Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
9
Replies

Need help on transitioning legacy Cisco lightweight APs to Flexconnect

spfister336
Level 2
Level 2

‎08-15-2023 06:10 AM

We have several remote sites that had used Cisco lightweight APs with a WLC at the central location for several years. These were running in local mode. This summer, we began transitioning to cloud-managed Meraki APs. In order to support both Cisco and Meraki APs in the transition period. We created VLANs at the remote sites, and extended the VLANs across the WAN links. The connectivity to the remote sites is provided by AT&T's ASE on demand switch metro ethernet service.

It's beginning to look like this transition period may continue for some time to come and we will still need to support the 120 Cisco APs that remain in service. The issue I'm concerned about is having the VLANs extended to the remote sites means that AT&T will need to learn all the MAC addresses for each user and there is a 500 address limit that we can't go beyond. Sooner or later this will cause a bottleneck.

I had the idea that maybe converting the remaining Cisco APs to Flexconnect mode might be the answer until those APs can be gotten rid of. I'm having trouble with the making this happen without disruption. I figured I would create a separate Flexconnect WLAN with Flexconnect local switching enabled, add it to each site, and then change the mode on the Cisco APs at that site. The problem is I can't have two WLANs defined with the same SSID and same L2 security policy. I can't see how to convert to Flexconnect gradually, without having to convert all APs over at once. Any advise?

0 Helpful
9 Replies 9

Flavio Miranda
VIP
VIP

‎08-15-2023 06:14 AM

Hi @spfister336 

 Yes, flexconnect is the way to go. What you need to do is create two WLAN profile and then you can create the same SSID with different authentication and different traffic flow.

0 Helpful

spfister336
Level 2
Level 2

‎08-15-2023 06:52 AM

Different authentication might be troublesome. The PSK is hardcoded on each device. Different PSKs will make it hard to take devices from remote site to remote site. It probably doesn't happen all that often, but it is a possibility.

0 Helpful

Flavio Miranda
VIP
VIP
In response to spfister336

‎08-15-2023 06:59 AM

For PSK you can have one per ssid and that it.

0 Helpful

spfister336
Level 2
Level 2

‎08-15-2023 07:07 AM

So, there's no easy way to go about it? We'll have to convert all 120 at the same time?

0 Helpful

spfister336
Level 2
Level 2

‎08-15-2023 07:21 AM

What happens if you enable Flexconnect local switching and the APs are still in local mode? Will the APs still continue to function normally until the mode is changed?

0 Helpful

Rich R
VIP
VIP

‎08-16-2023 08:21 AM

Right ...
1. Change the APs to Flexconnect mode - you can do that any time and it will not make any difference to your existing centrally switched WLAN.
2. Create the new locally switched WLAN with the same SSID and security etc as the existing.
3. Create a new AP group with the new WLAN in it.
4.  When you are ready you can move the APs at each site into the new AP group and then they will switch to the new locally switched WLAN.
5. Remember to configure the flexconnect locally switched VLAN mappings either directly on each AP or via a flexconnect group.  And the AP and switchport must be using the same native VLAN for management of the AP.

The APs usually reboot when you change AP group but there seems to be a bug that it often throws an error when it should do the reboot so you might need to reboot the APs manually after changing the AP group.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/flexconnect.html
and plenty of other guides and videos if you search.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

spfister336
Level 2
Level 2
In response to Rich R

‎08-16-2023 08:30 AM

It won't let me create a second WLAN with the same SSID and security. It won't let me enable it.

0 Helpful

Rich R
VIP
VIP
In response to spfister336

‎08-16-2023 08:37 AM - edited ‎08-16-2023 08:39 AM

What WLAN numbers are you using?
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_ap_groups.html
"By default, each AP is automatically assigned to a default AP group named default-group and WLANs IDs 1 to 16 map to this default group. You must define a custom AP group for WLANs with IDs greater than 16. You must manually assign APs to custom AP groups. The default group cannot be deleted."

You should only be using WLAN numbers >16

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

spfister336
Level 2
Level 2

‎08-16-2023 09:04 AM

OK, thank you... using WLAN numbers > 16 does let me create the WLAN. I'll give this a try!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card