Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

cisco 2500 controller with aironet 1600 access point

Hi,

This my first wireless project, and I have a few questions about the installation :

1- some of the access point will be installed in branch offices, connected to the controller through the main MPLS netwrok ( is that possible).

2- If for any reason the connectivity between the AP and the controller get disconnected what will happend to the users connected to the access point.

3- can I have two vlan on the Aironet 1600, the first one to be connected to the controller through the MPLS netwrok and the second for users to public internet.(internet break out).

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

cisco 2500 controller with aironet 1600 access point

Hi Khaled,

Here are my responses to your queries,

1. Yes, There is specific AP mode called Flexconnect designed for such scenario

2. In flexconnect mode, you can configure AP to local switching & local authentication, which mean if WAN links down, still branch office users can get connected to wireless & do any work within branch. New users will get authenticated by AP locally itself.

3. Yes, this is like simple guest wlan requirement, You can tunnel back all your guest traffic to central controller & then handover to internet without any other acces for them

HTH

Rasika

**** Pls rate all useful responses ****

13 REPLIES
VIP Purple

cisco 2500 controller with aironet 1600 access point

Hi Khaled,

Here are my responses to your queries,

1. Yes, There is specific AP mode called Flexconnect designed for such scenario

2. In flexconnect mode, you can configure AP to local switching & local authentication, which mean if WAN links down, still branch office users can get connected to wireless & do any work within branch. New users will get authenticated by AP locally itself.

3. Yes, this is like simple guest wlan requirement, You can tunnel back all your guest traffic to central controller & then handover to internet without any other acces for them

HTH

Rasika

**** Pls rate all useful responses ****

New Member

cisco 2500 controller with aironet 1600 access point

Thanks you for your reply,

So the 2500 controller and the aironet 1600 will do the required for me?

Thanks,

Hall of Fame Super Silver

Re: cisco 2500 controller with aironet 1600 access point

Yes that setup will work. What the others are trying to explain is authentication if your WAN goes down. If your AP's are setup for FlexConnect and you are indeed using AP groups, (using 802.1x) you need to have a radius server and a backup AD sever to allow for authentication to still happen if the WAN goes down. If you have resources centralized, then when the WAN goes down, everything else goes down and no new authentications will take place and any re-authentications will fail with 802.1x.

Take a look at these links

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_011.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

cisco 2500 controller with aironet 1600 access point

Thank you for your raply,

as i mintioned in my original post, i'm new in the wireless world, so can you please clarify :

What is option 43 and option 60 and are they important( can ?I configure the dhcp on any server without the need to option 43?.

My plan is to let the ADSL router on site  to distribute ip's to the access points...

Hall of Fame Super Silver

Re: cisco 2500 controller with aironet 1600 access point

You need to understand and review how AP's join process is. Option 63 is optional and option 43 can be used to help the ap know of the wlc's IP address. The dhcp server has to be able to do option 43. I like to use DNS to help the AP's join the WLC. You just need to add a record Cisco-capwap-controller and point that to your WLC management IP address.

Here is a good document to review.

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: cisco 2500 controller with aironet 1600 access point

Thanks again,

Last question please,

Do I really need 3ed layer switch on the sites that will have access point, note that i dont wana use the same vlan for managment and users.

Thanks,

VIP Purple

cisco 2500 controller with aironet 1600 access point

Yes, If you want to have multiple vlans at branch office then you should have a l3 switch to terminate wireless user traffic at branch level.

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Re: cisco 2500 controller with aironet 1600 access point

Hi Rasika,

please check the follwing scenario:

In a branch I will install one Aironet 1600, we have two lines in the branch the first one is MPLS link and a normal ADSL router.

My plan is to configure the wlc to send configuration through th MPLS netwrok but i want the user to go to internet through the ADSL router

I know its maybe a very basic design but as I mintioned in my first post, I'm a new in the wireless world.

Thanks,

VIP Purple

cisco 2500 controller with aironet 1600 access point

To do this you have to configure FlexConnect with Split Tunneling feature. I think you should consider Flexconnect Central switching with Split tunneling as an option.

I haven't test this feature with locally-switched flexconnect & below is what I did with centrally switched flexconnect for split tunnel. You have to test & come up with a suitable design fit for your requirement

Split Tunneling with FlexConnect.

http://mrncciew.com/2013/09/09/split-tunneling-with-flexconnect/

HTH

Rasika

**** Pls rate all useful responses ****

Hall of Fame Super Gold

cisco 2500 controller with aironet 1600 access point

2- If for any reason the connectivity between the AP and the controller get disconnected what will happend to the users connected to the access point.

Just to add to Rasika's post, you need to have an on-site authentication.  When the WAN link goes down, you will need a local authentication box so you can continue to accept new clients.  Without any local authentication you will not be able to accept any new clients when the WAN link goes down.

New Member

cisco 2500 controller with aironet 1600 access point

Thank you for your reply,

Can you please specify the onsite authentication? is it an authentication i will configure on the AP it self?

Thanks,

Hall of Fame Super Gold

cisco 2500 controller with aironet 1600 access point

Can you please specify the onsite authentication? is it an authentication i will configure on the AP it self?

A local authentication server like MS AD, RADIUS or TACACS.

cisco 2500 controller with aironet 1600 access point

The authentication is based on

  • Open Authentication to the Access Point
  • •Shared Key Authentication to the Access Point
  • •EAP Authentication to the Network
  • •MAC Address Authentication to the Network
  • •Combining MAC-Based, EAP, and Open Authentication
  • •Using CCKM for Authenticated Clients
  • •Using WPA Key Management
1455
Views
15
Helpful
13
Replies
CreatePlease to create content