Showing results for 
Search instead for 
Did you mean: 

flex connect with non managed remote site

Hi all.


I'll try to keep this simple.


Using a 5508 WLC with HA, and 2702i AP's I am trying to configure a flexconnect AP to be used on a site which whilst it has routing back to us we do not manage.


This means I have no control over the VLANs on the remote site, except to agree a trunk/access interface and if relevant the native vlan.


I can prime the AP fine however need some guidance here - am I wasting my time?


With regards






If you agreed the VLANs on the trunk I think it will be ok.

The only think that you need to confirm if how the AP will reach the AP, in this case you need to use the DHCP option 43 in Hexa (not sure if you are controlling the DHCP or not) or setup the primary WLC on the AP itself manually (if not the WLC are not going to discover the WLC). According with the Cisco documentation DNS discovery should work, however I tested and it didn't work fine for me.


Other issue you could find is that the version of the AP and the WLC must match, if not, the AP at the first join will download the right version from the WLC (this could take some time depending of your WAN).


I'm not sure if you have any other doubts, but what you are trying to do is possible.




Thanks very much.


I have connected the AP to the WLC locally so it has found it, the routing allows the AP to see the same IP address, aka not a NAT when out at the local site.


My concern is mainly down to the vlan and getting it working!.


Many thanks




Hi Dave,


As you have the AP locally you can add that configuration to be sure the AP will find the WLC when you will install it :


capwap ap primary-base <WLC-NAME> <WLC_IP>


That command will force to the AP to connect to the WLC without any discovering process (the connection should work wihtout that command as the AP will remember the WLC, however I think is better to add that command to be sure).


Please be aware if you are using FlexConnect group, you can enable the local auth with local radius to  auth the users in case you loose the WLC.


Hey David,


What I understand is that you  don't have any control on the local VLANs. Tha's ok. You just need to know the VLAN IDs and the Native VLAN ID. Map the WLAN-VLAN in the AP or in the Flexconnect group (which contains all the Flexconnect APs on this remote site). That should bridge the data traffic from the WLANs to the VLANs. However , the local site network admin (or the responsible) needs to make sure that those VLANs are configured as per their special requirement (like routing, security and stuff).




Content for Community-Ad