Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1417
Views
2
Helpful
3
Replies

C9800-flexconnect

ridleywoole
Community Member

‎06-02-2024 02:49 PM

Hello,

I am new to C9800 and Cisco wireless. I've got it working, works OK. But I want to replicate typical setup of Omada or Ubiquity i.e if controller goes down all continue to work as expected. Based on what I have read Flex-connect is the way to go 🙂

When I try to add basic network and switch to FlexConnect, C9800 says not recommended setup. Why is that , flex connect seem more logical to me ?

Is it possible to have external DHCP server(that will be central DHCP, coming from AD), Flex connect and if controller goes down, all to continue working as with the other brands ?

Can you please point me some good tutorial to convert from Local setup to Flex - My setup is simple - 2 APs, 1 single Vlan ? 🙂

Thank you 🙂

P.S Not sure why c9800 is so complicated, Ubiquity and Omada are so simpler. The idea that I think is that I try to use enterprise gear in a very small setup and this where problems come up. But even in large enterprise, time of large central HQ and many tunnels to it passed, so c9800 "central switching" seems so out of time and the billion options c9800 has, not sure even if it large setups they will be used 🙂

https://9apps.ooo/
Labels:
0 Helpful
3 Replies 3

Mark Elsen
Hall of Fame
Hall of Fame

‎06-03-2024 01:48 AM

 

   >...When I try to add basic network and switch to FlexConnect, C9800 says not recommended setup. Why is that , flex connect seem more logical to me ?
      - Flexconnect with local switching is recommended  if the APs are on remote branches still  being able to serve clients when the controller becomes unreachable (e.g.)

  >...Is it possible to have external DHCP server(that will be central DHCP, coming from AD), Flex connect and if controller goes down, all to continue working as with the other brands ?
     - Yes but remember that the DHCP and AD services  then must remain reachable too  in all cases or else use local authentication and DHCP schemes

       >....Can you please point me some good tutorial to convert from Local setup to Flex - My setup is simple - 2 APs, 1 single Vlan ?
                               https://rowelldionicio.com/configuring-c9800-cl-flexconnect/

  Note that when configuring the controller and if you are evaluating a final setup ready for production
  then issue the CLI command show tech wireless and feed the output from that into Wireless Config Analyzer
                     Checkout all advisories given !!This is so good

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Rich R
VIP
VIP

‎06-21-2024 12:25 AM - edited ‎06-21-2024 12:30 AM

Marce has already answered your question @ridleywoole but I just wanted to add some points.
Not sure why you thought Flexconnect was not recommended?  As Marce said it is absolutely required in many scenarios and is entirely dependant on your design requirements.  Simply changing an AP to flexconnect doesn't make much difference in and of itself (some association and other functions get devolved from WLC to AP).  What really makes the difference is configuring a WLAN for local authentication and switching - that's what allows the WLAN to continue functioning independent of the WLC.  Of course, as Marce said, that AP must still be able to reach the AAA server(s) directly or if you're simply using PSK then not an issue.   There are some features which behave slightly differently for local auth and local switching.  The feature matrix shows some of those differences: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap-feature-matrix.html#_Toc118737963 with more detail in the config guides which list specific restrictions for each feature.

ps. We run all our APs in Flexconnect mode even if they only have centrally switched WLANs configured because that is a TAC recommended workaround for association timeouts which can (and do) happen when using MAC address bypass (MAB) when the site is remote and radius reply can sometimes take longer than the central association timeout.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Rasika Nayanajith
VIP Alumni
VIP Alumni

‎06-21-2024 05:49 PM

"PS: Not sure why c9800 is so complicated, Ubiquity and Omada are so simpler. The idea that I think is that I try to use enterprise gear in a very small setup and this where problems come up."

Yes it it true you have to have some learning about 9800 to get things right. It may not straight forward like other vendors you mentioned which are truly plug an play solutions.

However if you understand 9800 basic config flow (Policy tag, Site tag and RF tag), then it make things much clearer to you. See following blog post helps in that sense.

1. https://mrncciew.com/2022/06/30/9800-tags/
2. https://mrncciew.com/2023/01/21/9800-flexconnect-basics/

HTH
Rasika
*** Pls rate all useful responses ***

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card