Solved: Multiple Branch Offices with different subnets needs APs, DHCP and WLC in the Data Center

shamax_1983 · ‎10-12-2012

Hi all,

We have 40+ branch offices. Each branch office has 2 vlans, 10(staff),100(guest). IP Subnets assigned to each VLAN is unique amoung all branches. All hosts gets and IP from the DHCP server in the Data center and they get an IP from the specific pool depending on which subnet the client is connected to.

Branch offices are in a MPLS L3 cloud. Data center has no Layer 2 transparency to branch VLANs.

We need to deploy centralized WLC (5508) in the data center. Each site gets one AP (3500 series) . Each AP will have 2 WLANS, "Staff" and "Guest".

Requirement :

When a staff member wants to connect to AP in their own site, he will choose "Staff" SSID from the available WLANs, we need him to get an IP address through DHCP server ( in the datacenter from the same server ) from the same pool that is specific to that Site/subnet.

Can we do this? Does this need us configuring Dynamic interfaces assigning IPs from each subnet and then mapping those interfaces to WLANs defined in the WLC. If that's the case shouldn't I have each WLAN/SSID uniquely as in "Staff_site1" , "Staff_site2"... "Guest_site1", "Guest_site2"..

OR is there any easy way ?

PS: I looked at H-REAP but in our case, we can't use locally configure DHCP in each site. Even the AP is getting it's management IP from remote Data center DHCP server

Thanks in advance.. Really appreciate your input.

Stephen Rodriguez · ‎10-12-2012

HREAP/FlexConnect would still work.

The difference is that HREAP bridges the packet down to the local LAN, and the packet then follows the routing rules for that site. So if you have IP helpers on the local router that point to the DC for DHCP that is where they will get there addresses from.

With HREAP you would only need the two SSID Staff and Guest, then map them to the local VLAN ID for the site.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Yahya Jaber · ‎10-12-2012

Hi,

should each SSID in the site has the name of the site? staff_site1 staff_site2?

if not necessary, create simple 2 ssid's

if its necessary, create per site SSID, then create only 2 interfaces "staff and site" and bind the interfaces to different SSID.

staff_site 1 =====>interface staff

staff_site 2=====> interface staff

staff_site 3=====> same interface

.

and same on guest.

Rate if answered

Stephen Rodriguez · ‎10-12-2012

HREAP/FlexConnect would still work.

The difference is that HREAP bridges the packet down to the local LAN, and the packet then follows the routing rules for that site. So if you have IP helpers on the local router that point to the DC for DHCP that is where they will get there addresses from.

With HREAP you would only need the two SSID Staff and Guest, then map them to the local VLAN ID for the site.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

shamax_1983 · ‎10-12-2012

Thanks Stephen, did not see this reply until after I typed the big discription below. This is what I wanted to know. I will test this out and let you know how I went. really appreciate it.

shamax_1983 · ‎10-12-2012

Hi Yahya,

Thanks for your quick reply. May be my question needs more clarification, This is how subnet's are allocated.

Site1

192.168.1.0/24 : Staff VLAN

192.168.101.0/24 : Guest VLAN

Site2

192.168.2.0/24 : Staff VLAN

192.168.102.0/24 : Guest VLAN

Site2

192.168.3.0/24 : Staff VLAN

192.168.103.0/24 : Guest VLAN

Normally when wired hosts are connected, depending on the VLAN the PC is plugged in to, it will get a DHCP IP assignment from the DHCP server located in the Remote Data Center.

The way it works is, Routers at each branch site has ip-helper address (on each VLAN sub interface )pointing the remote DHCP data center. So from the DHCP servers' point of view, it knows which subnet the DHCP request is coming from and the DHCP server knows which specific IP pool it should hand out the IP address from. (For example if the router at Site1 requested an IP on behalf of its local host using it's VLAN sub interface 192.168.1.254, Server will give out an IP 192.168.1.2/24 and other information specific to that subnet )

As for the Wireless clients, I want the same thing to happen. For example, if the client is in Site1, and if he wants to connect to the "Staff" WLAN, I want him to receive and IP address from the 192.168.1.0/24 range and it should come out from the same DHCP server.

PS: There is no need that the clients local traffic should be switched locally inside the local switch (If it does, it's a bonus) because most resources are located in the Data Center anyway.

hope this clears things for you.

Please give your feed back. Thanks

Yahya Jaber · ‎10-12-2012

Hi,

AP group for each site ===> to make sure the SSID broadcasted in each site is the correct one.

two interfaces for each site and bind them to thier SSID.

thats what i see.