Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
2
Helpful
6
Replies

FlexConnect Group Use Cases

fatalXerror
Level 5
Level 5

‎10-25-2023 11:36 AM

Hi Guys,

Are the following possible for FlexConnect,

1. Single SSID broadcasting to multiple site locations with their own respective FlexConnect Group? For example, BR_A = FlexGroup_A and BR_B = FlexGroup_B and both of it is broadcasting single same SSID with central-auth and local-switching.

2. Can I choose which FlexConnect Group to broadcast a specific SSID? For example, BR_A = FlexGroup_A is broadcasting SSID_A and SSID_B but BR_B = FlexGroup_B only broadcasting SSID_B.

3. Single SSID broadcasting to multiple site locations with their own respective FlexConnect Group with VLAN enforcement from ISE? For example, BR_A = FlexGroup_A and BR_B = FlexGroup_B and both of it is broadcasting single same SSID with central-auth and local-switching then ISE will provide the correct VLAN.

Thank you

0 Helpful
6 Replies 6

ammahend
VIP Alumni
VIP Alumni

‎10-25-2023 11:55 AM - edited ‎10-25-2023 12:03 PM

1. Single SSID broadcasting to multiple site locations with their own respective FlexConnect Group? For example, BR_A = FlexGroup_A and BR_B = FlexGroup_B and both of it is broadcasting single same SSID with central-auth and local-switching.

I don't think you can do this from flexconnect group

2. Can I choose which FlexConnect Group to broadcast a specific SSID? For example, BR_A = FlexGroup_A is broadcasting SSID_A and SSID_B but BR_B = FlexGroup_B only broadcasting SSID_B.

No, but you can create 2 separate SSID with same name one broadcasting, another non-broadcasting and use them as needed in AP group to advertise to different sites.

3. Single SSID broadcasting to multiple site locations with their own respective FlexConnect Group with VLAN enforcement from ISE? For example, BR_A = FlexGroup_A and BR_B = FlexGroup_B and both of it is broadcasting single same SSID with central-auth and local-switching then ISE will provide the correct VLAN.

Yes, I think you can, you can leverage something like Radius-NAS-Identifies to identify AP location from where request is coming from and assign specific dynamic vlan based on this condition.

-hope this helps-
0 Helpful

fatalXerror
Level 5
Level 5
In response to ammahend

‎10-25-2023 12:20 PM

Hi @ammahend , you mean I need multiple SSID respective to my FlexConnect groups? I cannot understand why it is not possible, the SSID is just a signal and the one doing the switching is locally at site.

0 Helpful

ammahend
VIP Alumni
VIP Alumni
In response to fatalXerror

‎10-25-2023 11:02 PM

The feature you are mentioning in AirOS is not a component of flexconnect group, its a function of WLAN (SSID), when you look inside flexconnect group, there are all these tabs, you can explore them, atleast I did not see a way to do that on same SSID.

ammahend_0-1698300142221.png

 

-hope this helps-
0 Helpful

Haydn Andrews
VIP
VIP

‎10-25-2023 02:38 PM

Which platform AireOS or 9800?

On 9800 you can use site TAGs per site, and in each site tag have a different flex profile.

If you are not doing AAA override, then you would need a seperate policy profile for each VLAN/ Local vs Central Switch difference you need and a Policy Tag mapping the WLAN Profile to the Policy Profile and assign it to the correct AP

Can also do the tag assignment via regex

AireOS - You need new WLAN ID per difference and map them in the AP Group assigned to site, same with Flexconnect Groups

Also recommend not having any WLAN ID below 16 if you dont want it broadcasted everywhere

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

fatalXerror
Level 5
Level 5
In response to Haydn Andrews

‎10-26-2023 09:32 PM

Hi @Haydn Andrews , I will be using C9800 controllers. Based on my understanding in your statement, it is possible for C9800 to have 1x single SSID broadcasting to each of my sites configured with its own FlexConnect group? I just need to have multiple tags per site to map the VLAN per site? Thank you

0 Helpful

Haydn Andrews
VIP
VIP
In response to fatalXerror

‎10-26-2023 10:32 PM

HaydnAndrews_0-1698384413828.jpeg

 

Correct, if you assign a different site to each AP with different flex profile you can have a different AP or site.

But to assign different VLAns for the same SSID you also need to use a different policy profile

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213911-understand-catalyst-9800-wireless-contro.html

 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card