Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Central Authentication / Local Switching for Mesh?

Hi all,

I'm afraid I know the answer but maybe I'm just missing something. Anyway, here's the situation: I have a multi-site installation with a centralized WLC (currently 2504). Each wireless VLAN at each site uses the same ID but has a local network (e.g. site 2 is 192.168.2.0/24, site 3 is 192.168.3.0/24 but both are VLAN 100).

When I configure APs for H-REAP/FlexConnect, there's no problem. Users are authenticated via a centralized RADIUS server (Cisco SecureACS 5.x) and I have local switching enabled so clients pick up an address from a localized DHCP server (ASA firewall in most cases).

However, the impetus for installing the WLC requires a mesh network, consisting of 2 RAPs and 2 MAPs. My catch 22 is now this: if a RAP is in FlexConnect mode, the MAP won't associate, but if the RAP is in RAP mode, the MAP associates, but clients don't appear to get IP addresses (on an iPhone for example, the wheel just keeps spinning until it gives up).

It's my understanding that since the APs are no longer in FlexConnect mode, all the wireless traffic is now being tunneled back through the centralized WLC which associates the VLANs with networks that don't exist on site.

Is my understanding correct? If so, is there any way I can go about achieving what I want to do which is get the FlexConnect effect but still have Mesh capabilities? Right now it seems the obvious (albeit very expensive answer) is to decentralize the WLC and have HA WLC configured on a per site basis.

Any input/advice greatly appreciated. Thank you.

1 REPLY
New Member

Central Authentication / Local Switching for Mesh?

I second your thought about mesh and as for what to do - I don't think you can do anything. Perhaps, a cheap way to solve this problem can be installing a local 2504 at sites that require mesh links. This will allow you terminating all VLAN/SSID mappings locally. Sorry :-(

271
Views
0
Helpful
1
Replies