) he just won't connect.

Hope that helps!

Author Comment

ID: 39956728
Thanks for the assistance .
Just to be clear related with the vlan assignment just to be in sync with the new technology, which i am learning :)

Scenario is in this way
I have WLC in DC , where there is AP-Manager (VLAN 60), User WIFI (vlan 61), Voice Wifi (Vlan 62)
Now remote site there is management vlan (vlan 99) , user remote wifi (vlan 100) , voice remote wifi (vlan 101) .
In this case, i need to add interfaces in controller for vlan 60,61,62,vlan 99,100,101
or only add ones in DC .. bit confused here though .

Another question is . in remote site, the native vlan would be the management vlan which in this case is vlan 99 .


LVL 47

Expert Comment

by:Craig Beck
ID: 39956814
Just create 3 interfaces - they will be used as dummy interfaces (attach one to each WLAN at the controller in the DC).

Create your FlexConnect groups then add the WLANs to each group and set the VLAN ID that you want to use for each site within the relevant group.

So, if you create 2 FlexConnect groups, one for SiteA and one for SiteB and both with the same WLANs, you can specify the VLAN ID for each WLAN per FlexConnect group.  This lets you use the data WLAN at SiteA on VLAN 100, but use VLAN 200 at SiteB.

The native VLAN is always the management VLAN.  That's how the AP knows which VLAN to put management traffic on.

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question