Thanks you for your reply,

So the 2500 controller and the aironet 1600 will do the required for me?

Thanks,

Yes that setup will work. What the others are trying to explain is authentication if your WAN goes down. If your AP's are setup for FlexConnect and you are indeed using AP groups, (using 802.1x) you need to have a radius server and a backup AD sever to allow for authentication to still happen if the WAN goes down. If you have resources centralized, then when the WAN goes down, everything else goes down and no new authentications will take place and any re-authentications will fail with 802.1x.

Take a look at these links

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_011.html

Sent from Cisco Technical Support iPhone App

Thank you for your raply,

as i mintioned in my original post, i'm new in the wireless world, so can you please clarify :

What is option 43 and option 60 and are they important( can ?I configure the dhcp on any server without the need to option 43?.

My plan is to let the ADSL router on site  to distribute ip's to the access points...

You need to understand and review how AP's join process is. Option 63 is optional and option 43 can be used to help the ap know of the wlc's IP address. The dhcp server has to be able to do option 43. I like to use DNS to help the AP's join the WLC. You just need to add a record Cisco-capwap-controller and point that to your WLC management IP address.

Here is a good document to review.

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

Sent from Cisco Technical Support iPhone App

Thanks again,

Last question please,

Do I really need 3ed layer switch on the sites that will have access point, note that i dont wana use the same vlan for managment and users.

Thanks,

Yes, If you want to have multiple vlans at branch office then you should have a l3 switch to terminate wireless user traffic at branch level.

HTH

Rasika

**** Pls rate all useful responses ****

Hi Rasika,

please check the follwing scenario:

In a branch I will install one Aironet 1600, we have two lines in the branch the first one is MPLS link and a normal ADSL router.

My plan is to configure the wlc to send configuration through th MPLS netwrok but i want the user to go to internet through the ADSL router

I know its maybe a very basic design but as I mintioned in my first post, I'm a new in the wireless world.

Thanks,

To do this you have to configure FlexConnect with Split Tunneling feature. I think you should consider Flexconnect Central switching with Split tunneling as an option.

I haven't test this feature with locally-switched flexconnect & below is what I did with centrally switched flexconnect for split tunnel. You have to test & come up with a suitable design fit for your requirement

Split Tunneling with FlexConnect.

http://mrncciew.com/2013/09/09/split-tunneling-with-flexconnect/

HTH

Rasika

**** Pls rate all useful responses ****

Thank you for your reply,

Can you please specify the onsite authentication? is it an authentication i will configure on the AP it self?

Thanks,

Can you please specify the onsite authentication? is it an authentication i will configure on the AP it self?

A local authentication server like MS AD, RADIUS or TACACS.