Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
244344
Views
40
Helpful
36
Comments

Wireless LAN FlexConnect Configuration Example

baramamu
Community Member

‎04-27-2012 12:33 AM - edited ‎11-18-2020 02:58 AM

 

 

Introduction

 

FlexConnect is a wireless solution for branch office and remote office deployments. Prior to WLC Release 7.2, FlexConnect was referred as Hybrid REAP (HREAP). Now it is called FlexConnect.

FlexConnect feature enables customers to configure and control Access Points through a wide area network (WAN) link without deploying a controller in each branch office. The FlexConnect access points can switch client data traffic and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

FlexConnect is supported on the Cisco Aironet 1130AG, 1140, 1240, 1250, 1260, AP801, AP802, AP3550, and Cisco Aironet 600 Series OfficeExtend Access Points on the Cisco WiSM, Cisco 5500, 4400, 2100, 2500, and Flex 7500 Series Controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch; the Controller Network Module for Integrated Services Routers.

Information About FlexConnect

FlexConnect (previously known as Hybrid Remote Edge Access Point or H-REAP) is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

Figure shows a typical FlexConnect deployment.

 

 

Configuring the Wireless LAN Controller for FlexConnect (GUI)

  1. Choose WLANs from Controller web interface to open the WLANs page.
    wlc1.gif
     
  2. From the drop-down list, select Create New option and click on Go to open the WLANs > New page.
     
    wlc2.gif
     
  3. From Type drop-down list, choose WLANS.
    wlc3.gif
     
  4. In the Profile Name text box, enter a unique profile name for the WLAN. In this example Profile Name is Flexcon.
  5. In the WLAN SSID Text box, enter a name for WLAN. In our example, SSID is FlexWIFI.
  6. From the WLAN ID drop-down list, choose the ID number for this WLAN. Here WLAN ID is 4.
  7. Click on Apply to save your changes.
     
    wlc7.gif
     
  8. Once we apply the changes, Edit page appears. The controller can be configured for FlexConnect in both centrally switched and locally switched WLANs. In this example, lets configure the controller for FlexConnect in a locally switched WLAN.
  9. In the General tab, select the Status check box to enable the WLAN.
     
    wlc8a.gif
     
    10. In the Security > Layer 2 tab, select WPA+WPA2 from the Layer 2 Security drop-down list and then set the WPA+WPA2 parameters as required.
    wlc8b.gif
     
11.     In the Advanced tab, select the FlexConnect Local Switching check box to enable local switching for the WLAN. Click Apply to save your changes. Click Save Configuration to save your changes.
 
wlc8c.gif
 
  1. We can verify the configuration of the FlexConnect in WLANS tab
     
    wlc11.gif

 

Configuring an Access Point for FlexConnect (GUI)

 

  1. Select Wireless to open the All APs page. And click the name of the desired access point. In our example click on AP_3500E. The All APs >
Details page appears.
ap1.gif
 
  1. Select FlexConnect from the AP Mode drop-down list to enable FlexConnect for AP_3500E access point.
    ap2.gif
     
  2. Click Apply to save your changes and the AP will reboot
     
    ap4.gif
     
     
  3. After the reboot the AP will have Flexconnect Tab. Click on FlexConnect tab to open the All APs > Details for (FlexConnect) page. Note: If the access point belongs to a FlexConnect group, the name of the group appears in the FlexConnect Name text box.
     
    ap5.gif
     
Select the VLAN Support check box and enter the number of the native VLAN on the remote network (such as 100) in the Native VLAN ID

text box.

 

ap6.gif
 
 
  1. Click Apply to save the changes. The access point temporarily loses its connection to the controller while its Ethernet port is reset.
  2. Click the name of the same access point and then select the FlexConnect tab.
  3. Click VLAN Mappings to open the All APs > Access Point Name > VLAN Mappings page.
     
    ap9.gif
     
Enter the number of the VLAN from which the clients will get an IP address when doing local switching (VLAN 61, in this example) in the VLAN

ID text box

 
ap10.gif
  1. Click Apply to commit your changes.
  2. Click Save Configuration to save your changes
     
    ap12.gif
     

Verifying the client connectivity

Choose MONITOR > Clients or MONITOR > Summary to verify whether the clients are getting associated to the Flexconnect AP.

 

Client1.gif

More Information

Cisco Wireless LAN Controller Configuration Guide - Configuring FlexConnect

Cisco WLC Configuration Guide, Release 7.5 - Configuring FlexConnect

Comments
iskoy.istem
Level 1
Level 1
‎04-24-2013 07:04 PM

Hi,

can i have a locally switched VLAN gateway to a local internet connection in a branch?

mvoegtlin
Level 1
Level 1
‎04-24-2013 11:56 PM

Hi Joseph

Yes, that's what I used the feature for.

JEFF SPRADLING
Level 1
Level 1
‎09-06-2013 01:38 PM

Any way to set the AP flexconnect parameters for all the AP's, or do you have to hit each one individually?

ALIAOF_
Level 6
Level 6
‎03-07-2014 01:44 PM

Great document, I do have a question about this part:

Select the VLAN Support check box and enter the number of the native  VLAN on the remote network (such as 100) in the Native VLAN ID text box.

This Native VLAN that I define here on the 5508 WLC at the corporate site this would be the native VLAN of the remote site not the Corporate site correct?

FlexConnect group what is that for exactly?

Also 5508 supports 100 AP groups and 25 AP's per group so that equates to 2500 AP's however max AP support on 5508 is 500 AP's.  Can someone confirm what is the exact number?

IngGerardo013
Level 1
Level 1
‎05-12-2014 10:36 AM

Hi there,

Configuration it seems not so complicated, I am goint to implement it next wednesday on the remote office, on the central office they have a virtual WLC with the latest release 7.6.100. reading this document, I get a little doubts, 

1.- If the AP is on remote office,  How can I tell to the AP that look for virtual WLC that is on central office to get registered? if the AP look for VWLC locally (making broadcast that no pass over the WAN link).

 

2.- How the virutal WLC will know that the native vlan specified (for the AP) on this configuration example is across the WAN link?

 

3.- What considerations we neet to take making reference to routing (on switch core of the remote office, radius servers and certificates)

 

4.- We need to create interfaces on the virtual WLC?...

 

 

Thanks a lot for yor inputs. I will apreciate so much.

 

 

 

junajunction
Level 1
Level 1
‎09-19-2014 02:35 PM

Hi guys, I have an issue on flexconnect with remote site. we are extending our ssid's to remote offices.

the int used while making the ssid flexconnect was management int which is in vlan 116. in the remote office we need to make vlan mappings for guest. in the remote site our native vlan is 1 and after completing the vlan mapping for guest and ssid network for employees with native vlan 1,the users are unable to obtain ip address from the dhcp server thru wireless.

the local lan vlan is in vlan 1 and the ap's also have management address fro the same vlan.

 

Thanks

junajunction
Level 1
Level 1
‎09-19-2014 02:36 PM

Hi guys, I have an issue on flexconnect with remote site. we are extending our ssid's to remote offices.

the int used while making the ssid flexconnect was management int which is in vlan 116. in the remote office we need to make vlan mappings for guest. in the remote site our native vlan is 1 and after completing the vlan mapping for guest and ssid network for employees with native vlan 1,the users are unable to obtain ip address from the dhcp server thru wireless.

the local lan vlan is in vlan 1 and the ap's also have management address fro the same vlan.

 

Thanks

abhisar patil
Level 1
Level 1
‎11-01-2014 04:15 AM

Dear,

 

Thank you for the same. I just want to know whether we can do guest authentication(time based access) for the users on AP at remote site and after authetication internet access should go via local gateway?

Please share any guide.

 

Thank You,

Abhisar

ejlbarcelon
Level 1
Level 1
‎07-14-2015 06:05 AM

it is not working on my case. when i do a show client detail it still gets VLAN36 instead of VLAN 100

Session Timeout.................................. 1800
Client CCX version............................... 4  
Client E2E version............................... 1  
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
  APSD ACs.......................................  BK(T/D)  BE(T/D)  VI(T/D)  VO(T/D)
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
    ............................................. 12.0,18.0,24.0,36.0,48.0,
    ............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes

--More-- or (q)uit
Audit Session ID................................. 0a0501040000000455a56de3
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... SimpleIP
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
FlexConnect Data Switching....................... Local
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central

--More-- or (q)uit
FlexConnect Central Association.................. No
Quarantine VLAN.................................. 0
Access VLAN...................................... 36
Local Bridging VLAN.............................. 36

nickhesson
Level 1
Level 1
‎09-25-2015 05:52 PM

I hope this isn't a stupid question.  But can someone decode this sentence in step 8:

 The controller can be configured for FlexConnect in both centrally switched and locally switched WLANs. 

Isn't FlexConnect = Locally Switch?  Or is that just saying FlexConnect APs can have centrally Switched WLANs?

Thanks,

Nick

henrikilves
Level 1
Level 1
‎10-13-2015 02:02 AM

Hi,

You can select local or central switching per ssid.

 

See link:

https://supportforums.cisco.com/discussion/12317706/understanding-flexconnect-local-vs-central-switching-and-wlc-failover-scenario

Hope it helps

mksbl0001
Level 1
Level 1
‎05-24-2017 11:39 PM

Hi ,

is it possible from prime or solar-wind to validate all SSID's VLan mapping from Prime ?

I have couple of Flext connect enabled access points which are configured with 6/7 SSID's each SSID has different Vlan.

so for verification, is it possible to compare  VLAN mapping for all Ap with a specific Access point.

alexander kobayashi
Level 1
Level 1
‎02-20-2018 05:36 AM

can we use flexconnect local switching by don't enable vlan support at APS ?

cm467
Level 1
Level 1
‎11-23-2018 08:21 AM

Just asking another FlexConnect question since we are on the topic:

I have 5 sites with their own WLC 5508 controller. I will like to use FlexConnect to downgrade to only one WLC that provides for LAPs in all 5 locations.   The question is, what happens to the communications between the AP's and the WLC?  WIll they all go through the MPLS backbone?  I am concerned that these chatty communications between the WLC and the AP's will bogg down the MPLS network. 

kapydan88
Level 4
Level 4
‎12-21-2019 01:00 PM

But how should be configured port on the switch to which the controller is connected?????

 

For example, we install WLC 3504 in main DC, but all APs is located in remote offices. If i understood correctly, port on the switch to which WLC 3504  is connected in this case must be configured like "access" port, for one vlan only - management vlan for wifi in DC?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents