Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1336
Views
1
Helpful
5
Replies

Flex + Central/Local switcing

assimkoonk
Community Member

‎07-16-2025 12:19 AM

Hi all,

I’m working with a Cisco 9115AXI AP in FlexConnect mode and need to deploy two SSIDs:

Guest (central switching, tunneled via CAPWAP to the controller)

Corporate (local switching)

Is this supported on a single AP?

What I’ve configured:

AP is in FlexConnect mode (Disable Enable local site in the Site Tag)

Two WLAN profiles: • Guest: “Central Switching” enabled • Corporate: “Local Switching” enabled with the VLAN 8 (corporate) mapped to Corporate SSID.

The switch port is trunking with allowed VLANs 10 (Guest) and 8 (Corporate). The native is the MGMT VLAN (1).

Does this work?

Thx 🙂

router login 192.168.l.l
Labels:
0 Helpful
5 Replies 5

Enes Simnica
Spotlight
Spotlight

‎07-16-2025 12:45 AM

hello @assimkoonk. Yes, ur setup is supported. In FlexConnect mode, a single Cisco 9115AXI AP can broadcast multiple SSIDs with different switching modes. Having a Guest SSID using central switching (tunneled via CAPWAP to the controller) and a Corporate SSID using local switching (mapped to VLAN 😎 is a common and valid design.

Ur switch port config looks correct, trunking VLANs 8 and 10, with native VLAN 1 for management. Just make sureur FlexConnect VLAN mappings are properly set and that DHCP is reachable: Guest clients should get IPs from the central DHCP (via the controller), and Corporate clients from a local scope on VLAN 8. If the CAPWAP tunnel is stable and your VLANs are properly routed and allowed, this should work fine. AND IF U CAN SHARE WITH ME MORE CONFIGS MAN, WE CAN DIVE DEEPER ...

Here are some helpful references:

hope it helps G

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

Enes Simnica
Spotlight
Spotlight

‎07-16-2025 12:49 AM

and i forgot this lol: for the 9115AX: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/9115ax/quick/guide/ap9115ax-getstart.html  

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

MHM Cisco World
VIP
VIP

‎07-16-2025 02:05 AM

Yes AP support two SSID one local and other central authc.

But 

Guest ssid make it local switching- central authc (CWA)

Corporate ssid make it central switching- central authc

Traffic of guest handle by AP is more better that handle by wlc

MHM

0 Helpful

Rich R
VIP
VIP

‎07-16-2025 05:38 AM

@assimkoonk 
1. Yes you can mix and match centrally and locally switched WLANs on a Flexconnect AP.
2. You say: "The switch port is trunking with allowed VLANs 10 (Guest) and 8 (Corporate). The native is the MGMT VLAN (1)."
But if Guest is centrally switched then it will go to WLC over CAPWAP on VLAN 1 so you should not configure VLAN 10 on the AP switch port - it will be switched onto VLAN 10 on the WLC.
3. @MHM Cisco World says you should locally switch your Guest WLAN but that really depends on your network design and requirements.  If the site is remote and the internet access for guest is at the WLC then centrally switched is the correct way to go.  If you wanted to do local guest internet breakout at the site then locally switched might be appropriate.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

MHM Cisco World
VIP
VIP
In response to Rich R

‎07-16-2025 03:08 PM

Wlc usually in DC' and corporate user usually need to access server in DC' thar why I prefer it central switching 

Guest is only try access internet which no need to tunnel it traffic to wlc in DC' instead we can routing it directly by AP in branch to access internet.

This my opinion' as you mention it up to him.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card