10-01-2013 06:52 AM - edited 07-04-2021 12:58 AM
Was wondering if someone could explain local/central switching a little further, when it comes to HREAP/FlexConnect modes for CAPWAP AP's.
So in our environment, we're running 7.5.102.0 code on all of our WLC's. We have a central WLC in two of our regions(US and Europe). Each region provides internet services for the remote sites connected to it. So a site in Chicago comes back to our central office over an MPLS for their internet services; just as a site in italy comes back to our central office in the UK for their internet service over MPLS. These remote sites have AP's that are in FlexConnect mode back to the central WLC's.
My question......I understand that an AP in central switching mode tunnels the traffic back to the central controller, whereas local switching does not. However, what does that mean? If the WAN link goes down, how does local switching help? The internet is still down, since that's how the internet is advertised back from the central location. Does that just mean that local server can be accessed, over wireles, since we are in local switching mode? Same question for authentciation; Our AD servers are located at the central sites, with no AD servers at the remote sites. In local authentication mode, how would an AP register a user, if the MPLS link is down? Does it download some sort of cached directory for authentication?
Thanks for your help!
Solved! Go to Solution.
10-01-2013 01:36 PM
Yes, in local switching mode, wireless client traffic locally switched at the branch (you have to defined their SVI on branch switch) and they can access any branch resources whiel WAN link is down. If internet servie is provided by your central office, then they won't get internet services while your WAN link is down.
If you configured local authentication, yes WLC will pass credential (if WLC has user credential like WAP2-PSK or WEP) to AP where it can use for local authentication. If you are using dot1x with RADIUS & AD, then you should have redundancy of these services in order to Branch AP to use these in a situation controller is unavailable.
Following design guide should help you to understand this
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1103070
Here is some of my notes related to different modes of operation of H-REAP/FlexConnect, that should help you as well
http://mrncciew.com/2013/03/10/h-reap-modes-of-operation/
HTH
Rasika
**** Pls rate all useful responses ****
10-01-2013 01:36 PM
Yes, in local switching mode, wireless client traffic locally switched at the branch (you have to defined their SVI on branch switch) and they can access any branch resources whiel WAN link is down. If internet servie is provided by your central office, then they won't get internet services while your WAN link is down.
If you configured local authentication, yes WLC will pass credential (if WLC has user credential like WAP2-PSK or WEP) to AP where it can use for local authentication. If you are using dot1x with RADIUS & AD, then you should have redundancy of these services in order to Branch AP to use these in a situation controller is unavailable.
Following design guide should help you to understand this
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html#wp1103070
Here is some of my notes related to different modes of operation of H-REAP/FlexConnect, that should help you as well
http://mrncciew.com/2013/03/10/h-reap-modes-of-operation/
HTH
Rasika
**** Pls rate all useful responses ****
10-02-2013 08:28 AM
Thank you so much for help, Rasika!!! That definitely helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide