10-08-2016 05:24 PM - edited 07-05-2021 05:56 AM
I have asked quite a few sources and technical people (even Cisco reps) these same questions and no one has ever been able to answered them directly. If you do not know the answers please do not respond with general information.
I am thinking of rolling out wireless to our users. Currently wireless only allows them to the Internet and they can they IPSEC back in to our domain.
I have purchased a 2504 (a while ago) and ordered new Cisco 3802 access points with 3850 switches. I ordered a 3850 switch that can handle up to 5 access points via the licensed controller for testing. This switch model also supports the mgb like the WAPS for speeds higher than 1GB.(up to 5 or 10Gb I think)
Here are my questions. Just reading overall it seems that the 2504 tunnels both the authentication and DATA over the CAPWAP. Since the 2504 only has a gb connection it seems this is immediately a bottleneck once I start implementing a large number of 3802s. How does this actually work? Can I just authenticate over the CAPWAP and then place the users data directly on the local swith vlan or does it have to travel to the 2504 (by routing) and be placed on a different vlan?? I read something called HEAP that seemed to possibly allow this setup but it did not go into much detail. Please explain if this is possible and if not how does this actually work?
If the user data must pass over the tunnel to the 2504 then that is not a viable solution as things expand and more APs get added. In this case I assume the 3850 would be the better approach (although they do not have an IP services switch with this feature). Assuming a 3850 is used, can the wireless users be placed in the same Vlan as wired users or do they need to be separated? I realize that only the APs cabled directly to the stack can be managed by the local stack so each stack would be a separate wireless controlling entity.
Thanks
Solved! Go to Solution.
10-09-2016 02:12 AM
Can I just authenticate over the CAPWAP and then place the users data directly on the local swith vlan or does it have to travel to the 2504 (by routing) and be placed on a different vlan?? I read something called HEAP that seemed to possibly allow this setup but it did not go into much detail. Please explain if this is possible and if not how does this actually work?
Yes, it is possible. HREAP is now called FlexConnect and refer below design guide to see how you can design FlexConnect mode.
Assuming a 3850 is used, can the wireless users be placed in the same Vlan as wired users or do they need to be separated? I realize that only the APs cabled directly to the stack can be managed by the local stack so each stack would be a separate wireless controlling entity.
If you want, you can do that. Pls refer below post what you have to do get it working. Note that this Converge Access deployments are not that common as AireOS based controller deployments (2504/5508/5520/etc). So you will find very little documentation compare to AireOS design/configuration guides.
https://mrncciew.com/2013/09/29/getting-started-with-3850/
HTH
Rasika
*** Pls rate all useful responses ***
10-09-2016 02:12 AM
Can I just authenticate over the CAPWAP and then place the users data directly on the local swith vlan or does it have to travel to the 2504 (by routing) and be placed on a different vlan?? I read something called HEAP that seemed to possibly allow this setup but it did not go into much detail. Please explain if this is possible and if not how does this actually work?
Yes, it is possible. HREAP is now called FlexConnect and refer below design guide to see how you can design FlexConnect mode.
Assuming a 3850 is used, can the wireless users be placed in the same Vlan as wired users or do they need to be separated? I realize that only the APs cabled directly to the stack can be managed by the local stack so each stack would be a separate wireless controlling entity.
If you want, you can do that. Pls refer below post what you have to do get it working. Note that this Converge Access deployments are not that common as AireOS based controller deployments (2504/5508/5520/etc). So you will find very little documentation compare to AireOS design/configuration guides.
https://mrncciew.com/2013/09/29/getting-started-with-3850/
HTH
Rasika
*** Pls rate all useful responses ***
10-09-2016 06:25 PM
Exactly.. yiu are talking about two different Cisco wireless technologies.
If you use the licenses on the 3850 for wireless it's converged access.
If you use the 2504 you are using unified access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide