Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
4
Helpful
8
Replies

Local mode AP vs central switched FlexConnect AP

Go to solution
a1111
Level 1
Level 1

‎04-13-2025 10:31 AM - edited ‎04-13-2025 10:54 AM

Hello,

Can someone please help me with the following?

What's the difference between a local mode AP and a FlexConnect AP that does central switching?

Both of them have CAPWAP data and control tunnels to the WLC, and neither of them work if the connection to the WLC is down.

The only difference seems to be that a central switched FlexConnect AP can have local switching configured as a fallback -- but that's optional.

But then, when would you use local mode AP instead of a central switched FlexConnect AP?

Is a local mode AP just a central switched FlexConnect AP that's easier to configure? So the benefit of a central switched FlexConnect AP is less headache for the IT team, as well as for everyone else if the IT team makes a mistake and causes some issues?

Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to a1111

‎04-13-2025 01:01 PM

@a1111 

Some advanced features available in centralized deployments might not be fully supported in Flexconnect mode. 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Go to solution
Rich R
VIP
VIP

‎04-13-2025 02:31 PM

That last point M02@rt37 made is the key one - there are certain features which are only supported on Local Mode APs. (doesn't make much sense in my opinion but that's the way it is)

Also, Local Mode and Flexconnect Central Switching are not 100% identical - there are some small technical differences under the covers.  For example we use MAB + Web auth for remote sites where client association depends on the MAB radius reply before fallback to web auth.  In Local Mode that will sometimes timeout before the AP gets the radius reply and client association fails.  By switching to Flexconnect Mode (still central switching) the AP increases the timer and allows the client to associate while waiting for the reply.  These timers and behaviour are not otherwise tuneable and this is how TAC/BU told us to solve the association timeouts. So now all our APs are set to Flexconnect Mode even if they only have centrally switched WLANs.

As to the use case - we have some SSID (WLAN) which are centrally switched and some which are locally switched (on the same APs) so that necessarily requires the AP to be in Flexconnect Mode too.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

8 Replies 8

Go to solution
M02@rt37
VIP
VIP

‎04-13-2025 11:46 AM

Hello @a1111 

The key diference lies in what happen when the WLC become unreachable. A local mode AP simply stops functioning—clients are dropped, and the AP becomes inactive. In contrast, a Flexconnect AP can be configured with a fallback mechanism that allows it to switch SSIDs to local mode and maintain client connectivity even during a WAN or WLC outage.

Flexconnect was specifically designed for branch or remote locations where WLC conectivity may be over a WAN and not always reliable. So, while a Flexconnect AP with central switching may behave like a local mode AP under normal conditions, it offers the option to locally switch traffic or failover during outages.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
a1111
Level 1
Level 1
In response to M02@rt37

‎04-13-2025 11:59 AM

Hello,

Thank you. Yes, I know that. However, when would you use local mode AP instead of a central switched FlexConnect AP? It seems like there's no good use case for that instead of central switched FC with the optional fallback configured.

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to a1111

‎04-13-2025 12:13 PM

@a1111 

It is a question of design. This choice hinges on various factors, including network topology, performance requirements, feature needs? and operational considerations...

In centralized deployment, such as large campus, local mode is often preferred. In this configuration, all client traffic is tunneled back to the controller, facilitating centralized management and seamless client roaming across access points.

However, local mode relies heavily on the controller's availability; if the controller becomes unreachable, access points in local mode may cease to function properly.

Conversely, Flexconnect mode is designed for remote or branch sites where deploying a local controller may not be feasible. In Flexvonnect mode, AP can switch client data trafic locally, reducing WAN Bw usage and allowing continued operation even if the connection to the central controler is lost.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
a1111
Level 1
Level 1
In response to M02@rt37

‎04-13-2025 12:26 PM

Thanks. Yes, that part is clear. 

But if both Local Mode and FlexConnect (with central switching) behave the same, then what’s the point of using Local Mode? Why not just always use FlexConnect with optional fallback?

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to a1111

‎04-13-2025 01:01 PM

@a1111 

Some advanced features available in centralized deployments might not be fully supported in Flexconnect mode. 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
Rich R
VIP
VIP

‎04-13-2025 02:31 PM

That last point M02@rt37 made is the key one - there are certain features which are only supported on Local Mode APs. (doesn't make much sense in my opinion but that's the way it is)

Also, Local Mode and Flexconnect Central Switching are not 100% identical - there are some small technical differences under the covers.  For example we use MAB + Web auth for remote sites where client association depends on the MAB radius reply before fallback to web auth.  In Local Mode that will sometimes timeout before the AP gets the radius reply and client association fails.  By switching to Flexconnect Mode (still central switching) the AP increases the timer and allows the client to associate while waiting for the reply.  These timers and behaviour are not otherwise tuneable and this is how TAC/BU told us to solve the association timeouts. So now all our APs are set to Flexconnect Mode even if they only have centrally switched WLANs.

As to the use case - we have some SSID (WLAN) which are centrally switched and some which are locally switched (on the same APs) so that necessarily requires the AP to be in Flexconnect Mode too.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
a1111
Level 1
Level 1
In response to Rich R

‎04-13-2025 03:33 PM

Thank you.

So then I was wrong, and the statement "local mode AP just a central switched FlexConnect AP that's easier to configure" is false.

Then these differences are incidental? In other words, they have nothing to do with the common behavior of local mode APs and central switched FC APs without a fallback configured, which is that both send user traffic via their CAPWAP data tunnel to the WLC? So they have these other differences because of unrelated reasons? It's just a design choice that cisco made?

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to a1111

‎04-13-2025 11:57 PM

Yes I'd say that's about right <smile>

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card