• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3288
  • Last Modified:

Cisco Flex Connect Design Scenario

I have a doubt related with the Cisco Flexconnect scenario . I have a scenario where i need to centralize my wireless to 50 other branches , as the main controllers will be located in DC .

Well , these are the client requirements
1. Every site will have their own data , voice and management vlan (for AP) .
2. DHCP will be local

Now my question is as follows
1. In the main controller, i need to add for every site vlan (ie for 50 sites in total times 3 vlans ) in the controller and in the switch for SVI . ?
2. Is it recommended to have centralized AP management for all 50 sites together , so that i can have one native vlan in the remote site, lets say vlan 100 ( for AP management) . Or is it recommended to have different IP for AP management , in this case, what would be the native vlan, will it be the AP management ?
3. What happens when WAN link is down ? how long can the access point work without WAN connectivity ?

Highly appreciate your kind help and support.


  • 2
  • 2
1 Solution
infiniti7181Author Commented:
Folks any update :)
Craig BeckCommented:
1] If the VLANs are switched at the site in true FlexConnect fashion, you don't need to create interfaces on the WLC for these.  All you need to do is configure FlexConnect groups if you want to use dissimilar VLAN IDs at each site.

For example, if you want to put APs 1, 2 and 3 at Site A, and APs 4, 5 and 6 at Site B you should create two FlexConnect groups, with APs 1-3 in one group and APs 4-6 in the other group.  This will let you specify VLAN ID 10 for data at Site A and VLAN ID 20 for data at Site B.

Make sense?

2] Following on from [1] you can have a dedicated VLAN/subnet for AP management (that's actually recommended) at each site.  Again, this VLAN ID can be different per site if you use FlexConnect groups and is defined by setting the Native VLAN ID parameter for each AP in its own FlexConnect tab.  The WLC will technically only need a management interface but it's better to create 'dummy' interfaces for each SSID so that there's no chance of traffic inadvertently being routed across the management VLAN.

So, you'd create 3 'dummy' interfaces, one for each SSID, then tag each one to the WLANs you created.  That satisfies the WLC's requirement to have an interface attached to each WLAN even though the traffic is locally switched at the branch LAN.

3] When the WAN link goes down the AP goes into standalone mode.  This has several sub-states based on how the WLANs are configured.  If your WLANs are configured to use local site switching and local authentication servers (the best approach for resiliency) you'll go days without noticing that the WAN link is down if your clients don't use the WAN link.  However, if you use local switching but centralized authentication servers (across the WAN link at the DC for example) this will have an impact on client connectivity.  What will happen then is this:

If the client is associated and authenticated at the time the WAN fails he continues to work until his authentication timer expires, or the session terminates.  If the WAN is still down the reauthentication fails as no authentication server is reachable.

If the client isn't already connected when the WAN is down (so a new client) he just won't connect.

Hope that helps!
infiniti7181Author Commented:
Thanks for the assistance .
Just to be clear related with the vlan assignment just to be in sync with the new technology, which i am learning :)

Scenario is in this way
I have WLC in DC , where there is AP-Manager (VLAN 60), User WIFI (vlan 61), Voice Wifi (Vlan 62)
Now remote site there is management vlan (vlan 99) , user remote wifi (vlan 100) , voice remote wifi (vlan 101) .
In this case, i need to add interfaces in controller for vlan 60,61,62,vlan 99,100,101
or only add ones in DC .. bit confused here though .

Another question is . in remote site, the native vlan would be the management vlan which in this case is vlan 99 .


Craig BeckCommented:
Just create 3 interfaces - they will be used as dummy interfaces (attach one to each WLAN at the controller in the DC).

Create your FlexConnect groups then add the WLANs to each group and set the VLAN ID that you want to use for each site within the relevant group.

So, if you create 2 FlexConnect groups, one for SiteA and one for SiteB and both with the same WLANs, you can specify the VLAN ID for each WLAN per FlexConnect group.  This lets you use the data WLAN at SiteA on VLAN 100, but use VLAN 200 at SiteB.

The native VLAN is always the management VLAN.  That's how the AP knows which VLAN to put management traffic on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now