10-07-2014 01:07 AM - edited 07-05-2021 01:39 AM
Dear Team,
This is regarding Cisco CAP registering through VPN to remote WLC, this we can achieve. I want to the know the user traffic ex. Guest, it will be routed through VPN and then to internet or is there any way that we can route the traffic locally to internet. I have two SSIDs Guest and Staff.
Please help to clarify.
Thank You,
Abhisar.
Solved! Go to Solution.
10-07-2014 01:48 AM
Hi Abhisar,
If you configure this AP into FlexConnect mode (by default it is local mode) & then enable local switching for the SSIDs you want to locally terminate traffic.
Refer FlexConnect config guide related to the software version you are running on your WLC
HTH
Rasika
**** Pls rate all useful responses ****
10-07-2014 02:10 AM
Hi,
Please go though the link which I shared. What you are asking is normally used and is very much possible.
"I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally."
This is central authentication and local switching. So for initial authentication , WLC will be used and after that for DHCP and local traffic route ..local vlans would be used. Although here , several other variations are possible as given in that link. You can have same ssid at central and at remote.
Go through that deployment guide for setting it up
Regards
Dhiresh
**** Pls rate all useful responses ****
10-07-2014 01:45 AM
Hi ,
Which VPN?//
AP to get register to WLC need reachability to the WLC and specific ports to be opened for capwap.If you dont want user traffic to be sent to the WLC , use Flex connect local switching to dump the user traffic to the local switch. From there on , it would be your switch and routers who would take that data to the Internet , the way they do for wired users.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/Flex_7500_DG.html
There are other Cisco remote solution also like OEAP but for this requirement flex deployment looks best.
Regards
Dhiresh
10-07-2014 02:02 AM
Dear Rasika/Dhiresh,
Thank you for your reply. Just one confirmation regarding SSIDs.
I have four access points and WLC 2504 in main branch with Guest and Staff SSIDs. Now, when I connect new 2600 APs in remote branch and register to WLC 2504(Over Site to Site VPN), I will get same SSIDs in remote branch as well, correct? And then use flexconnect and local switch to route traffic locally or I have to configure new SSIDs with new DHCP scope at remote office?
I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally.
Please clarify how will be the setup.
Thank You,
Abhisar.
10-07-2014 02:10 AM
Hi,
Please go though the link which I shared. What you are asking is normally used and is very much possible.
"I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally."
This is central authentication and local switching. So for initial authentication , WLC will be used and after that for DHCP and local traffic route ..local vlans would be used. Although here , several other variations are possible as given in that link. You can have same ssid at central and at remote.
Go through that deployment guide for setting it up
Regards
Dhiresh
**** Pls rate all useful responses ****
10-07-2014 02:42 AM
Dear Dhiresh,
Thank you. I will check the guide, will come back if something.
Thank You,
Abhisar.
10-07-2014 01:48 AM
Hi Abhisar,
If you configure this AP into FlexConnect mode (by default it is local mode) & then enable local switching for the SSIDs you want to locally terminate traffic.
Refer FlexConnect config guide related to the software version you are running on your WLC
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide