Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
3
Helpful
6
Replies

AP Flex Connect

hs08
VIP
VIP

‎05-27-2024 11:12 PM

Hello,

When we use Flex Connect, what happen with the AP when the controller goes down? Is the AP can serve the client? Will client will disassociate  when move across AP?

 

Labels:
0 Helpful
6 Replies 6

Mark Elsen
Hall of Fame
Hall of Fame

‎05-28-2024 12:37 AM

 

               - AP can still server the client , clients can roam and or will not dissociate ,

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

hs08
VIP
VIP
In response to Mark Elsen

‎05-28-2024 12:53 AM

hello @Mark Elsen 

My understanding is we still need controller to make client roaming seamlessly because the authentication will occur on each AP and not centralize in the controller. Please correct me if my understanding is wrong.

0 Helpful

JPavonM
VIP Alumni
VIP Alumni

‎05-28-2024 01:03 AM

In Cisco, APs have cached credentials but as authentication is central, the roaming depend on the WLC. If authentication would be "local", the AP will be the authenticator to talk to the RADIUS servers, but in a WAN down scenario that might not work.

Here you will find all scenarios for Flexconnect APs, it is for AireOS but if Cisco has not added a specific one for IOSXE it is becuase the scenarios are the same ones:

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-wlc-00.html

 

hs08
VIP
VIP
In response to JPavonM

‎05-28-2024 01:09 AM

Currently we not use Radius for the authentication, just using WPA2-PSK. Two question that i have :

  • If controller down then the AP is rebooted, will the AP operate normally?
  • If controller down, will client disassociate for a few second if move/roam across AP for  reauthenticate?
0 Helpful

Rich R
VIP
VIP
In response to hs08

‎05-28-2024 05:32 AM

Hi @hs08 - refer to the document @JPavonM linked for a comprehensive feature matrix.

It all depends how the WLAN (SSID) is configured.  If it is configured for local switching and authentication then it can operate more or less independently of the WLC.  There is always going to be brief disruption when roaming - that's what the roaming assist features are for but they are not all supported for local authentication.  Refer to the config guide for your WLC and code version for more details on each feature.
- What model of WLC are you using?
- What version of software are you using?

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

RxTx
Level 5
Level 5

‎05-28-2024 01:54 AM

From my work experience with vWLC sw 8.10.196.0 and AP 2702 and 3702 with wifi using WPA2-PSK, all AP and vWLC are in LAN, and enabled:

FlexConnect Local Switching

FlexConnect Local Auth

Learn Client IP Address

Flexconnect Arp-Cache

when vWLC it is unavailable:

- I can see brief wifi clients re-associate to AP (disconnection/connection), this are fixed clients, IoT devices on N network running Tasmota where I can see in client console what it is happen.

- New wifi client can connect to AP without problem and can move from one AP to another without problem.

when vWLC it is available and AP reconnect to wlc again I can see all wifi client re-associate to AP (disconnection/connection) and this can be a problem.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card