cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4362
Views
0
Helpful
6
Replies

CAPWAP Question

steelinquisitor
Level 1
Level 1

Hello,

I have some questions regarding the Flexconnect CAPWAP tunnel for Flexconnect APs with local switching. 

1. If I have 10 Flexconnect APs at my branch, would that create 10 CAPWAP tunnels to the WLC located in HQ.

2. How often the flexconnect AP will send the CAPWAP to WLC? 

3. What is the size of flexconnect CAPWAP tunnel keepalives?

4. By default, is CAPWAP tunnel (regardless local or flexconnec) encrypted?

5. The DMZ firewall, what ports should be allowed for the guest traffic (anchor WLC)? Is it just 5246 or 5246 and 5247?

6. Is EoIP encrypted or clear text?

I remember reading something like instead of using EoIP for mobility anchor or foreign wlc, CAPWAP can also be used. I am not sure if this is true or not.

flex capwap tunnel.jpg

Thanks

6 Replies 6

Scott Fella
Hall of Fame
Hall of Fame

1. If I have 10 Flexconnect APs at my branch, would that create 10 CAPWAP tunnels to the WLC located in HQ.

> You might be getting confuesd with mobility tunnels.  The AP can support the max it is licensed for

2. How often the flexconnect AP will send the CAPWAP to WLC?

>

  • AP Heartbeat Timeout—AP Heartbeat timeout value that you can enter. The valid range is 10 to 30 for the Cisco 7500 Series Controller and 1 to 30 for other platforms.
  • Local Mode AP Fast Heartbeat Timer State—Fast heartbeat timer that you can enable or disable for access points in local mode. The default is disable.

3. What is the size of flexconnect CAPWAP tunnel keepalives?

> Look at the previous question

4. By default, is CAPWAP tunnel (regardless local or flexconnec) encrypted?

> Only if you enable Data Encryption, by default this is not enabled.  Typically use only on OfficeExtend

5. The DMZ firewall, what ports should be allowed for the guest traffic (anchor WLC)? Is it just 5246 or 5246 and 5247?

>This doesn't matter since guest traffic would be central switching and you would have a mobility anchor to the guest anchor WLC

6. Is EoIP encrypted or clear text?

> Data is not encrypted unless you enable Data Encryption with the DTLS license.

Some links:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080901caa.shtml

http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml#ft

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott,

I used to work on Motorola's wireless devices and their Flexconnect version was called RF-Domain Manager (AP). Moto uses MINT protocol instead of CAPWAP. The reason I asked the question number one was that on Moto only the RF-Domain Manager talks to the controller, and the rest of the APs reports to RF-Domain Manager. I am not sure how much bandwidth MINT adds, but it is less bandwidth since it's only the domain-manager that talks to the controller.

Before I asked the question number one, I was thinking that each Flex AP reports back to WLC.

About the Q 3, I got confused about this. I was reading the CUWSS quick reference guide, and it mentioned that each AP sends CAPWAP traffic control to the controller and this CAPWAP traffic control size is 0.35kbps; I'm assuming this is local mode only.

I was talking to Cisco rep a couple months ago about Flex APs, he mentioned that a Flex AP takes about 12kbps, so if I have 10 flex APs that would be 120kbps.

I couldn't tell you that info exactly because there would be different numbers depending if AP's are trying to discover, just sending heartbeats, RRM info, etc.

Maybe others out here actually had tools to monitor capwap on the WAN, but none of my customers ever had to or did.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

I remember reading something like instead of using EoIP for mobility anchor or foreign wlc, CAPWAP can also be used. I am not sure if this is true or not.

This is true if you are using NGWC (5760/3850) or existing controllers like 5508/WiSM2 with specific Aireos images (7.3.112.0, 7.5.102 or 7.6.100.0) & new mobility (also called hierarchical mobility)  feature turn-on in those controllers.

Here is the config guide reference how to enable this feature

http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_010010101.html

Hers is the mobiity packet format in that scenarioNew-Mobility-UDP.PNG

HTH

Rasika

**** Pls rate all useful resposnes ****

Rasika,

I apologize for my late reply. Is it better to use CAPWAP for mobility anchor or foreign WLC?

Thanks

Sent from Cisco Technical Support iPhone App

Enable new mobility (or CAPWAP inter-controller mobility) if you have any plan to use NGWC (5760/3850) within your environment with existing these controllers in a mix.

Otherwise you can simply run typical EoIP mobility which is the standard for all legacy controllers (5508/WiSM2/2504)

HTH

Rasika

*** Pls rate all useful responses ***

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: