Different Wireless subnets between HQ & Branch

anis_cisco · ‎01-20-2013

What is the best solution for the following scenario:

We have WiSM( with two internal WLC's) at HQ & AP's at Branch. Each branch has DHCP Server which has to provide IP's for branch Wireless Users.

We have configured one interface (10.39.178.1/24 - DHCP 10.10.10.1) in HQ WiSM for Branch users & assigned the same interface under SSID for branch users (TEST).

Connectivity between Branch & HQ is L3 MPLS through TELCO.

There is DHCP Pool defined in Branch DHCP Server for 10.39.178.0. Branch Users are suppose to get ip from this pool.

Currently Users at Branch are able to see TEST SSID but they are not able to get IP address from DHCP server.. The reason i understand is we have L3 MPLS connectivity between HQ & Branch. Subnet which we defined in HQ WLC (10.39.178.1/24) same subnet cant be routed for wireless users in Branch.

Is there a way that i define WLC interface in a subnet which is assigned by Telco for HQ, but the wireless users at branch will get ip from different subnet assigned by Telco for Branch ?

If yes then how can we achieve this ?

Regards,

George Stefanick · ‎01-21-2013

So what you are saying the local users with a 10.39.178.0 address are working locally.

Remeber how the WLC works. When a client connects to the AP its traffic is sent back to the WLC and drops right in that interface on the wire. So if traffic on wifi were destined for wired at the branch and routing isnt such you can have issues.

Your best bet is to use HREAP/FLEX. This is why Cisco has HREAP/FLEX, for branch deployments.

Give this HREAP a read

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

BTW -- dont be confused ny HREAP and FLEX .. Same thing, Cisco changed the name from HREAP to FLEX ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

anis_cisco · ‎01-26-2013

Hello George,

Just few doubt in HREAP deployment : assuming that i have vlan 10 is defined in HQ & vlan 20 is defined in Branch

Q1- Which subnet should i use in WLC (at HQ) for interface ? either Vlan 10 or Vlan 20 ? as per my assumption it should be Vlan 10

Q2- AP's at Branch will registered with WLC having which subnet ? Vlan 10 or Vlan 20 ? i am assuming it should be in Vlan 10 as there will be tunnel between AP's at branch & WLC at HQ.

Q3- What IP subnet users will get once they will connect to SSID for Branch ? it should be vlan 20 but i dont know how it will work & what needs to be done for it.

One more question i read some where over net that for HREAP i need to install it at HQ first then i can move it to Branch. But in my case my AP's are already installed at Branch & are already registered with WLC. So do i need to bring them at HQ first & is it mandatory ?

Regards,

Scott Fella · ‎01-27-2013

Q1- Which subnet should i use in WLC (at HQ) for interface ? either Vlan 10 or Vlan 20 ? as per my assumption it should be Vlan 10

-Vlan 10

Q2- AP's at Branch will registered with WLC having which subnet ? Vlan 10 or Vlan 20 ? i am assuming it should be in Vlan 10 as there will be tunnel between AP's at branch & WLC at HQ.

-this vlan is local to each site. So if you decide to place all AP's on a separate vlan than user traffic, then for example you can use vlan 30. Vlan 30 can be used at HQ and at the other sites since the subnets would be different and the vlan id doesn't have to be unique.

Q3- What IP subnet users will get once they will connect to SSID for Branch ? it should be vlan 20 but i dont know how it will work & what needs to be done for it.

-In h-reap/FlexConnect mode the APs are connected to a trunk port. The APs are also changed from local mode to h-reap which will add another tab to the AP configuration. In that h-reap/FlexConnect tab, you define the native vlan and the SSID to vlan mapping. So each AP this will need to be configured.

One more question i read some where over net that for HREAP i need to install it at HQ first then i can move it to Branch. But in my case my AP's are already installed at Branch & are already registered with WLC. So do i need to bring them at HQ first & is it mandatory ?

-No. It's just a matter of changing the ap mode from local to h-reap/FlexConnect mode and the AP will reboot. Also the wlan said will need to have local switching enabled. This is located on the advanced tab of the wlan. Once it comes back up, you would configure the switchport from an access port to a dot1q trunk. Then you would make the native vlan the vlan the AP management IP is on. Once that is done, you click on your AP from the WLC Wireless tab and then you will see an h-reap/FlexConnect tab. There you will enter the native vlan number and hit apply. Go back to that tab and click vlan mapping. In there you will be able to assign a vlan from that site to the appropriate SSID.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

anis_cisco · ‎01-27-2013

Hello Scott,

Thanks for your reply i understand the concept of local switching but it is not working proper to me:

Following is my configuration:

In Branch Core Switch i have two subnets 10.39.177.0 (Vlan ID 177 for AP's) & 10.39.178.0 (Vlan ID 178 for Clients)

In WLC i have not configure interface for AP's registration. I have defined WLC IP Address in DHCP Pool (which is available at Branch) & all APs at branch are registered into WLC having ip 10.39.177.x subnet.

For clients i created SSID + i created an interface 10.39.178.1 & assigned it under SSID. (DHCP Pool for Vlan 178 is also available in Branch).

Switch interface connected to AP is configured as:

int fa0/0

switchport trunk enca dot 1q

switchport trunk encapsulation dot1q

switchport trunk native vlan 177

switchport mode trunk

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

Native Vlan ID in WLC under HREAP is configured as 177

And vlan mapping for branch SSID is 178 & all required parameters for HREAP are configured as per cisco doc.

With above configuration clients are getting IP from 10.39.178.x subnet some time & some time not. If i disable & enable the SSID or if i disable or enable broadcast SSID clients will get IP immediately. I didnt understand what is issue.

In my scenario where i cant configure same subnet between sites across WAN because of L3 MPLS connectivity, do i have an option to configure with local switching or Central Switching ? Which situations are feasible for Central Switching ?

Regards,