cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2898
Views
5
Helpful
6
Replies

How Flex connect in WLC works?

vinothkumar.a
Level 1
Level 1

How flex connect in wlc works? Does it form any VPN tunnel from remote site AP to centralized WLC over WAN? I am bit confused over it's WAN operation. Really appreciate if anyone can help on this.

1 Accepted Solution

Accepted Solutions

You will need either a tunnel to connect both sites, or you can an AP connect through a public IP address using NAT. The AP will register at the WLC, get the image, config, etc. Afterwards, you can set the AP mode to Flexconnect, and configure your WLAN as FlexConnect Local Switching. This way, only control traffic like associations, authentications will go over WAN to the WLC and the data traffic stays local to the AP site.

Check the below statments from this link https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69561-wlc-faq.html

You can place the LAP under NAT. On the AP side, you can have any type of NAT configured.

But on the WLC side, you can have only 1:1 (Static NAT) configured and the external NAT IP address configured on dynamic AP management interface (only for Cisco 5500 Series Controllers). PAT cannot be configured on the WLC side because LAPs cannot respond to WLCs if the ports are translated to ports other than 5246 or 5247, which are meant for control and data messages.

Note: Select the Enable NAT Address check box and enter the external NAT IP address if you want to be able to deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT). NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller's intranet IP addresses to a corresponding external address. The controller's dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.
** Please rate helpful posts **

CCIE #58023

View solution in original post

6 Replies 6

thanks. I have gone through this documents, I need to know how the communication happens over WAN? how CAPWAP tunnel is formed b/w AP and WLC over WAN?

No difference in CAPWAP process. Simply use UDP 5247 for capwap-data & UDP 5246 for capwap-control.

 

If you configured WLAN for FlexConnect local switching, then data traffic is locally terminated at AP (& to the AP connected switch), In that case only control traffic is capwap back to WLC.

 

If WLAN is configured for central switching, then both data & control traffic is capwap back to WLC (similar to local mode operation)

 

HTH

Rasika

*** Pls rate all useful responses ***

Hi Rasika,

Thanks.I understand these. My point is how capwap tunnel is formed over WAN? Like does both sites need to form VPN tunnel

You will need either a tunnel to connect both sites, or you can an AP connect through a public IP address using NAT. The AP will register at the WLC, get the image, config, etc. Afterwards, you can set the AP mode to Flexconnect, and configure your WLAN as FlexConnect Local Switching. This way, only control traffic like associations, authentications will go over WAN to the WLC and the data traffic stays local to the AP site.

Check the below statments from this link https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69561-wlc-faq.html

You can place the LAP under NAT. On the AP side, you can have any type of NAT configured.

But on the WLC side, you can have only 1:1 (Static NAT) configured and the external NAT IP address configured on dynamic AP management interface (only for Cisco 5500 Series Controllers). PAT cannot be configured on the WLC side because LAPs cannot respond to WLCs if the ports are translated to ports other than 5246 or 5247, which are meant for control and data messages.

Note: Select the Enable NAT Address check box and enter the external NAT IP address if you want to be able to deploy your Cisco 5500 Series Controller behind a router or other gateway device that is using one-to-one mapping network address translation (NAT). NAT allows a device, such as a router, to act as an agent between the Internet (public) and a local network (private). In this case, it maps the controller's intranet IP addresses to a corresponding external address. The controller's dynamic AP-manager interface must be configured with the external NAT IP address so that the controller can send the correct IP address in the Discovery Response.
** Please rate helpful posts **

CCIE #58023

I nat the management ip strip of ap to another public ip strip. Currently, ap cannot connect to the controller

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: