Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
5
Helpful
1
Replies

Flex connect? 1 WLC and multiple locations

netadmin@medcompnet.com
Level 1
Level 1

‎12-07-2019 08:22 AM - edited ‎07-05-2021 11:24 AM

I have a WLC 3504 at a central location and six sites that use it, including the site containing the controller. The controller has an Internet breakout on port 2 and LAN access on port 1. I am looking at implementing Flexconnect and have been through the documentation but still have some questions. 

My RADIUS server is collocated with the WLC. 
SSID 1 is a RADIUS-authenticated connection on the WLC port 1. 
SSID 2 is a passthrough on VLAN 11 port 2
SSID 3 is a WPA2 connection on WLC port 1. 
For SSID 1, do I need to configure a secondary RADIUS at each location that uses the SSID?
SSID 2 is just an Internet breakout with no LaN access. Will it automatically route to the local breakout both in connected mode and when the connection is down?
Does SSID 3 just always work since it is locally authenticated via PSK?
 
Is there anything else I may have missed?
Thanks!
Labels:
0 Helpful
1 Reply 1

Scott Fella
Hall of Fame
Hall of Fame

‎12-08-2019 01:50 AM

So your AP’s are Flexconnect but everything is tunneling back to the controller? That is what I assume since you mentioned port 1 and port 2.
When using radius, a minimum of one is required. The location of the radius server doesn’t matter as long as the wlc can communicate to them. If the controller is down, then 802.1x will fail since you are using Flexconnect central switching. Central switching would also mean that port 2 would be down. PSK would still work since to authenticate but since your controller is down, nothing would work.
Flexconnect locally switched is what you should look at as the user traffic would egress locally at the site and not tunnel back to the controller.
You probably already seen many of the design guides and blogs, you just need to determine if all traffic needs to be tunneled to the wlc or not. That would then define if you need local switching or not. Then the guides would help you understand how things work during an outage. Also, typically the controller is connected to an ether channel port (LAG) so the separation of traffic is defined on your L3. The controller would just bridge the traffic.
-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card