Scenario : 1.We have a Flat network with all the vlans configured on Core SW 3850 and one WLC 2504 for the APs and Default route towards Cisco ASA 5516-x for internet Connectivity.
2.Currently there are active 2 WLANs Mapping two different subnets and are Authenticated by 802.1x (LDAP)on a Active Directory reachable via MPLS Line.
3.When customer comes into Campus it gets authenticated and starts working.but due to power failure many a times the Controller goes down and eventually he has to go with LAN connection.
4.What we want is : when WLC goes down all APs should continue to perform/forward the traffic without having WLC ...Can it be possible ?
5.IF so ..how we can achieve this?
Note : when the WLC fails ad APs are at their own, Still we want the users from every wlan should get the ips from the respective subnet/vlan configured on CSW.
DHCP is configured on CSW itself.
1. Get a second 2504, and configure a mobility group so that APs can fail over between them.
2. Use FlexConnect. That will allow already connected users to keep working, but new users wont be able to attach.
Thank you Sir Philip D'Ath.
Customer cant Afford to buy the Second WLC so 1 option can not be implemented.
Using Flexconnect will assign the IP address to users from the APs subnet Which customer dont want.
He want the ips should be assigned from the respective subnet of WLAN. (2 WLANs with diff subnet).
Waiting for valuable response.
You can use trunk ports to the AP's, and use FlexConnect to map the the SSID to a specific VLAN. It does not have to be the same VLAN as the AP itself is in.
FlexConnect to map the the SSID to a specific VLAN....Sir i checked the same with some documents but but not able to understand the configuration.
can you share some configuration lines and link etc.
WLAN 1 : 172.17.56.0/24 SSID : VG_WIFI
WLAN 2 : 172.17.59.0/24 VG_GUEST
Vlan 1 shutdown : vlan 359 : Management VLan.
Do we need Cisco ACS server. ? but we are doing LDAP authentication using windows server 12 . can we do this on it?
awaiting your valuable response
I opened a TAC case and TAC shared the same you shared and he also shared that when you check the clan support option and then click vlan mappings it shows the locally switched wlans and there we can put the vlan Id respective to them.
i am going to perform the activity soon as soon as it go success it shared the configuration snaps so that i will help everyone here facing same issue.
thank you for your valuable input.