05-23-2022 07:49 AM
Hello,
I am looking for a wireless solution to support remote user in a branch to access the internet and also be able to access HQ network via VPN tunnels. preferably access point to HQ via controller
Any recommendation will be helpful
Thanks
Karim
Solved! Go to Solution.
05-23-2022 01:30 PM
Below are the design guides;
Understand FlexConnect on Catalyst 9800 Wireless Controller - Cisco
FlexConnect Wireless Branch Controller Deployment Guide - Cisco
Hardware wise you simply need AP's which supports FlexConnect (almost all the enterprise wireless AP's sold by Cisco supports flex connect) and WLC's. WLC's will be hosted in both DC's and then depending on your upstream device routing (In your case VPN edge device) you can have AP's register to any DC, if you are advertising both DC's as HUB's then you should be able to have N+1 redundancy.
05-23-2022 08:16 AM - edited 05-23-2022 08:16 AM
Hi
The solution I´d be looking would be the Access Point in Flexconnect. This can solve the first part of your solution which is to have an Access Point remotely but being managed but you WLC on the Data Center.
The Access Point in Flexconnect mode will send all traffic to local network, which is not what you want exactly, but, with the VPN in place you can fix that using split tunnel. Assuming, of course, that the client is able to stablish VPN from the Remote branch.
Once they stablishes VPN and have Split Tunnel you can control which traffic will be send to HQ and which site will be send to the Local internet.
05-23-2022 08:58 AM
Thanks Flavio,
What are the hardware requirement ?
Karim
05-23-2022 09:11 AM - edited 05-23-2022 09:12 AM
Access points dont have big discrepancy between models in terms of hardware. It will depend on the wlc you have today or intend to buy .
You need to worry more about compatibility.
Let me know which wlc you have or intend to have that I recommend you an AP model.
But , if you wish indication for wlc too, 9800 is a good option.
05-23-2022 09:59 AM
Thanks for the info. Can 9800 controller be at the data centers and create secure tunnel to the branch APs?
05-23-2022 10:14 AM
that´s correct. The WLC remains in the Data Center and stablish a capwap tunnel with the AP. All it needs is connectivity.
You can informe the WLC IP to the AP on the DHCP option. You can also manually inform the WLC ip or use DNS resolution by adding "Cisco-capwap-controller.local_domain" to you internal DNS.
05-23-2022 08:28 AM
Design can vary on how the HQ to Branch connectivity will be;
1. MPLS or any private circuit connectivity -
You can deploy AP's in Flexconnect mode, Upstream edge will do the routing and local internet breakout for branch internet connection.
2. VPN connectivity from branch edge to HQ - Same as point 1, upstream L3 device will do the routing.
3. Internet only branches - Consider OEAP, AP will connect via a secure tunnel directly to the HQ.
4. SD-Access - If you have SD-Access capable devices/licenses and DNAC then consider Fabric in a box.
03-26-2023 10:23 AM
I want config mangerment ap via internet. But i don't know how to configure. Please help me !!!!
05-23-2022 08:40 AM
Thanks Arshad,
The design will be Internet only branches with secure tunnel directly to the HQ.. what are the hardware requirement for this connectivity.
I have 2 data centers one in east coast and the other in the west coast for redundancy purposes.
Any design examples or links are helpful.
Thanks
Karim
05-23-2022 01:30 PM
Below are the design guides;
Understand FlexConnect on Catalyst 9800 Wireless Controller - Cisco
FlexConnect Wireless Branch Controller Deployment Guide - Cisco
Hardware wise you simply need AP's which supports FlexConnect (almost all the enterprise wireless AP's sold by Cisco supports flex connect) and WLC's. WLC's will be hosted in both DC's and then depending on your upstream device routing (In your case VPN edge device) you can have AP's register to any DC, if you are advertising both DC's as HUB's then you should be able to have N+1 redundancy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide