Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1737
Views
0
Helpful
2
Replies

Branch office AP connecting to HQ WLC

joseph.steve
Level 1
Level 1

‎08-20-2014 09:49 PM - edited ‎07-05-2021 01:24 AM

Hi All
at HQ WLC is installed with 50 AP across the campus. We got 40 branches all connected to HQ over IPSEC VPN. Wireless is the requirement in each branch for smart device and handheld. WLC is 5508 series and all AP are 2600 series

Need guidance on registering AP installed in branches to HQ WLC.

STill some questions are not clear

  1. From where the users will get IP address when connected to branch AP
  2. What happens if the IPSEC VPN is down, will the users be still connected to wireless and use local resource in the branch over wireless
  3. From where the AP will get IP address
  4. what will be the authentication method - preshared key or 802.1x authentication

 

hope to get feedback

Have a nice day
Steve

Labels:
0 Helpful
2 Replies 2

Rasika Nayanajith
VIP
VIP

‎08-20-2014 10:52 PM

Hi Steve,

 

1. From where the users will get IP address when connected to branch AP

    If you put branch AP in "Local mode" users will get IP from your WLC connected switch in HQ. If you put branch AP in "FlexConnect mode" then you can terminate brach users in branch switch.

 

2. What happens if the IPSEC VPN is down, will the users be still connected to wireless and use local resource in the branch over wireless

Yes, if you configure your WLAN as FlexConnect local switching, then whoever client conneted prior to WAN goes down able to stay connected & access your branch local resources. (provided they are getting IP from branch DHCP server)

 

3. From where the AP will get IP address

Branch AP will get IP from your branch switch (if it is DHCP server for AP managment)

 

4. what will be the authentication method - preshared key or 802.1x authentication

That's depend on your requirement, you can have any of that. If you are using 802.1X then if your RADIUS server is in HQ, then all client authentications will come through IPSec VPN. So when VPN is down new yours may not able to authenticate. If you use PSK, then even VPN is down, brach users able to authenticate.

 

Have a look on below CiscoLive session that would cover most of the thing you asked.

Architecting Network for Branch Offices with Cisco Unified Wireless

 

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful

Moin Ilyas
Level 4
Level 4

‎08-27-2014 02:40 PM

Adding to Manannalage, please refer the following link for FlexConnect Information, Configuration, Restrictions etc.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001000.html

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card