Hi Scott Fella,

Thank you for getting back to me so quickly.

1) To clarify, we are deploying on-premises, and it is a flat network.
2) The High Availability (HA) I am referring to is SSO.
3) Tomorrow, I will verify the model of the Access Points that the customer has purchased. They are new and have been recommended by Cisco to be supported on C9800-CL.
4) The controller code version  is 17.6

Allan001

Hi Scott Fella,

Thank you for sharing the info.
Please share a brief implementation of the two scenarios with configure examples if possible. Thank you.

Here is how I think I should configure it. Please correct me wherever you see that I am wrong.

a) The first solution with one subnet - if I configure the user VLAN 4 as the wireless management. Thus, users and the wireless management will be using the same subnet. Will this work, and would HA work as well with the same subnet? Or, in this scenario, we would have to advise the customer that HA will not be possible with the current IP plan - we would need additional separate IP ranges. Only after that, we can we then implement HA.

The configuration would be like this:
1) Configure VLAN 4 in the controller.
2) Configure SVI using VLAN 4 in the controller.
3) Configure Gi2 as a trunk and allow the single VLAN4 on that trunk.
4) On the switch where APs are terminated. Configure the ports with APS as access ports and add them to VLAN 4.
Done.

b) 2nd solution with two subnets:
1) Configure the unused VLAN 22 as the wireless management
2) Configure IP Add from VLAN 22 on Gi1 or configure Gi1 as a trunk port and configure SVI in the controller and pass it via Gi1
3) Configure Gi2 as a trunk
4) Configure user VLAN 4 SVI in the controller and pass it via Gi2.
5) On the switch, configure ports facing APs as access ports and add to VLAN4
6) Lastly, will HA work using the wireless management VLAN 22 subnet? Or do we have to add more subnets for HA to work efficiently?
Done.

Kindly advise - if the above implementations are correct or wrong.

I didn't know flex works better than local, so I will go with flex once I have a working solution.

Allan001

Hi Scott Fella,

Yes, VLANs can be created but at a later stage due to customer budget. For now, they just want a solution that works with the current setup. Improvements will be done at a later stage.

Thank you,

Allan001

Yes you could probably make it all work on a single flat network but that really isn't recommended.  Don't rush into this and deploy something sub-optimal.  It's always more difficult to change things later than deploy them correctly from the start.  Go through the best practice guide below carefully then read and watch the many examples and videos on 9800 config which you can find when you search and then plan and design it to suit the needs of the network.  Also note the links below for TAC recommended code versions.  17.6 is not a bad choice (17.6.5 is the latest) but it's approaching end of sale https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/ios-xe-17-6-x-eol.html so 17.9 (currently 17.9.2, 17.9.3 should be out anytime soon in the next week or two) is the next extended support release which will give much longer lifetime.

Hi Rich R,

Thank you for your suggestion. I will take your advice and review the URL links for best practices.

Once again, thank you,

Allan001

So from what I hear is that you will deploy this on a flat network and then later... hopefully the customer can add vlans and setup the wireless to also use those vlans.  You need to be specific, because going from a flat network to having many vlans is not an easy thing for a customer to do.

Anyways, with FlexConnect, the port the ap is connected to will be a trunk port with the native vlan being the Ap management.  So the initial native vlan will be whatever vlan they are using for their flat network.  Implementing a trunk makes it easy later when the wired side has vlans. configured, then you just add the vlans to the trunk that you need and exclude the vlans that are not used for wireless.  The controller will just be on the vlan that you have now.  You can move that later to a "management" vlan, but that also takes some planning.  Since you have a flat network, the ap's and the controller will be on the same subnet, thus the ap's will use a layer 2 broadcast to discover the controller.  

It is pretty simple after you do this a few times, but make sure you read the documentation on FlexConnect and the documentation on the installation of the 9800-CL so you don't run into any issues when deploying this on the customer hypervisor.

You will need to be able to explain your implementation and how the implementation can get migrated when vlans get configured.

Hi Scott Fella,

Thank you so much; I really appreciate your input; it's fantastic! I will definitely read about FlexConnect.

Thank you, once more!

Allan001

Just make sure you follow the steps for the 9800-CL install.  Many skip through some of them and they find out that ap's will not join the controller.  So make this a priority and you will be successful.  Hope that helps!