Solved: Re: Deployment WLAN with Flexconnect AP's

Daniel Ordóñez Flores · ‎05-27-2013

Hello Guys thanks for reading me again... I hope every one be ok, and I hope you can help me with this problem.

I Want to deploy a WLAN with 2 sites one the Central and the other one the Remote. In my central site I have this equipment:

2 WLC 5508

1 Switch 3750

1 Router 2800

1 AP 3502

My remote site has this equipment

1 Router 2800

1 Switch 3750

On my Central site I have one SSID "Ferromex" and I have redundancy with my two WLC's, my Switch 3750 provides DHCP Services, in fact I have two Scopes one for my equipment managment and the other for my WLAN this is part of the main configuration:

ip dhcp excluded-address 10.10.10.1 10.10.10.100

ip dhcp excluded-address 10.10.20.1 10.10.20.10

!

ip dhcp pool MANAGMENT

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

ip dhcp pool FERROMEX

network 10.10.20.0 255.255.255.0

default-router 10.10.20.1

dns-server 200.33.146.193 200.33.146.201

!

interface GigabitEthernet1/0/13

description PUERTOS DE CONEXION AP's

switchport access vlan 10

switchport mode access

!

interface GigabitEthernet1/0/24

description ROUTER's PORT

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,30,40,50

switchport mode trunk

!

interface Vlan10

description MANAGMENT

ip address 10.10.10.1 255.255.255.0

!

interface Vlan20

description FERROMEX

ip address 10.10.20.1 255.255.255.0

!

ip default-gateway 10.10.10.254

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 10.10.10.254

On my central Site everything is working fine the redundacy work's fine I have Internet service, the difficult part for me coming here....

On my remote site I have other switch 3750 and at the same way I have 2 scopes for DHCP services, one for my managmet and the other for my SSID remote "Ferrosur" this is the main configuratión.

ip dhcp excluded-address 10.10.30.1 10.10.30.10

ip dhcp excluded-address 10.10.40.1 10.10.40.10

!

ip dhcp pool ADMINSTRACION

network 10.10.30.0 255.255.255.0

default-router 10.10.30.1

!

ip dhcp pool FERROSUR

network 10.10.40.0 255.255.255.0

default-router 10.10.40.1

!

interface GigabitEthernet1/0/1

description Access Point FlexConnect Port

switchport trunk encapsulation dot1q

switchport trunk native vlan 30

switchport trunk allowed vlan 30,40

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet1/0/24

description ROUTER'S Port

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan30

description MANAGMENT

ip address 10.10.30.1 255.255.255.0

!

interface Vlan40

description FERROSUR

ip address 10.10.40.1 255.255.255.0

!

ip default-gateway 10.10.30.254

!

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 10.10.30.254

For my SSID Remote I did this on my WLC's:

1.-This screen show you how many interface I created on my WLC

2.- This is the screen about ferrosur interface

3.- This is the information of WLAN FERROSUR

4-. And this is the information about AP in mode Flexconnect:

Whe I connected to Ferrosur I get an ip address 10.10.40.X, but I can not reach the interface on my WLC, I mean if I try to ping 10.10.40.2 or 10.10.40.3 I have not response and of course I have not Internet. and I'm don't know what I'm doing wrong.

What I need to do if I want to... my users on my remote office get Internet when my WLC's get down? this configuration is usefull?

Thak you so much for read this I really apreciate your help

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎05-29-2013

That is how FlexConnect works. If the WLC is lost the AP will still work.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎05-27-2013

Couple things... I would configure a switchport on the remote site for vlan 40 and connect a laptop to make sure everythign is working for the wired side. Now for the WLC:

Check Learn Client IP Address

You can delete this interface. Any vlans that belong to a remote site does not neet to be created as a dynamic interface

Change the WLAN interface to management

You don't need this configured.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎05-28-2013

Scott thank you so much for your help, I have some questions about your comments:

1.- I connected my laptop on my remote Switch on port in vlan 40 I get the ip address 10.10.40.12 and I can reach my WAN ip address, but still I haven Internet services, I guess it's just a problem about routing.

2.- What Does exacly the secction Learn client Ip Adress?

4.- Really don't need a dynamic interface for my remote vlan?

3.- With this configuration... what will happen if my both controller goes down? my remote Office still have Internet service?

Yo don't know how much apreciatte your help, this information in really important for me..

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎05-28-2013

Let me try to answer these

1.- I connected my laptop on my remote Switch on port in vlan 40 I get the ip address 10.10.40.12 and I can reach my WAN ip address, but still I haven Internet services, I guess it's just a problem about routing.

Yes it is a routing issue. So once this gets fixed the wireless should work.

2.- What Does exacly the secction Learn client Ip Adress?

It basically does what it says. It's also the default setting on the WLAN.

4.- Really don't need a dynamic interface for my remote vlan?

Nope. Only interfaces that the WLC has connectivity to locally (layer 2) is when you need to define a dynamic interface.

3.- With this configuration... what will happen if my both controller goes down? my remote Office still have Internet service?

Yes as long as your not tunneling traffic back to the WLC.

Yo don't know how much apreciatte your help, this information in really important for me..

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎05-29-2013

Dear Scott

I turn off my two WLC's and my AP's still accept clients, I'm using WPA2 for authentication I would like to know,

Why my AP's accept new connections if I don't check Local Auth? I mean is great I have new conecctions.

The last one I can work in the same way if I'm using 802.1X for authentication?

Thanks my friend

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎05-29-2013

That is how FlexConnect works. If the WLC is lost the AP will still work.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎05-29-2013

Thank you Scott

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎05-29-2013

Didn't finish answering your questions:)

The last one I can work in the same way if I'm using 802.1X for authentication?

Only if you have a radius local to the site and you can use the FlexConnect Group feature.

https://supportforums.cisco.com/docs/DOC-24082

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎05-29-2013

oh!! So I need to have a Radius Server in this case in my remote site where just have my AP ?

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎05-29-2013

Only if your wan doesn't go down. So it's the location of your radius and consider connectivity.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎05-29-2013

oh!! You wanna be my friend? Thanks you so much

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Daniel Ordóñez Flores · ‎06-01-2013

Dear Scott.

I was looking for this subject I'm not sure if I can limit how many user can connected to a AP

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Scott Fella · ‎06-01-2013

In the newer code v7.2 or later, you can set a limit. Now I don't ever use this because it will deny clients to connect. In the WLAN advanced tab there is a client count value you can set.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1667427

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Daniel Ordóñez Flores · ‎06-04-2013

I guess you're talking about limit user per WLAN, I'm not sure if I can limit user per AP.

Another Question When my both WLC's goes down my remote AP still works, accept new client but I'm working with PSK.

If I'm working with 802.1x and I have one RADIUS but this is in my central site... and my two WLC's goes down again, It will acep new Conecctions?

What Happen if I can use ISE instead RADIUS ?

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Daniel Ordóñez Flores · ‎06-04-2013

Dear Scott.

I have this questions I have 2 WLC 5508 this are new equipment. Right now I have AIR-LAP1131AG-A-K9 With IOS 12.4 (3g) they're managment for a WLC 4402, tha plan is change this WLC 4402 for two 5508 and get redundancy, my questions is when I try to migrate this AP's at the new one 5508 the change is would be esay? I don't have to do some upgrade int the AP's?

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**