1.In this scenario would you use flex connect mode?
If you cannot afford another WLC, flexconnect mode should work fine. Flexconnect local switching could save you some bandwidth on the WAN or site-to-site links--you may want to look into that.
2.Can you use 802.1X PEAP, if both controllers are lost will only local auth work like wpa etc?
You can use PEAP, and even if both controllers are lost, you can still configure the AP or FlexConnect group with AAA/RADIUS servers directly. In the case of both controllers failing, the AP will act as the authenticator and will send authentication requests directly to the RADIUS server (instead of the WLC).
The other option is to use local RADIUS users. The flexconnect APs will store a copy of the local user DB and can authenticate clients locally. Obviously this is not ideal as you will probably need to have the users change the username/password they are using in their supplicant.
Note that in this case you will need to add the APs to the list of allowed authenticators in your RADIUS server (add them as Network Access Devices (NADs) in ISE, for example).
3.will roaming work in flex connect mode?
Yes..assuming that you have configured the AAA servers for failover scenario in flexconnect group as stated above OR you have clients re-authenticate using local RADIUS user accounts (each Flexconnect AP will have a local copy of the local RADIUS user database to re-authenticate clients upon roaming).
I would beg to differ from others here. I would actually recommend using APs in Flexconnect mode to save money and bandwidth. The whole purpose behind developing the Flex mode was to save money and bandwidth on across the WAn links.
++ You can deploy all the APs in the 3rd site as flexconnect APs with local switching. This way all the data traffic for the clients would directly be switched to the distribution system from the local AP and would not traverse back to the WLC.
++ You need to have all the Flex APs at same site to be in same Flexconnect group to enable seamless roaming of clients on that site.
++ In case of a link failure between the WLC and the remote site , the AP will automatically start working as a standalone AP.
++ Rest all the queries have been brilliantly answered by other friends of ours.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...