I'm implementing flexconnect for a customer and I would kindly need your support, as we have a problem with internet reachability from clients. I'd like to point out that this is not a branch office but it's their only office, so from the beginning it's not a best practice to implement flexconnect, in fact at first we opted to configure the AP in local mode (the standard one) and everything work
The architecture currently consists of 2 distribution cores (9500) that are directly connected to perimeter switch which in turn is connected the Huawei cpe (of service provider) . The only routing is a default route versus CPE.
WLC 3540 (in SSO mode) are connected to 2 access switches because the customer is not yet in possession of the transceivers to connect them to the CORE (even this thing is not a best practice).
Today doing some tests and enabling the flexconnect as Cisco guide and with Central DHCP (so we don't have to create the pools on the access switches), we had problems with the traffic to the internet; first of all the ip is released correctly but, from a traceroute we saw that the packets get stuck to the CORE, which it didn't do in the local mode (in fact before it was released correctly on the internet). As for the internal traffic, even between different vlan, the flexconnect works correctly not passing through the WLC.
is it possible that the NAT-PAT option of the DHCP central does a weird NAT and my client presents itself with another ip that is then blocked by the perimeter switch with an ACL? (customer doesn't have any Firewall yet). I don't have privilige to access in this switch because is managed by service provider.
The Flexconnect configuration is done as standard: I configured the port of the switch where the ap is connected with the native management vlan and the other vlan in allowed; I did the vlan mapping on the ap and enabled the flexconnect local switching under the WLAN.
I don’t understand why you have SSO with FlexConnect with one building, what is the use case for this design? Anyways, there is a difference when FlexConnect is enabled as you can have centrally switched or locally switched. Then it also depends on how your FlexConnect groups are defined. Once you understand your current design, look at how the traffic egress out so you know where the issue might be. If local connectivity if fine, then I don’t see any issue with the wireless. If the issue is with internet, then look at your NAT and make sure that is not an issue.
Greetings!Thank you for the overwhelming response and feedback for the first 17.3.4 EFT/Beta release.
Now we are excited to announce the second refresh of 17.3.4 EFT/Beta Program for PRODUCTION deployments.
This release is the s...
It’s been about two and half years, since the launch of next generation Cisco Catalyst 9800 Wireless LAN Controllers that has the most deployment flexibility and runs the modular, scalable, highly reliable, open and programmable operating system, I...
Hi All, I have made this video for Cisco Pitch the Future Contest in Malaysia which talks about Wi-Fi 6 and EWC Demo. Please feel free to view the video below and please support me for this contest by giving the video a like as the Contest will end o...
On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN...