Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
245548
Views
40
Helpful
36
Comments

Wireless LAN FlexConnect Configuration Example

baramamu
Community Member

‎04-27-2012 12:33 AM - edited ‎11-18-2020 02:58 AM

 

 

Introduction

 

FlexConnect is a wireless solution for branch office and remote office deployments. Prior to WLC Release 7.2, FlexConnect was referred as Hybrid REAP (HREAP). Now it is called FlexConnect.

FlexConnect feature enables customers to configure and control Access Points through a wide area network (WAN) link without deploying a controller in each branch office. The FlexConnect access points can switch client data traffic and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

FlexConnect is supported on the Cisco Aironet 1130AG, 1140, 1240, 1250, 1260, AP801, AP802, AP3550, and Cisco Aironet 600 Series OfficeExtend Access Points on the Cisco WiSM, Cisco 5500, 4400, 2100, 2500, and Flex 7500 Series Controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch; the Controller Network Module for Integrated Services Routers.

Information About FlexConnect

FlexConnect (previously known as Hybrid Remote Edge Access Point or H-REAP) is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

Figure shows a typical FlexConnect deployment.

 

 

Configuring the Wireless LAN Controller for FlexConnect (GUI)

  1. Choose WLANs from Controller web interface to open the WLANs page.
    wlc1.gif
     
  2. From the drop-down list, select Create New option and click on Go to open the WLANs > New page.
     
    wlc2.gif
     
  3. From Type drop-down list, choose WLANS.
    wlc3.gif
     
  4. In the Profile Name text box, enter a unique profile name for the WLAN. In this example Profile Name is Flexcon.
  5. In the WLAN SSID Text box, enter a name for WLAN. In our example, SSID is FlexWIFI.
  6. From the WLAN ID drop-down list, choose the ID number for this WLAN. Here WLAN ID is 4.
  7. Click on Apply to save your changes.
     
    wlc7.gif
     
  8. Once we apply the changes, Edit page appears. The controller can be configured for FlexConnect in both centrally switched and locally switched WLANs. In this example, lets configure the controller for FlexConnect in a locally switched WLAN.
  9. In the General tab, select the Status check box to enable the WLAN.
     
    wlc8a.gif
     
    10. In the Security > Layer 2 tab, select WPA+WPA2 from the Layer 2 Security drop-down list and then set the WPA+WPA2 parameters as required.
    wlc8b.gif
     
11.     In the Advanced tab, select the FlexConnect Local Switching check box to enable local switching for the WLAN. Click Apply to save your changes. Click Save Configuration to save your changes.
 
wlc8c.gif
 
  1. We can verify the configuration of the FlexConnect in WLANS tab
     
    wlc11.gif

 

Configuring an Access Point for FlexConnect (GUI)

 

  1. Select Wireless to open the All APs page. And click the name of the desired access point. In our example click on AP_3500E. The All APs >
Details page appears.
ap1.gif
 
  1. Select FlexConnect from the AP Mode drop-down list to enable FlexConnect for AP_3500E access point.
    ap2.gif
     
  2. Click Apply to save your changes and the AP will reboot
     
    ap4.gif
     
     
  3. After the reboot the AP will have Flexconnect Tab. Click on FlexConnect tab to open the All APs > Details for (FlexConnect) page. Note: If the access point belongs to a FlexConnect group, the name of the group appears in the FlexConnect Name text box.
     
    ap5.gif
     
Select the VLAN Support check box and enter the number of the native VLAN on the remote network (such as 100) in the Native VLAN ID

text box.

 

ap6.gif
 
 
  1. Click Apply to save the changes. The access point temporarily loses its connection to the controller while its Ethernet port is reset.
  2. Click the name of the same access point and then select the FlexConnect tab.
  3. Click VLAN Mappings to open the All APs > Access Point Name > VLAN Mappings page.
     
    ap9.gif
     
Enter the number of the VLAN from which the clients will get an IP address when doing local switching (VLAN 61, in this example) in the VLAN

ID text box

 
ap10.gif
  1. Click Apply to commit your changes.
  2. Click Save Configuration to save your changes
     
    ap12.gif
     

Verifying the client connectivity

Choose MONITOR > Clients or MONITOR > Summary to verify whether the clients are getting associated to the Flexconnect AP.

 

Client1.gif

More Information

Cisco Wireless LAN Controller Configuration Guide - Configuring FlexConnect

Cisco WLC Configuration Guide, Release 7.5 - Configuring FlexConnect

Comments
stephen.marshall
Community Member
‎05-15-2012 08:44 PM

Hi there - just a point of confusion for my self that I would like clarified. Please can you confirm whether or not the Aironet 1040 series APs support HREAP?

many thanks

Stephen Marshall

dgohain
Cisco Employee
Cisco Employee
‎05-22-2012 06:07 AM

Yes stephen 1040 is supported

.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Vinayaka Raman
Level 1
Level 1
‎05-23-2012 03:54 AM

remote office ap registered to corporate off wlc in flex connect mode..

i wanted to ensure they recieve ip address from the local wlc not the wlc configured on controller

how can i acheive this ?

dgohain
Cisco Employee
Cisco Employee
‎05-23-2012 05:55 AM

are you talking about a single wlc in the corporate site and a ap on the local site and you want clients to get ip from the local DHCP server than follow this document:

http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml

mvoegtlin
Level 1
Level 1
‎09-02-2012 06:55 AM

Hi

I configured flexconnect as described. But my clients dont't have connectivity to the local network.

I used vlan 2334 vor Clients and vlan 186 as native vlan,

I'm running code

7.2.110.0 on 5500 controller and 1242bg Access Points

mvoegtlin
Level 1
Level 1
‎09-02-2012 08:40 AM

I've got some additional information on my problem:

I checked the MAC addresse on the switch interface. There is no mac address entry on the client vlan.

The switch configuration ist correct. I don't use any authentication on the wirless LAN.

Has someone an idea why my setup is not working?

I also tried a vlan number 310 (standard vlan instead of extended vlans) for clients -> no difference

Thanks for your support.

Scott Fella
Hall of Fame
Hall of Fame
‎09-02-2012 09:22 AM

Your switchport is a trunk port correct and it's allowing the native vlan of the ap and vlan 310?  Can you post you ap switchport config. Is spanning-tree forwarding vlan 310 on that port?

mvoegtlin
Level 1
Level 1
‎09-02-2012 12:07 PM

Hi Scott

Thanks for your help.

Here ist the switch config. The AP is working fine. I have access to the AP, but client traffic is obviousliy not bridged to vlan 2335. I set the AP mode flex connect and the native vlan to 310. In the vlan mapping section on the AP, I set the SSID to vlan 2335.

interface GigabitEthernet3/18

switchport access vlan 310

switchport trunk encapsulation dot1q

switchport trunk native vlan 310

switchport trunk allowed vlan 310,331,2335

switchport mode trunk

switchport port-security

switchport port-security violation restrict

no snmp trap link-status

spanning-tree portfast trunk

spanning-tree bpduguard enable

switch#sh spann int gig 3/18

Vlan                Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

VLAN0310            Desg FWD 19        128.146  P2p Edge

VLAN0331            Desg FWD 19        128.146  P2p Edge

VLAN2335            Desg FWD 19        128.146  P2p Edge

Scott Fella
Hall of Fame
Hall of Fame
‎09-02-2012 01:25 PM

I would test with a vlan that has a lower id. I never used vlans above 999 to be honest. This will just prove of its the high vlan id or not. I woul also remove the port security on the trunk port.

mvoegtlin
Level 1
Level 1
‎09-02-2012 02:14 PM

Hi Scott

I already checked with vlan id 331. But the port-security is a good hint.

I just checked the switch and saw that Security-Violation counters are at a high level on that port. I'm pretty sure that port-securtiy is the problem. I'm sorry, just wasn't aware of this configuration. I will test it tomorow and give a feedback.

mvoegtlin
Level 1
Level 1
‎09-09-2012 10:51 PM

Hi Scott

Yes, as you were right. Port security on the LAN Switch was the problem. Thanks once again, and sorry for my silly question. Should have seen it myself .

shamax_1983
Level 3
Level 3
‎11-11-2012 09:06 PM

Hi All,

Can I use the Native vlan to map one of the SSIDs ?

Thanks

Shamal

rasyadanr
Community Member
‎12-05-2012 07:51 PM

Hi Markus/Scott,

Where is the configuration of the swith took placed? the access switch that connect directly to AP or at the core/distribution switch? I have 40 APs at remote site which the controller resides at HQ. The connection between APs and controller seems ok. The APs got the dynamic ip address and joined the controller. Sadly, the clients at remote site do not get the ip address after connected to the SSID. The WAN connection between the HQ & remote site is using access port via MetroE network.

Please help me to rectify this problem. Thank you in advance.

shamax_1983
Level 3
Level 3
‎12-05-2012 08:02 PM

Do your remote users reside in seperate VLAN to what the Access Points are in ?

If so, for the customers to get an IP from there specific VLAN, you sould either have a dhcp ip-helper address defined on the local router (remote router) or have DHCP server available locally.

mvoegtlin
Level 1
Level 1
‎12-05-2012 10:04 PM

Hi Rasyadan

On the access switch you have to configure the access VLAN (L2).

On the next hop (L3) you have to configure the IP-Helper for the dhcp server.

The configuration is similar to “normal” wired switched environment.

Using flex connect, IP-Helper addresses configured on the controller have no effect.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents