Solved: Guest Network over Flexconnect Links

Ivaylo Georgiev · ‎07-11-2013

I have an access point at a branch office. I have added it to a flexconnect group because I only want the local SSID and the centrally managed guest SSID to be broadcasted.

I am not sure how the switch port needs to be configured though. I have a 'guest' interface configured on the controller - only for guest networks obviously. The guide says it needs to be a trunk port but I wasn't sure how that would work when the link between the sites is L3.

So if VLAN 10 is my local WLAN which I need broadcasted and VLAN 20 is the guest VLAN at the central office, and there is a L3 link between the locations, how would setting the trunk switch port to the AP to have vlan 20 as a native vlan would be significant since they will be in two different L2 segments?

Thanks,

Ivo.

Scott Fella · ‎07-12-2013

For FlexConnect, you need to use a trunk port if there is more than one vlans. The AP itself will be native vlan and the local WLAN needs to be allowed on the trunk. The guest since it is centralized will be tunneled back to the WLC. SO the trunk port the ap connects to only needs to allow the vlans that the ap is on and any vlans locally for wlans.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

Abhishek Abhishek · ‎07-11-2013

Hello Ivaylo,

As per your query i can suggest you the following solution-

Configuring the Controller for FlexConnect—For a Centrally Switched WLAN Used for Guest Access

Step 1 Choose WLANs to open the WLANs page.

Step 2 From the drop-down list, choose Create New and click Go to open the WLANs > New page.

Step 3 From the Type drop-down list, choose WLAN.

Step 4 In the Profile Name text box, enter guest-central (as per the example in Table 15-1).

Step 5 In the WLAN SSID text box, enter guest-central.

Step 6 From the WLAN ID drop-down list, choose and ID for the WLAN.

Step 7 Click Apply to commit your changes. The WLANs > Edit page appears.

Step 8 In the General tab, select the Status check box to enable the WLAN.

Step 9 In the Security > Layer 2 tab, choose None from the Layer 2 Security drop-down list.

Step 10 In the Security > Layer 3 tab:

a. Choose None from the Layer 3 Security drop-down list.

b. Select the Web Policy check box.

c. Choose Authentication.

Note If you are using an external web server, you must configure a preauthentication access control list (ACL) on the WLAN for the server and then choose this ACL as the WLAN preauthentication ACL on the Layer 3 tab. For more information about ACLs, see Chapter 6 "Configuring Security Solutions."

Step 11 Click Apply to commit your changes.

Step 12 Click Save Configuration to save your changes

For more information please refer to the link-

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html

Hope this will help you.

Ivaylo Georgiev · ‎07-12-2013

Thanks for your feedback but that's not really what I was asking.

Scott Fella · ‎07-12-2013

For FlexConnect, you need to use a trunk port if there is more than one vlans. The AP itself will be native vlan and the local WLAN needs to be allowed on the trunk. The guest since it is centralized will be tunneled back to the WLC. SO the trunk port the ap connects to only needs to allow the vlans that the ap is on and any vlans locally for wlans.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***