cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1420
Views
40
Helpful
16
Replies

Which vlan does this ip address at AP should be at?

Leftz
Level 4
Level 4

Hello, I got a question when i read the Flexconnect group document (link is listed below). Please see the screenshot which is from this document. The interface g1/0/4 with trunk and native vlan are connected to a AP(flexconnect mode). Based on the interface configuration, I think the AP interface might need to be trunk too. If so, there are at least two vlans and one ip address at this AP. The question is the ip address at the AP should be at vlan 109 or 3? Thank you

 

1.PNG

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/Flex_7500_DG.htm

 

 

 

l

16 Replies 16

AP management always needs to be on an untagged vlan (ie native vlan on that trunk). Therefore in that example, it should be on vlan 109

 

HTH

Rasika

*** Pls rate all useful responses ***

Leftz
Level 4
Level 4

Thank you Rasika very much for your reply. So, which vlan or something else in this AP is connecting this switch's vlan 3 since the AP's ip address is connecting the switch's vlan 109? 

Clients can use vlan 3.

-Scott
*** Please rate helpful posts ***

Thank you Scott. Can we say this ip address and vlan109 at AP are responsible for connecting wlc, while vlan3 is responsible for client's any other traffic? 

Yes, that is correct. In this instance, you configure WLAN as "FlexConnect Local Switching" which means traffic directly terminates on the local switch on vlan 3.

 

There is an option you can configure "FlexConnect Central Switching", in that instance client will get an IP address based on the subnet you map to SSID on the WLC connected swtich.

 

HTH

Rasika

Like Rasika mentioned, all Cisco AP’s need to be connected to an untagged vlan. This is for management purposes. Depending if you use local switching in which the switch port would be a trunk port, any tagged vlans can be used for ssid mapping for wireless clients. 

-Scott
*** Please rate helpful posts ***

Leftz
Level 4
Level 4

If we have several ssid, for example, Corp, byod, and guest, can this vlan 3 work for all these three ssid or we need to create another two vlan so that each ssid/wlan works with each vlan respectively? Thanks

Sure it would work. Think however… why would you have all three on the same subnet with all the same access to services. Your guest would have the same access to your enterprise resources is a good example. Look at it this way. Create SSID’s based off network resource access. Place each ssid that has different access in its own subnet so you can secure that using A FW or acl. Also it’s best not to have more than 2-3 SSID’s.
-Scott
*** Please rate helpful posts ***

No you don't have to create separate VLAN's for each SSID unless all SSID's are locally switching. You can have selected SSID's to centrally switch in Flex Connect, in this case AP will build a capwap tunnel for data using AP management interface with the WLC. All the traffic for centrally switched SSID's will be routed out of this tunnel which is terminating at the WLC.

  • Local switching - Traffic is tunneled back to WLC Traffic is dropped directly in to the switchport 
  • Central switching - Traffic is dropped directly in to the switchport Traffic is tunneled back to WLC 

@Scott Fella Thanks Scott. Corrected.

referring to the switchport config snippet you shared, 3 SSID's and only SSID which is mapped to VLAN 3 is locally switched, other 2 could be centrally switched. Centrally switched SSID's tunnel the traffic back to the WLC. Tunnel source is AP management IP and destination is AP manager interface in WLC. So you don't need to allow the VLAN's mapped to these 2 SSID's in AP uplink. But rather you must allow this in the WLC uplink.

Just a small edit... You have this backwards.

  • Local switching - Traffic is tunneled back to WLC
  • Central switching - Traffic is dropped directly in to the switchport 

Should be:

  • Local switching - Traffic is dropped directly in to the switchport
  • Central switching - Traffic is tunneled back to WLC
-Scott
*** Please rate helpful posts ***

Leftz
Level 4
Level 4

The issue is how to define Local switching. if the connection is like this: AP----SW2-----SW1-----WLC. vlan3 only exists at SW2, and vlan109 exists at SW2, SW1 and WLC, vlan3 traffic only work at SW2, then it can be called local switching, which include dhcp and authentication traffic etc, If vlan3 exist at all three devices SW2, SW1 and WLC, we can call vlan3 traffic as Central switching, is this correct? 

Local switching means that traffic will egress the switch the ap is connected to, so in your case SW2. Central switch means traffic tunnels back to the controller and then egress the port(s) the controller is connected to. Now you need to understand what is required. All vlans need to be routed and on all switches, SW1 and SW2 or else how is traffic going to route if SW1 is L3 and SW2 is L2

-Scott
*** Please rate helpful posts ***

Leftz
Level 4
Level 4

Please see this    Client-----AP ------ SW2 --------WAN-------SW1-----WLC

DHCP server1 is located at SW1 and DHCP server2 is located at SW2. If the client get ip from dhcp server1, we call this traffic as central switch. If the client get ip from dhcp server2, we call it as local switching. Is this correct? or both belong to local switching? 

DHCP has nothing to do with local switching or central switching.  It's how the wireless user traffic flows, either the traffic will tunnel back from the AP to the WLC (central) or the traffic will egress from the AP to the directly connected switch (local switching.

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: