cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7722
Views
30
Helpful
10
Replies

vWLC + FlexConnect Central Switching

Hello,

I'm experiencing a problem trying to use vWLC (v 8.0.140) + FlexConnect Central Switching.

The device should connect to SSID A and receive, via RADIUS, the VLAN ID = 151.

The SSID A is configured with management interface (VLAN ID 172) and WPA2 + 802.1x.

The APs (1702i and 2702i) are configured with "VLAN Support" enabled (FlexConnect Tab) and the "Native VLAN" is 10. The switch port is configured as access on vlan 10.

A FlexConnect Group is configured for the APs.

I've tried 2 sets of configuration:

Set #1

SSID A config -> Advanced Tab -> FlexConnect Local Switching Disabled 

FlexConnect Group -> ACL Mappings = none.

FlexConnect Group -> VLAN-WLAN Mappings = Nothing configured.

Inside AP config (FlexConnect -> VLAN Mapping tab) I can see the SSID A as a Centrally Switched WLAN, but the VLAN ID = N/A.

Set #2

SSID A config -> Advanced Tab -> FlexConnect Local Switching Enabled + Vlan Based Central Switching enabled

FlexConnect Group -> ACL Mappings -> ACL-VLAN Mapping -> Added VLAN ID 172 with Ingress and Egress ACL = none.

FlexConnect Group -> VLAN-WLAN Mappings = Nothing configured.

Inside AP config (FlexConnect -> VLAN Mapping tab) I cannot see any SSID mapped to Centrally Switched WLAN (all blank), but I can see the VLAN-WLAN mapping to VLAN 172 (management interface).

In both sets, the device is capable to receive an IP Address of VLAN 151 (correct), but the traffic is not forwarded. Using wireshark, I captured pieces of traffic and I was able to see traffic from others devices in VLAN 172 (management). So, I'm receiving the correct IP Address (vlan 151), but my traffic is tunnelled to vWLC in a wrong VLAN (vlan 172).

After v8.1 the Central Switching is disabled on vWLC deployments.

Has someone experienced something similar to this? Has someone any clue?

Thanks

10 Replies 10

gabriel_dima
Level 1
Level 1

Try to use trunk on the switch-port where the AP is connected. Works for me.

Actually my VMware config was missing the promiscuous mode enabled on the port group.

Worked for two days on this problem. Your solution works for me.

sremk
Cisco Employee
Cisco Employee

Hi Anderson,

I guess the below bug should clarify your concern. 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut82883/?referring_site=bugquickviewredir

Also the deployment guide of virtual controller says central switching is no more supported in vWLC.

Below is the snippet from the bug above.

According to the bugid you mention, it refers to that this change was made in order to resolve bugid  CSCut07470 . However, that bugid can't be viewed by non-Cisco employees apparently.

 

Regardless, this limitation severely limits the use cases for a virtual controller. Centrally switched WLAN's is absolutely essential in so many scenarios. The most common one is where you have a common guest WLAN that isn't available on the remote L2 domain(s). Furthermore, there should be a HUGE warning sticker on this product, as the limitations with the WLC aren't immediately apparent, and it's difficult to grasp the use case limitations that arise as a part of these functional limitations.

 

Bottom line: Figure out what causes the issues you were facing that made you disable central switching for WLAN's and fix it. If you don't, you will face angry customers and low sales on this solutions, and customers that need a virtual controller will look for another vendor than Cisco.

 

 

Local mode is not supported on the vWLC, but both central and local switching is. Just wanted to clarify that as it’s in the FlexConnect deployment guide. 

-Scott
*** Please rate helpful posts ***

It used to be like this, however support for central switching with flex-connect on the virtual WLC has been dropped for AireOS 8.0 and newer.

Nope, it isn't (anymore):

 

From the release notes - https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82mr6.html#75970 :

 

Features Not Supported on Cisco Virtual WLCs

  • Cisco Aironet 1850 and 1830 Series APs
  • Internal DHCP server
  • TrustSec SXP
  • Access points in local mode
  • Mobility/Guest Anchor
  • Wired Guest
  • Multicast

Note FlexConnect local-switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic based on IGMP or MLD snooping.


 

  • FlexConnect central switching

Note FlexConnect local switching is supported.


 

  • AP and Client SSO in High Availability
  • PMIPv6
  • EoGRE (Supported in only local switching mode)
  • Workgroup Bridges
  • Client downstream rate limiting for central switching
  • SHA2 certificates
  • Cisco OfficeExtend Access Points

 

So my original comment and opinion still stands.

 

Well... I’m not totally surprised by this. They have done done things like this in the past also. When I was working for a VAR, they would tell us the roadmap of features but never really told us what would be removed. Was a way to push customers to other products unless there were large customers whom still required that feature. They always told us... look at the release notes. Seems to be the easiest path for Cisco to eliminate the data plane and the VM being the issue. Oh well.. at least I’m glad to learn that it’s no longer supported for my knowledge. 

-Scott
*** Please rate helpful posts ***

Just a heads up in the newer code releases:

 

FlexConnect central switching in large-scale deployments


Note

  • FlexConnect central switching is supported in only small-scale deployments, wherein the total traffic on Cisco WLC ports is not more than 500 Mbps.

  • FlexConnect local switching is supported.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: