cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2335
Views
0
Helpful
10
Replies

Local & central switching with flexconnect

Andrew White
Level 2
Level 2

Hello,

I’m slightly confused with our Cisco WiFi at work. We use flexconnect mode on all APs and have a Cisco 5508 in our HQ they connect to. In our regional offices we also have the Cisco APs in flexconnect mode and publish the same SSID, but somehow the users get the same IP as our HQ (where DHCP is) which is ok but how is this even working as the regional LANs are all on different subnets.

 

Does the data get tunneled down to the WLC at the HQ and out of there? When I read up the APs in local mode should do this and not flexconnect.

 

If I go to WLC > Wireless > Access Points > Choose am AP (regional office) > FlexConnect

Here the Native VLAN is set to match the local switch. In there it says locally switch WLANs.

I don't remember how I set those SSIDs to be centrally switched at all, they are grey'd out. How do you set an SSID to be centrally switched like I have?

 

UPDATE: Strange I've gone to one of the SSIDs that we use in the HQ and all remote offices where we all get connected fine and on the same subnet. The APs are set to Flexconnect mode and in the advanced settings the 'FlexConnect Local Switch' option does not have a tick against it.

 

Confused, can someone sum this up for my brain on how this is working?

 

Thanks

10 Replies 10

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Is the box vlan based central switching is checked under advanced settings on your ssid (right below the flexconnect local switching box)?

This option allows for certain ssids to be centrally switched even if your AP is in flexconnect mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

No and can’t be check either. It has a number 13 against it which says ‘VLAN based central switching is not supported with FlexConnect local authentication.’

This is what I see:

Capture.PNG

 

Capture.PNG

You need FoexConnect local switching enabled if you want clients to get DHCP from the local site.  

-Scott
*** Please rate helpful posts ***

This remote site SSID is getting IPs from where the remote WLC is (in London) which is great and how I want it to be, but how is this even working? I’ve published this SSID to all sites and clients all connect fine but all connect to the dhcp scope from London and work fine. So users are seen as if they are on the London LAN. This is great, but how?

Because you are tunneling all the traffic back to the wlc. Local switching means that the traffic will egress the ap to the switch it is connected to and not tunnel traffic back. So what you have is FlexConnect central switching.
-Scott
*** Please rate helpful posts ***

So the fact I’ve not selected local switching and the APs are in Flex mode then it will tunnel the user traffic over the WAN to the WLC? If I was to tick that local switching box then traffic would leave the AP and hit the local switch In the remote office where the AP is connected to and use that LAN instead?

Yes, but make sure you understand what you are doing first. You will take an outage and devices have to get an ip address locally, so make sure dhcp is working. Also the AP must be connected to a trunk port with all the vlans defined on the flex group and the trunk.
FlexConnect is a feature in which the ap doesn't have to have a constant connection to the wlc. However, in flexconnect, you can either tunnel traffic back or drop traffic to the local switch where the ap is connected.
-Scott
*** Please rate helpful posts ***

Oh no I’m not changing anything as it’s set up just right. We had a couple of Cisco consultants set it up a couple of years ago do it all. It’s only now I’m paying closer detail to its setup. I just didn’t understand how APs at remote sites that are connected to their PoE switches broadcast multiple SSIDs, but some SSIDs tunnel back to the remote WLC, so users basically sit on a subnet that does not exist in their office, clever. What is also clever is the same AP broadcasts another SSID that uses the local office subnet. I’m yet to work out how they did this.

So the AP in each office is in FlexConnect mode with 2 SSIDs, one tunnels back to the WLC and the other doesn’t.

Amazing APs.


That is defined in your flexconnect group. The issue with tunneling traffic back, especially if its in a different country per say, is that your url is detected for the country where the egress point is. That at times can be an issue for folks at that site wondering why they are hitting a different site url.
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: