05-16-2017 04:17 PM - edited 07-05-2021 07:02 AM
Hello,
I'm experiencing a problem trying to use vWLC (v 8.0.140) + FlexConnect Central Switching.
The device should connect to SSID A and receive, via RADIUS, the VLAN ID = 151.
The SSID A is configured with management interface (VLAN ID 172) and WPA2 + 802.1x.
The APs (1702i and 2702i) are configured with "VLAN Support" enabled (FlexConnect Tab) and the "Native VLAN" is 10. The switch port is configured as access on vlan 10.
A FlexConnect Group is configured for the APs.
I've tried 2 sets of configuration:
Set #1
SSID A config -> Advanced Tab -> FlexConnect Local Switching Disabled
FlexConnect Group -> ACL Mappings = none.
FlexConnect Group -> VLAN-WLAN Mappings = Nothing configured.
Inside AP config (FlexConnect -> VLAN Mapping tab) I can see the SSID A as a Centrally Switched WLAN, but the VLAN ID = N/A.
Set #2
SSID A config -> Advanced Tab -> FlexConnect Local Switching Enabled + Vlan Based Central Switching enabled
FlexConnect Group -> ACL Mappings -> ACL-VLAN Mapping -> Added VLAN ID 172 with Ingress and Egress ACL = none.
FlexConnect Group -> VLAN-WLAN Mappings = Nothing configured.
Inside AP config (FlexConnect -> VLAN Mapping tab) I cannot see any SSID mapped to Centrally Switched WLAN (all blank), but I can see the VLAN-WLAN mapping to VLAN 172 (management interface).
In both sets, the device is capable to receive an IP Address of VLAN 151 (correct), but the traffic is not forwarded. Using wireshark, I captured pieces of traffic and I was able to see traffic from others devices in VLAN 172 (management). So, I'm receiving the correct IP Address (vlan 151), but my traffic is tunnelled to vWLC in a wrong VLAN (vlan 172).
After v8.1 the Central Switching is disabled on vWLC deployments.
Has someone experienced something similar to this? Has someone any clue?
Thanks
08-03-2017 10:15 AM
Try to use trunk on the switch-port where the AP is connected. Works for me.
08-04-2017 05:00 AM
Actually my VMware config was missing the promiscuous mode enabled on the port group.
12-13-2018 12:59 AM
08-03-2017 08:11 PM
Hi Anderson,
I guess the below bug should clarify your concern.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut82883/?referring_site=bugquickviewredir
Below is the snippet from the bug above.
12-29-2017 11:19 PM
According to the bugid you mention, it refers to that this change was made in order to resolve bugid CSCut07470 . However, that bugid can't be viewed by non-Cisco employees apparently.
Regardless, this limitation severely limits the use cases for a virtual controller. Centrally switched WLAN's is absolutely essential in so many scenarios. The most common one is where you have a common guest WLAN that isn't available on the remote L2 domain(s). Furthermore, there should be a HUGE warning sticker on this product, as the limitations with the WLC aren't immediately apparent, and it's difficult to grasp the use case limitations that arise as a part of these functional limitations.
Bottom line: Figure out what causes the issues you were facing that made you disable central switching for WLAN's and fix it. If you don't, you will face angry customers and low sales on this solutions, and customers that need a virtual controller will look for another vendor than Cisco.
12-30-2017 05:18 AM
Local mode is not supported on the vWLC, but both central and local switching is. Just wanted to clarify that as it’s in the FlexConnect deployment guide.
01-01-2018 07:59 AM - edited 01-01-2018 07:59 AM
It used to be like this, however support for central switching with flex-connect on the virtual WLC has been dropped for AireOS 8.0 and newer.
01-02-2018 01:00 AM
Nope, it isn't (anymore):
From the release notes - https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82mr6.html#75970 :
Note FlexConnect local-switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic based on IGMP or MLD snooping.
Note FlexConnect local switching is supported.
So my original comment and opinion still stands.
01-02-2018 02:00 AM
Well... I’m not totally surprised by this. They have done done things like this in the past also. When I was working for a VAR, they would tell us the roadmap of features but never really told us what would be removed. Was a way to push customers to other products unless there were large customers whom still required that feature. They always told us... look at the release notes. Seems to be the easiest path for Cisco to eliminate the data plane and the VM being the issue. Oh well.. at least I’m glad to learn that it’s no longer supported for my knowledge.
06-22-2018 09:22 AM - edited 06-22-2018 09:23 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide