Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3780
Views
15
Helpful
12
Replies

Wireless split tunneling

Go to solution
ciscoworlds
Level 4
Level 4

‎05-22-2019 03:35 AM - edited ‎07-05-2021 10:26 AM

Hi;

hasn't been Flexconnect feature invented to locally switch WLANs in remote branches without sending traffic to the central WLC? So what is the application of split tunneling?

I read the documents and noticed that split tunneling makes some WLANs to be switched locally and let the rest to be centrally switched! So as I know this is what we exactly do with flexconnect; Then why do we need split tunneling? Even I got more confused when I saw the term "Flexconnect Split tunneling". ! 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alex Pfeil
Level 7
Level 7
In response to ciscoworlds

‎05-22-2019 01:06 PM

I currently use FlexConnect to have one SSID local and another SSID centrally switched. This is FlexConnect.

 

FlexConnect Split-tunneling would be having one SSID with some of the traffic centrally switched and some of the traffic switched locally. If you are already doing this, then you are doing FlexConnect Split-tunneling.

 

Please mark helpful posts.

View solution in original post

12 Replies 12

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎05-22-2019 03:55 AM

One reason would be, that you have an SSID for high security, which you want to process the traffic centrally while also offering a second SSID for guests, which is processed locally.
0 Helpful

Go to solution
ciscoworlds
Level 4
Level 4
In response to patoberli

‎05-22-2019 04:30 AM

For this, I can make that guest WLAN flexconnect-enabled and keep the high-secure SSID to go through WAN links to the central WLC and not use any split tunneling at all! So what is the benefit of the split tunneling here if the original idea of the flexconnect is the same?!
0 Helpful

Go to solution
Alex Pfeil
Level 7
Level 7

‎05-22-2019 03:57 AM

FlexConnect is used to allow an SSID to be locally switched instead of tunneled back to the WLAN controller. It is also possible to have some SSIDs locally switched, while having other SSIDs tunneled back to the controller.

 

The purpose of a split-tunnel would be to have some traffic locally switched, while having other traffic tunneled back to the controller. The idea is to save bandwidth by keeping local traffic, local.

Here is a good reference on the forum.

https://community.cisco.com/t5/forums/replypage/board-id/5956-discussions-getting-started-wireles/message-id/109117

0 Helpful

Go to solution
ciscoworlds
Level 4
Level 4
In response to Alex Pfeil

‎05-22-2019 04:26 AM - edited ‎05-22-2019 04:28 AM

@Alex Pfeil wrote:

The purpose of a split-tunnel would be to have some traffic locally switched, while having other traffic tunneled back to the controller. The idea is to save bandwidth by keeping local traffic, local.

So this is what we are still doing with flexconnect; letting some SSIDs to switch locally in the branch and permitting other WLANs which are not flexconnect enabled, to go through WAN links to the WLC at the central location. So if we are still able to do the exact same thing with the help of flexconnect what is the benefit of adding split tunneling to it?!

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to ciscoworlds

‎05-22-2019 04:54 AM

With Flexconnect, the AP will continue to work if the WLC is unreachable. This is not the case with local-mode APs.
On the other hand, Flexconnect offers various down sides which might make it unattractive.
0 Helpful

Go to solution
ciscoworlds
Level 4
Level 4
In response to patoberli

‎05-22-2019 05:30 AM

@patoberli wrote:
With Flexconnect, the AP will continue to work if the WLC is unreachable. This is not the case with local-mode APs.
On the other hand, Flexconnect offers various down sides which might make it unattractive.

So you said that split tunneling and flexconnect are 2 different technologies with no relation to each other? If yes, then why it is called ""flexconnect split tunneling""? and why is split tunneling configured inside the flexconnect menu on the WLC?! Are we able to ignore flexconnect feature at all and go with split tunneling instead?

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to ciscoworlds

‎05-22-2019 05:45 AM

It depends, there are/were some special split tunnel functions for OEAP, see here: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-602-officeextend-access-point/117540-configure-splittunneloeap-00.html
For more recent variants, I recommend this document here, which shows some examples on when to use Flexconfig with split tunneling:
https://mrncciew.com/2013/09/09/split-tunneling-with-flexconnect/
0 Helpful

Go to solution
pieterh
VIP
VIP
In response to patoberli

‎05-22-2019 06:23 AM

You can profit from split tunneling in a situation where

- most data is sent centrally (server-access in datacenter or cloud)

- but some data is better kept local (local-printers, Skype p2p etc)

especially when the communication is within the same office, it is no use to hair-pinning this traffic .

Go to solution
ciscoworlds
Level 4
Level 4
In response to pieterh

‎05-22-2019 07:10 AM

@pieterh wrote:

You can profit from split tunneling in a situation where

- most data is sent centrally (server-access in datacenter or cloud)

- but some data is better kept local (local-printers, Skype p2p etc)

especially when the communication is within the same office, it is no use to hair-pinning this traffic .

Hi;

I understand why we might need a technology to not to redirect local-to-local traffic over thee WAN link to the HQ where the WLC has been installed. I already know why we need such technology, but What I don't know is that why we need split tunneling to accomplish this goal while we already use "flexconnect" feature to do this. 

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to ciscoworlds

‎05-22-2019 07:20 AM - edited ‎05-22-2019 11:55 PM

Because this technology allows you to do this, without having access to the infrastructure where the AP is working in, i.e. a home office.

This allows you to create an OEAP for your employees, which they can take home. They get a single SSID offered, for which the company traffic is tunneled back to the company and splits out home-user traffic which uses your employees internet provider for the "normal" enduser access. 

Another would be wireless-voice, where you only have the VOIP traffic tunneled back to HQ for processing, while all other traffic is kept locally, so that you don't saturate the slow internet link of the satellite company.

[edit]

Corrected my response.

Go to solution
ciscoworlds
Level 4
Level 4
In response to patoberli

‎05-23-2019 03:56 AM

I probably got the answer. With flex connect we get more than one SSID, some of them are going to switch traffic locally and some of them redirecting traffic to the HQ toward central WLC. But with split tunneling (like what we do with VPN where the technology name is the same there too), we get a single SSID and use split tunneling ACLs to define which traffic needs to go to the HQ and which one needs local interception at the branch. 

0 Helpful

Go to solution
Alex Pfeil
Level 7
Level 7
In response to ciscoworlds

‎05-22-2019 01:06 PM

I currently use FlexConnect to have one SSID local and another SSID centrally switched. This is FlexConnect.

 

FlexConnect Split-tunneling would be having one SSID with some of the traffic centrally switched and some of the traffic switched locally. If you are already doing this, then you are doing FlexConnect Split-tunneling.

 

Please mark helpful posts.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card