WLC 5508 and AP in the same location is working great, what config steps are needed to register AP located in remote office with WLC in HQ
The Subnet range in remote office is different but WLC reachability is there.
You can configure AP in H-REAP/FlexConnect mode & terminate brach user traffic at branch switch (local switching) rather all traffic tunnel back to your HQ-WLC.
Below post help you to configure an AP in H-REAP/FlexConnect mode
**** Pls rate all useful responses ****
If the AP is already in the Remote office, how do we register the AP with central WLC
the link shared by you is little confusing.
lets say Central WLC has ssid 'data' if remote AP is registered to central AP then client can connect to SSID 'data'
which ip address will the client in remote office get ? and what happens if the WAN link is down ? How the authentication works and from where the user wil get IP address
You can get branch AP registered to your WLC in multiple ways (DNS, Broadcast forwarding, DHCP option 43 or static).
If you have AP console access, adding below command on AP console would be easiest way to get it register.
LAP#capwap ap controller ip address
If you have multiple AP, then setting a DNS entry for CISCO-CAPWAP-CONTROLLER.your_domain_name pointing to your WLC management IP would help all AP to find the WLC
Regarding H-REAP question see below
If you configure SSID to "local switching", then any AP configured as H-REAP/FlexConnect will terminate traffic at the switch at your branch (this won't impact any Local mode APs). Client will get the IP you assigned at brach switch for user VLAN (in my example branch users will get IP from vlan 23 which is defined on branch switch where as HQ users will get IP from vlan 12 which is defined on HQ). Still Authentication traffic will comeback to WLC as long as WAN lik is up.
If WAN goes down, then already connected client will remain up, but no new authentications. So users can access any resources within the branch.
**** Pls rate all useful responses ****
users should get ip address from vlan id 12 in remote office, what config is needed on switchport connected to AP.
static IP address needs to be configured for AP management
1. Next time, when configuring static IP for the AP, configure the High Availability feature (Wireless -> AP -> High Availability tab in GUI) for that AP as well. In this way AP will know where to go to register as long as AP has reachability to WLC (no any other methods required).If you are staging your AP before send it to branch this is a good practice.
If you already send APs to branch & they are yet to register with WLC then you can configure the below command on AP CLI to get this done.
LAP#capwap ap primary-base
2. Yes, user will get DHCP address from branch DHCP server as long as you configure "ip helper-address x.x.x.x" in VLAN12 SVI of your branch switch. If you configure the DHCP on switch itself then it is not required.
3. What secuirity method used in your SSID, if 802.1x configured, then you need to have secondary authentication server at your branch, to authenticate users if WAN link is down. If you configured local switching/central authentication, then no new client will be authenticated, but still previously authenticated client will work even WAN link fails.
switchport to be configured as trunk port & if you read the given blog post, all required configureation was listed.
*** Pls rate all useful responses ****
Well I lived this some time ago. Let try to help.
1.- The link betwwen your AP and your Switch could be configured as trunk.
description Access Point FlexConnect Port
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport trunk allowed vlan 30,40
switchport mode trunk
In this example vlan 30 is my manegement vlan and vlan 40 is for my wireless users.
2.- Yo can create a DHCP pool for you WLAN on your remote switch and select "Local Switching" or if doesn't matter to you the traffic can rach to WLC.
I know you have a lot of questions, please try to use this link.
Try with Rasika post surely it will works too.
Point#2 on your reply is not clear
Hello Rasika - Thanks for your reply
Here we go.
Your wlan users need to get an ip address I advice have a specific segment for your WLAN user, don't need it, but for me it's a good practice. so you can setup this dhcp on you HQ offices if don't bother you that the traffic back to the WLC. Why can bother you? well if you're thinking use voice over ip or video-conference that could be affect your network performace.
As well you can set up a DHCP server on your branch Office, for example on your Switch.
Well you need to evalute what's more important security or HA. Let me try to explain.
If you want to use 802.1x as authentication method probably you have an RADIUS server in you HQ Offices if you want to have HA you need another RADIUS Sever on your branch Office with same DB. That could be complicated.
If you use WPA2 as authentication method the remote AP keep this key and you will be able to keep your connection.
It depends of you and what do you need. could be the same but maybe for troubleshooting task that would be a best practice have different segments.
I'm not sure about his because I never disable the broadcastins but surely if podibble.