Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

To FlexConnect or not to FlexConnect

I have the following setup

local office with

- WLC 5508 - 4 port LAG connection

- RADIUS server

- LWAP 1142N

I also have four remote sites that are connected with 1GB fiber to the main office

I have four WLANS

- Faculty (802.1x)

- Students (802.1x)

- Mobile Devices (WPA2-PSK)

- Personal Devices (802.1x)

Each WLAN is configured with FlexConnect Local Switching even though in my office I obviously don't use FlexConnect but local.

Questions:

Do I need a separate WLAN for Local and Flexconnect or are my settings correct?

I know it works as I have good network connectivity but as far as optimization i wasn't sure it if was preferred to keep them separate.


Is FlexConnect Local Auth on my WPA2 WLAN only for failover or would enabling it improve my network.

I would imagine the clients would just check with the APs if the password is correct instead of checking with he controller.

I have 43200 secs session timeout for my 802.1x WLAN and no session timeout for WPA2. Is this appropriate?

Thanks!

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: To FlexConnect or not to FlexConnect

1. You do not require seperate WLAN for local & Flexconnect. Even though you configure "lcoal switching" on your WLAN it is only applicable to "flexconnect" mode APs & not local mode APs. So your set up is ok in that sense. Since you have 1G fibre links to remote office, I do not see a real reason for configure them as FlecConnect.

2.  If you enable Flexconnect local Auth, then main use advantage is even if your controller is unavailable remote office user can authenticate & connect to wireless network provided that remote office can reach your authentication server such as Radius/AD. If you configured WPA2/PSK then those key information will be cached in AP to use in case WLC unavailable.

3. No problem with session timeout value configured. It is depend on your requirement how long you want to keep a seesion befored time-out & require re-authenticate.

HTH

Rasika

*** Pls rate all useful responses ***

2 REPLIES
VIP Purple

Re: To FlexConnect or not to FlexConnect

1. You do not require seperate WLAN for local & Flexconnect. Even though you configure "lcoal switching" on your WLAN it is only applicable to "flexconnect" mode APs & not local mode APs. So your set up is ok in that sense. Since you have 1G fibre links to remote office, I do not see a real reason for configure them as FlecConnect.

2.  If you enable Flexconnect local Auth, then main use advantage is even if your controller is unavailable remote office user can authenticate & connect to wireless network provided that remote office can reach your authentication server such as Radius/AD. If you configured WPA2/PSK then those key information will be cached in AP to use in case WLC unavailable.

3. No problem with session timeout value configured. It is depend on your requirement how long you want to keep a seesion befored time-out & require re-authenticate.

HTH

Rasika

*** Pls rate all useful responses ***

Community Member

Hi Rasika,I need to set up a

Hi Rasika,

I need to set up a single SSID with Local and Flex APs.

Are there any RADIUS attributes that I can tell the controller to send in the RADIUS authZ request so that my RADIUS server, ISE, can distinguish whether the user is connected to a Local Mode AP or a Flex Mode AP?

Currently I think my WLC only sends its controller name which is not going to help me. I know that there is a NAS-ID in the AP Group which can be configured, so will that help me? I also do not see a NAS-ID option in the FlexConnect Group so do you know what will be sent in the RADIUS request as an ID?

Thanks

Mario

304
Views
0
Helpful
2
Replies
CreatePlease to create content