Re: FlexConnect / Central 802.1x Authentication - Remote locations

sejamc71 · ‎07-21-2021

I think I am making this harder than it is. We have 5 sites and run a Central WLC utilizing flexconnect for the remote sites. We are in the process of redesigning our current dual MPLS network to a MPLS Hybrid design. We will have a single MPLS circuit back to the main office and then each site will have a direct internet circuit. Any traffic that is deemed internal will route via the MPLS circuit, any traffic deemed internet or cloud based will route directly to the internet. How will this affect our FlexConnect wireless. Wireless clients will authenticate via the mpls circuit back to the main office and then any traffic will A. route also via the MPLS circuit and out to the internet via the Main Office or B. Authenticate via the MPLS circuit back to the main office and then any traffic post authentication will be locally switched and traverse the Direct Internet traffic to the cloud resource?

balaji.bandi · ‎07-21-2021

is that single SSID you like to do split the traffic?

Look at some example may help you :

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/Enterprise-Mobility-8-5-Design-Guide/Enterprise_Mobility_8-5_Deployment_Guide/ch7_HREA.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Arshad Safrulla · ‎07-22-2021

While you can use flex connect split tunneling to achieve your requirement I would not recommend it.

Keep the central auth going with Flex connect AP's and let the branch perimeter/L3 device do the routing.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla