10-18-2021 05:28 AM - edited 10-18-2021 05:30 AM
Hello,
In the Cat.9800 series datasheet - controllers support maximum 100 FlexConnect APs per site.
Can someone explain me this limit more pragmatically ?
Is it only a best practice or is it a configuration blockage? Somethings like flexconnect profile who not allow more than 100 APs ?
Thanks
Rémi
Solved! Go to Solution.
10-20-2021 01:56 AM - edited 10-20-2021 01:56 AM
@Rémi I can confirm it works.
I have a couple of buildings with 122 and 155 APs using one Flex profile every one of them, and everything is working fine.
I think to remember that I have read in some Cisco document that the maximum number of APs in the same Flex profile is 500, but it's not recommended to configure more that 150 in order to load balance APs between WNCD processes properly. I will look for that document and will share if I can find it again.
HTH
-Jesus
*** Please rate helpful responses ***
10-20-2021 06:48 AM
Cisco 9800 best practices document is very specific on this matter,
Also under 17.3 configuration guides this is highlighted as well.
I understand that since site-tag is directly applied to the AP (not the Flex-profile, it is applied to the site tag) technically you can have whatever the number of AP's under the same site tag, but to avoid issues generally it is recommended to follow the Cisco documentation and guidelines. Also 500 AP per site tag recommendation is referring only to AP's in local mode.
01-27-2023 05:12 AM
I know this is an old thread
10-18-2021 06:46 AM - edited 10-18-2021 06:51 AM
This limitation is there to optimize roaming across Flex AP's, 100 Flex AP's per site tag existed in AireOS controllers as well. So make sure when you are designing to identify the wireless roaming domains and assign the site tags for that Flex AP's accordingly while respecting the maximum Flex AP's per site tag (100 AP's)
To better understand FlexConnect reading below article is recommended
In Cisco Catalyst 9800 Series Wireless Controller, you can define a flex connect site. A flex connect site can have a flex connect profile associate with it. You can have a maximum of 100 access points for each flex connect site.
10-18-2021 07:33 AM
Hi Arshadsaf,
Thank you for your reply.
I understand well the roaming impact if I use serveral domains on the same site and this is not what customer want.
To give you more context. This customer have around 20 sites. From 250 APs to 10 APs per site.
So the goal of my question is - for a site with 110 APs - is it possible to configure it (out of best practice) or the limation of 100 APs is not possible - blocked by the "FlexConnect Profil" configuration ?
Hope I am clear.
10-20-2021 01:15 AM
I do not have any deployment where I have exceeded this limit.
But as documentation implies you cannot add more than 100 AP, even if it is possible I would recommend doing it. specially since it is a voice deployment. The client Pair Master Key (PMK) is distributed among the APs that are part of the same Flex site tag (Max 100 AP's) . If you roam between two Flex site tags, the client will be forced to do a full reauthentication.
10-20-2021 01:47 AM
Hi Arshad,
I will therefore recommend a dedicated controller for this site.
Thanks for your time !
10-18-2021 07:39 AM
Just to add, there has always been a hard limitation on FlexConnect but its really up to how you would design FlexConnect or if the determination would be to use local controllers. You "are" limited to 100 per site, but it doesn't mean you can't have more than one FlexConnect group per site. If there are areas where roaming is not important, like between buildings or there is a gap in wireless coverage, maybe between floors, that is where you can logically have different ap's in different FlexConnect groups. Now you might want to have your controllers in the DC where all your sites are not tunneling traffic and that makes sense, but you have to review this limitation and see if you can work with this limitation with the option I provided above or not. Take a look at other guides and blogs in regards to FlexConnect limitation, even if its for AireOS, because that might help guide you what others have done or decided to do when they ran into a design situation that you are concerned about.
10-20-2021 12:44 AM
Hi Scott,
Thank you also for your reply.
Multiple flex domain will be an issue for customer. It's a medical industry who use WiFi telephony.
Same question as I asked to Arshad but still without answer. Do you know if is it possible to configure a FlexConnect domain (out of best practice) with 110 APs or is it blocked by the "FlexConnect Profil" configuration ?
10-20-2021 07:09 AM
Remi,
No you can't go over 100. You option is to look at the floor plan and see where there might not be any roaming or coverage gaps and look at multiple flex groups. If this is not what you want, then you need to have local controllers, there is not other option here.
10-20-2021 12:39 AM - edited 10-20-2021 12:44 AM
.
10-20-2021 01:56 AM - edited 10-20-2021 01:56 AM
@Rémi I can confirm it works.
I have a couple of buildings with 122 and 155 APs using one Flex profile every one of them, and everything is working fine.
I think to remember that I have read in some Cisco document that the maximum number of APs in the same Flex profile is 500, but it's not recommended to configure more that 150 in order to load balance APs between WNCD processes properly. I will look for that document and will share if I can find it again.
HTH
-Jesus
*** Please rate helpful responses ***
10-20-2021 03:17 AM
Hi Jesus,
Thank you for sharing your experience.
Very helpful !
Are you configure that on Cat. 9800 series platform ?
10-20-2021 03:54 AM
Yes that is correct, I´m using c9800 running 17.3.4
10-20-2021 06:48 AM
Cisco 9800 best practices document is very specific on this matter,
Also under 17.3 configuration guides this is highlighted as well.
I understand that since site-tag is directly applied to the AP (not the Flex-profile, it is applied to the site tag) technically you can have whatever the number of AP's under the same site tag, but to avoid issues generally it is recommended to follow the Cisco documentation and guidelines. Also 500 AP per site tag recommendation is referring only to AP's in local mode.
10-20-2021 07:15 AM
@Arshad Safrulla yes you are right.
I've finally found Cisco's document with that information about number of APs per site tag and I have to admit I was wrong about what Cisco says there.
The guidelines included in the 9800 migration are pages 8-14 of the Session 5 presentation an it says 500 APs under the same Site tag is for local mode APs, but only 100 for Flex APs.
In AireOS this was a real limit to the Flexconnect group, but now with IOS-XE this setting seems like a best practice only but not a real limit. As per Enterprise Mobility Design Guide this limitation is set to avoid sharing excessive cached credentials between all APs in the same Flexconnect group (site tag), as in local mode this task is performed by the controller and not the APs.
It seems to me that Cisco has opened this threshold not to be a real limit but a recommendation, as today's APs have more memory an computational capacity than those at the early stages of the Cisco WLAN infrastructure. Or have Cisco make a mistake during implementation of the code?
It would be great to know Cisco team experts here not about what best practices tell us but what technology implementation allows us regarding AP memory consumption, AP CPU process but also real limit to this setting with modern software and APs.
Is this something that maybe impacting performance during roaming on such big sites with >100 APs? If so, by how much in terms of time to roam? Or should APs crash due to excessive memory/CPU utilization?
10-21-2021 02:04 AM
To make a quick summary. It is not blocked in the configuration and so still a best practice to have.
Cisco repeat clearly several times to don't exceded the limit of 100 APs to be sur to don't experience any issues.
And will be probably the first issue to resolve if a TAC case is needed in the future.
So I think we have "no choice" to follow the best practice. Even if Jesus confirmed us that it works fine with ~150 APs.
Thanks for your times guys. Very helpful !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide