C9800-flexconnect

ridleywoole · ‎06-02-2024

Hello,

I am new to C9800 and Cisco wireless. I've got it working, works OK. But I want to replicate typical setup of Omada or Ubiquity i.e if controller goes down all continue to work as expected. Based on what I have read Flex-connect is the way to go

When I try to add basic network and switch to FlexConnect, C9800 says not recommended setup. Why is that , flex connect seem more logical to me ?

Is it possible to have external DHCP server(that will be central DHCP, coming from AD), Flex connect and if controller goes down, all to continue working as with the other brands ?

Can you please point me some good tutorial to convert from Local setup to Flex - My setup is simple - 2 APs, 1 single Vlan ?

Thank you

P.S Not sure why c9800 is so complicated, Ubiquity and Omada are so simpler. The idea that I think is that I try to use enterprise gear in a very small setup and this where problems come up. But even in large enterprise, time of large central HQ and many tunnels to it passed, so c9800 "central switching" seems so out of time and the billion options c9800 has, not sure even if it large setups they will be used

https://9apps.ooo/

marce1000 · ‎06-03-2024

>...When I try to add basic network and switch to FlexConnect, C9800 says not recommended setup. Why is that , flex connect seem more logical to me ?
- Flexconnect with local switching is recommended if the APs are on remote branches still being able to serve clients when the controller becomes unreachable (e.g.)

>...Is it possible to have external DHCP server(that will be central DHCP, coming from AD), Flex connect and if controller goes down, all to continue working as with the other brands ?
- Yes but remember that the DHCP and AD services then must remain reachable too in all cases or else use local authentication and DHCP schemes

>....Can you please point me some good tutorial to convert from Local setup to Flex - My setup is simple - 2 APs, 1 single Vlan ?
https://rowelldionicio.com/configuring-c9800-cl-flexconnect/

Note that when configuring the controller and if you are evaluating a final setup ready for production
then issue the CLI command show tech wireless and feed the output from that into Wireless Config Analyzer
Checkout all advisories given !! + This is so good

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R · ‎06-21-2024

Marce has already answered your question @ridleywoole but I just wanted to add some points.
Not sure why you thought Flexconnect was not recommended? As Marce said it is absolutely required in many scenarios and is entirely dependant on your design requirements. Simply changing an AP to flexconnect doesn't make much difference in and of itself (some association and other functions get devolved from WLC to AP). What really makes the difference is configuring a WLAN for local authentication and switching - that's what allows the WLAN to continue functioning independent of the WLC. Of course, as Marce said, that AP must still be able to reach the AAA server(s) directly or if you're simply using PSK then not an issue. There are some features which behave slightly differently for local auth and local switching. The feature matrix shows some of those differences: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap-feature-matrix.html#_Toc118737963 with more detail in the config guides which list specific restrictions for each feature.

ps. We run all our APs in Flexconnect mode even if they only have centrally switched WLANs configured because that is a TAC recommended workaround for association timeouts which can (and do) happen when using MAC address bypass (MAB) when the site is remote and radius reply can sometimes take longer than the central association timeout.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Rasika Nayanajith · ‎06-21-2024

"PS: Not sure why c9800 is so complicated, Ubiquity and Omada are so simpler. The idea that I think is that I try to use enterprise gear in a very small setup and this where problems come up."

Yes it it true you have to have some learning about 9800 to get things right. It may not straight forward like other vendors you mentioned which are truly plug an play solutions.

However if you understand 9800 basic config flow (Policy tag, Site tag and RF tag), then it make things much clearer to you. See following blog post helps in that sense.

1. https://mrncciew.com/2022/06/30/9800-tags/
2. https://mrncciew.com/2023/01/21/9800-flexconnect-basics/

HTH
Rasika
*** Pls rate all useful responses ***