Flavio,

Thanks for your response.

Re: FlexConnect - Yes, the APs will fallback to standalone mode in that scenario. I'm considering the option of having FlexConnect APs using authentication local (via backup onsite NPS RADIUS server) and switching local configs. This is to allow the GUEST SSID to allow limited access to local resources such as a locally hosted content servers. The scenario is that the WLAN I'm designing is to be hosted on a large boat, with several floors. The nature of the boats sailings is that the WAN link occasionally goes down because the boat sails out of range of the Radio and Cellular networks, meaning the entire network is isolated for a temporary period. It's highly desirable to NOT trombone back and forth across the low-bandwidth WAN links on these boats, so I would like to locally switch and locally authenticate as much as possible. Therefore, CAPWAP tunnels would need to terminate locally on a switch, not on the WLC.

Re: Routed LAN - The concept is to move the routing domain down the hierarchical LAN to the Access layer, allowing me to extend an IGP like EIGRP into LAN Access layer. This removes the need for SVIs on a Distribution switch and STP between Access and Distribution switches. No more reliance on STP for convergence, and better use of redundant uplinks for more bandwidth, faster convergence around a failure, and overall higher availability.

The question is, because a Routed LAN design means that VLANs are NOT extended between Access switches, then each Access switch/switchstack needs it's own unique subnet/subnets for endpoints. I'm trying to understand the feasibility of designing a solution that can have for example 100 APs, across 5 floors, 20 APs on each floor. Each floor (i.e. each access switch/switchstack) would have unique subnets. I don't want individual SSIDs for each floor, I want the same SSID everywhere, but I don't want to extend a VLAN across my entire LAN to achieve this.

Additionally, this kind of network environment certainly requires FlexConnect APs. The WLCs are in a HA pair in a Data Centre. The use of FlexConnect causes complexity with Roaming at L2 and L3 in terms of supporting certain functions like 802.11r BSS Fast Transition, etc. Do you think you could explain what the impact would be? How would Roaming at L2/L3 work between floors in both a WAN Up and WAN Down scenario?

RE Dynamic Interfaces - Could you elaborate further? I really want to avoid relying on VLANs and trunking to move WLAN traffic around my network if it's possible. But could you explain how this functionality works typically?

Thanks,
Martin

Hi @martinmbne

 

Let´s see if I can help:

 

"The question is, because a Routed LAN design means that VLANs are NOT extended between Access switches, then each Access switch/switchstack needs it's own unique subnet/subnets for endpoints. I'm trying to understand the feasibility of designing a solution that can have for example 100 APs, across 5 floors, 20 APs on each floor. Each floor (i.e. each access switch/switchstack) would have unique subnets. I don't want individual SSIDs for each floor, I want the same SSID everywhere, but I don't want to extend a VLAN across my entire LAN to achieve this."

 

 In Flexconnect you can achieve what you want. The only requirement is that all AP can reach the IP address of Management Interface on WLC.

 

 

"Additionally, this kind of network environment certainly requires FlexConnect APs. The WLCs are in a HA pair in a Data Centre. The use of FlexConnect causes complexity with Roaming at L2 and L3 in terms of supporting certain functions like 802.11r BSS Fast Transition, etc. Do you think you could explain what the impact would be? How would Roaming at L2/L3 work between floors in both a WAN Up and WAN Down scenario?"

 

  Flexconnect will impose some challanges for you. 

Cisco states that:

"Layer 2 switch CAM table updates—When a client roams from one AP to another on a locally-switched WLAN, FlexConnect does not announce to a Layer 2 switch that the client has changed ports. The switch will not discover that the client has roamed until the client performs an ARP request for its default router. This behavior, while subtle, can have an impact on roaming performance."

And:

"

A client that roams (for a given local switched WLAN) between FlexConnect APs that map the WLAN to a different VLAN/subnet will renew their IP addresses to ensure that they have an appropriate address for the network to which they have roamed.

 

RE Dynamic Interfaces - Could you elaborate further? I really want to avoid relying on VLANs and trunking to move WLAN traffic around my network if it's possible. But could you explain how this functionality works typically?

 

Dynamic Interface will not play any role on your environmet as you are using Flexconnect. Dynamic interfaces are just like SVIs and only apply in Central mode.

For you reference:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.html#pgfId-1108090

 

-If I helped you somehow, please, rate it as useful.-

@Rasika Nayanajith and @Flavio Miranda thank you both for your comments so far.

 

Rasika,

Appreciate your comments.

Unfortunately, I'm unable to deploy my APs in local mode as the network has limitations from a WAN bandwidth and availability perspective. This is unavoidable at the moment. For that reason, I need to retain as much functionality as possible in the local branch so that the network can operate in WAN down scenarios.

 

Additionally, because of the limited WAN bandwidth, tromboning of CAPWAP control and data traffic is not desirable, which means that local switching is appropriate for when endpoints want to reach other endpoints in the same branch over the WLAN. (NB. a local backup RADIUS server at the branch is available).

 

I'm looking to find a summary of the WLAN configuration for a Routed Access LAN design for these reasons, but I have been unsuccessful. Could you possibly summarise what would be required to achieve such a solution? I'm keen to hear other views on how to optimally build a network that meets best practices but also is mindful of the limitations I have.

 

Thanks,

Martin

Hi Martin,

 

I haven't seen any Cisco documents that specifically talk about wireless in Routed Access design. In general below best practice guide should cover most of the recommended settings.

 

https://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-5/82463-wlc-config-best-practice.html#pgfId-402272

 

HTH

Rasika

*** Pls rate all useful responses ***

Rasika,

Thanks for the information. I'll take a look at best practices - I wasn't aware of Split-Tunnelling option to reach certain local IPs.

 

Hopefully someone else has configured this in practice and will chip in with some suggestions.