cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5319
Views
26
Helpful
42
Replies

FlexConnect in a local network

B A
Level 1
Level 1

Hello,

 

I have basic knowledge of FlexConnect and when it's used - branch offices and remote sites. Recently I've been told by some auditors that we should configure FlexConnect in our local network to increase wireless speed and quality. I've never heard of using it in a local network. Does it make sense to enable FlexConnect in a local network? 

 

Thank you for any feedback.

 

Btw. we have one WLC and 70 APs.

 

42 Replies 42

Well, users complain occasionally but I don't think it's important in this story.

 

Anyway, what negative impact could it have if we enable FlexConnect?

 

As captured before, there's no negative impact but there's overhead to redesign/reconfigure the network appropriately to accommodate to flex and continue do so when new APs were added. Also, now the physical WLC can be replaced with cloud wlc, if and when needed. 

Here is my 2cents.  Back in the day's when the 2504 came out, folks were worried about the backplane being an issue so some converted to flexconnect.  I have seem large environments where the customer had 5508's as an example and only had one port connected to the network.  So the myth is, does it really help, I don't really think so unless you are crossing the WAN and you want to have majority of the traffic to stay local.  You need to also keep in mind the limitations of flexconnect and make sure that, if you decide to go this route, that the limitations doesn't hurt your design and your existing user experience.  Layer 3 roaming is not supported and there is also a limitation on the number of ap's in a flexconnect group.  Review the flexconnect guide and make sure you understand the various scenarios and limitations specified in that guide.  

You can also test with one ap and actually see if the auditors theory is valid in your situation.  Sometimes filks keep what they hear and see in other environments as "the correct way".  That is not always the case.

-Scott
*** Please rate helpful posts ***

I'll add my 2 cents worth too ...

While saying flexconnect like Scott says you do need to check the feature matrix because some features you may be using may not be supported in flexconnect mode.  But actually I suspect your 'auditor' (quotes intentional because probably just someone with no technical knowledge of WLC just following a tick-list template) is actually saying you should implement flexconnect LOCAL SWITCHING because just changing to flex won't make any difference at all (apart from the aforementioned feature support) - do they realise that?

So assuming you changed to flexconnect local switching there is a theoretical gain to be made:

- traffic is no longer being tunnelled in CAPWAP so you could see 1 or 2 ms reduction in latency (removing encapsulation/decapsulation of the traffic).

- the WLC is no longer a bottleneck for the traffic (like Scott said) but if you're within capacity unlikely to make any difference.

- because the traffic is no longer being tunnelled in CAPWAP you can use a larger TCP MSS (1250 is recommended with local mode or flexconnect central switching, has no effect on flex local switching) which could offer some improvement in throughput and less fragmentation of UDP traffic.

You could test to see how much difference these actually make in practice, and then do a cost (of redesign) vs benefit analysis to make an informed decision.  In all likelihood I expect the improvement will be marginal (of the order of 10% my best guess) and likely not justify a redesign.  Chances are users would not notice any difference anyway apart from speedtest improving slightly.

B A
Level 1
Level 1

Thank you for your feedback.

 

@saravlak No negative impact. Got it.

 

@Scott Fella "You can also test with one ap and actually see if the auditors theory is valid in your situation"

How would you test it? What should I measure and on which devices?

 

@Rich R "You could test to see how much difference these actually make in practice"

How should I test it?

 

Are you all saying that configuring FlexConnect makes sense only when WLC uplinks aren't enough for the traffic?

 

We have one WLC with 2x1GB uplinks that handle 70 APs with 300 to 450 clients. Do you think this is not enough and we should change something?

We have one WLC with 2x1GB uplinks that handle 70 APs with 300 to 450 clients. Do you think this is not enough and we should change something?

it all depends on what the client uses? i have seen some places simple web access can up to 1000 users,  where Public offer coffee shops allow only HTTP traffic 1GB is good enough, another side corporate network rich network application and more hungry application may require more bandwidth. (so the traffic need to transport all way to WLC and Route)

 

this where you get advantage with SD-Access Fabric Wireless kick in and good outcome (not related to topic just expressing views)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

There is one risk you add if you go the route of Flexconnect Local Switching, the LAN port where the AP is connected to requires a Trunk port and needs to carry all VLANs you plan to offer to the users. So a malicious user could unplug the AP and has access to a trunk port within your network and all the VLANs offered there. Depending on the accessibility of the LAN ports, that can be a big security risk and would need a form of 802.1x for added security. 

Rich R
VIP
VIP

> How should I test it?

Run speedtests from a variety of devices to a selection of destinations on the current setup and then repeat those tests on a test WLAN using flex local switching and compare the results - mainly throughput, round trip delay (latency) and jitter.  I'd expect to see small improvements in all of those (at least theoretically).

If you want to test, the first thing is to setup FlexConnect and make sure the SSID you are using for testing is defined for local switching.  Make sure the WLAN to vlan mapping are the same with your existing.  What I would do is use iPerf and place the iPerf server on a different vlan.  Then using the same device for testing, connect to your existing SSID and run a few test, then connect to the new local switching SSID and run the same test.  Compare the results and determine if there is really any difference.  

Make sure your device is also connected to 5ghz when you are testing.  If you have spare ap's, place them on your desk as an example and one ap will have your current SSID and the other ap would have your new SSID.

-Scott
*** Please rate helpful posts ***

B A
Level 1
Level 1

@balaji.bandi another side corporate network rich network application and more hungry application may require more bandwidth

I'd like to see some stats of these two uplinks. Where can I find it in WLC?

 

@Rich R I'd expect to see small improvements in all of those

@Scott Fella Compare the results and determine if there is really any difference.  

Thanks both for your suggestions.

I would expect a little difference too... Still, I don't think it's worth it. I am not going to do what auditors asked for unless I am convinced this is the best for us.

 

Under what circumstances would you deploy FlexConnect in a local network except for the situation where there is cloud-based WLC? Would you even consider it?

There currently is no circumstance to do this, as long as the bandwidth between all APs and WLC is large enough to cope the full expected traffic.
So for WAN connected sites FlexConnect can make sense, for local on premise setups not really.

you can use any netflow and NMS to Monitor

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Scott Fella
Hall of Fame
Hall of Fame

Out of curiosity, have you made a decision or done any further testing?

-Scott
*** Please rate helpful posts ***

B A
Level 1
Level 1

@patoberli There currently is no circumstance to do this, as long as the bandwidth between all APs and WLC is large enough to cope the full expected traffic.
This is what I needed to hear. Do other experts agree on this too? 

 

@balaji.bandi you can use any netflow and NMS to Monitor
Do you recommend any? We use Zabbix but I am not able to make it work. Any other alternative? Where can I see these numbers in WLC?

 

@Scott Fella Out of curiosity, have you made a decision or done any further testing?
I've made my decision but I am collecting more info for my manager. Now I am going to monitor traffic from/to WLC to verify that WLC uplinks can handle all the traffic. I would test FlexConnect on APs only in case they would insist on configuring it.

We had a similar situation where upper management wanted an audit done and it was obvious the third party had no experience in wireless and the preliminary finding were a word for word output from the free WLC config analyzer you can get from Cisco. They also recommended changing to FlexConnect mode on all our 1000+ APs which we basically laughed at.

 

As stated by others, there are some security concerns as you have to run trunks to your APs, and in a large environment like ours, some SSIDs like BYOD send the user to a DMZ network that you would not want to have down on an access switch etc.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: