I'm implementing flexconnect for a customer and I would kindly need your support, as we have a problem with internet reachability from clients. I'd like to point out that this is not a branch office but it's their only office, so from the beginning it's not a best practice to implement flexconnect, in fact at first we opted to configure the AP in local mode (the standard one) and everything work
The architecture currently consists of 2 distribution cores (9500) that are directly connected to perimeter switch which in turn is connected the Huawei cpe (of service provider) . The only routing is a default route versus CPE.
WLC 3540 (in SSO mode) are connected to 2 access switches because the customer is not yet in possession of the transceivers to connect them to the CORE (even this thing is not a best practice).
Today doing some tests and enabling the flexconnect as Cisco guide and with Central DHCP (so we don't have to create the pools on the access switches), we had problems with the traffic to the internet; first of all the ip is released correctly but, from a traceroute we saw that the packets get stuck to the CORE, which it didn't do in the local mode (in fact before it was released correctly on the internet). As for the internal traffic, even between different vlan, the flexconnect works correctly not passing through the WLC.
is it possible that the NAT-PAT option of the DHCP central does a weird NAT and my client presents itself with another ip that is then blocked by the perimeter switch with an ACL? (customer doesn't have any Firewall yet). I don't have privilige to access in this switch because is managed by service provider.
The Flexconnect configuration is done as standard: I configured the port of the switch where the ap is connected with the native management vlan and the other vlan in allowed; I did the vlan mapping on the ap and enabled the flexconnect local switching under the WLAN.
I don’t understand why you have SSO with FlexConnect with one building, what is the use case for this design? Anyways, there is a difference when FlexConnect is enabled as you can have centrally switched or locally switched. Then it also depends on how your FlexConnect groups are defined. Once you understand your current design, look at how the traffic egress out so you know where the issue might be. If local connectivity if fine, then I don’t see any issue with the wireless. If the issue is with internet, then look at your NAT and make sure that is not an issue.
[ The link to the discussion will be published on November 10th ]
This event is an opportunity to discuss the LTE market trends from a consumer perspective, highlighting the 4G LTE service from Cisco Enterprise BU. Furthermore, we will discuss the strateg...
Hi All,We have 9100 AP trying to join on 9800 WLC. When AP try to join controller it gives below error Sending Join request to 172.16.31.66 through port 5254Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Join(5)Discarding msg CAPWAP...
Hello, I hope somebody has a solution for the issue I am facing. I have 2 WAP150's, both with firmware 126.96.36.199, and I am not able to save a specific change. Under Wireless > Radio > Advanced Settings > Legacy Rate Sets I can unselect ra...
Hey Guys,I Have several 1600 Series AP's (AIR-CAP1602I-ZK9) that was working with WLC before, I changed them with 1800 series but would like to use 1600 Access Points series independently and without WLC for somewhere else, so I want to know do they...