APs forward traffic after WLC goes down

pankaj.bandewar · ‎03-23-2017

Scenario : 1.We have a Flat network with all the vlans configured on Core SW 3850 and one WLC 2504 for the APs and Default route towards Cisco ASA 5516-x for internet Connectivity.

2.Currently there are active 2 WLANs Mapping two different subnets and are Authenticated by 802.1x (LDAP)on a Active Directory reachable via MPLS Line.

3.When customer comes into Campus it gets authenticated and starts working.but due to power failure many a times the Controller goes down and eventually he has to go with LAN connection.

4.What we want is : when WLC goes down all APs should continue to perform/forward the traffic without having WLC ...Can it be possible ?

5.IF so ..how we can achieve this?

Note : when the WLC fails ad APs are at their own, Still we want the users from every wlan should get the ips from the respective subnet/vlan configured on CSW.
DHCP is configured on CSW itself.

Philip D'Ath · ‎03-23-2017

Two options.

1. Get a second 2504, and configure a mobility group so that APs can fail over between them.

2. Use FlexConnect. That will allow already connected users to keep working, but new users wont be able to attach.

pankaj.bandewar · ‎03-23-2017

Thank you Sir Philip D'Ath.

Customer cant Afford to buy the Second WLC so 1 option can not be implemented.

Using Flexconnect will assign the IP address to users from the APs subnet Which customer dont want.

He want the ips should be assigned from the respective subnet of WLAN. (2 WLANs with diff subnet).

Waiting for valuable response.

Philip D'Ath · ‎03-23-2017

You can use trunk ports to the AP's, and use FlexConnect to map the the SSID to a specific VLAN. It does not have to be the same VLAN as the AP itself is in.

pankaj.bandewar · ‎03-23-2017

FlexConnect to map the the SSID to a specific VLAN....Sir i checked the same with some documents but but not able to understand the configuration.

can you share some configuration lines and link etc.

WLAN 1 : 172.17.56.0/24 SSID : VG_WIFI

WLAN 2 : 172.17.59.0/24 VG_GUEST

Vlan 1 shutdown : vlan 359 : Management VLan.

pankaj.bandewar · ‎03-23-2017

Sir to make the Local switching i should check the Local switching in advanced in WLAn config..?

pankaj.bandewar · ‎03-23-2017

[@p.dath] Sir can please share ....

pankaj.bandewar · ‎03-24-2017

Do we need Cisco ACS server. ? but we are doing LDAP authentication using windows server 12 . can we do this on it?

awaiting your valuable response

Philip D'Ath · ‎03-25-2017

No you don't.

pankaj.bandewar · ‎03-31-2017

Hello sir,

I opened a TAC case and TAC shared the same you shared and he also shared that when you check the clan support option and then click vlan mappings it shows the locally switched wlans and there we can put the vlan Id respective to them.

i am going to perform the activity soon as soon as it go success it shared the configuration snaps so that i will help everyone here facing same issue.

thank you for your valuable input.

Philip D'Ath · ‎03-23-2017

Did you know that a 3850 can also be a WLC (it needs AP licences to do this)? Not as functional as a 2504, but still another option.