Leo: i think Eric says it the other way; each remote site has a controller. So, each remote site has auth server reachability guaranteed.

Now, the backup server in data center should reach all auth severs for all sites.

The point is for remote sites you better use hreap. But if you use it temporarily I am not aware about any issue.

Le: are you aware about any issues running local mode in remote sites?

Sent from Cisco Technical Support iPad App

Hi Amjad,

I understood what Eric was trying to do, i.  e., the primary controller is located locally at the site and the secondary controller is located in the DC. 

I've seen this being deployed here where the site's WAN link doesn't justify the WLC to be in the DC.  So that agency resorted in putting a WLC at the site.   Aside from that, the client DID NOT configure a secondary controller because the WAPs are in H-REAP.  If the primary controller at the site fails AND as long as the WAP doesn't reboot then there's nothing to worry about.

That's the beauty of H-REAP/Flexconnect. 

That is a weird design.... you are almost forced to do flexconnect. It almost makes sense to just bring the wlc back to the DC and get enough license to support all the access points. You really cant keep the AP's in local mode unless you want to, but if an ap joins the DC wlc, that ssid will place users a subnet that resides in the DC. Devices will need to obtain a new dhcp address in order to function. This makes it difficult and using flexconnect makes it easier.

Sent from Cisco Technical Support iPad App

The issue is what subnets are at the remote site and at the DC. The subnets are different so how will users have connectivity if the have an ip address that is part of the remote site and then the APs fail to the DC wlc. The DC wlc will only have interfaces to the local subnet at the DC.

Sent from Cisco Technical Support iPhone App

What's your redundancy plan if the WAN link fails?