Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
5
Replies

AP registration through VPN and routing guest traffic locally

Go to solution
abhisar patil
Level 1
Level 1

‎10-07-2014 01:07 AM - edited ‎07-05-2021 01:39 AM

Dear Team,

 

This is regarding Cisco CAP registering through VPN to remote WLC, this we can achieve. I want to the know the user traffic ex. Guest, it will be routed through VPN and then to internet or is there any way that we can route the traffic locally to internet. I have two SSIDs Guest and Staff.

 

Please help to clarify.

 

Thank You,

Abhisar.

 

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-07-2014 01:48 AM

Hi Abhisar,

If you configure this AP into FlexConnect mode (by default it is local mode) & then enable local switching for the SSIDs you want to locally terminate traffic.

Refer FlexConnect config guide related to the software version you are running on your WLC

 

HTH

Rasika

**** Pls rate all useful responses ****

View solution in original post

0 Helpful

Go to solution
Dhiresh Yadav
Cisco Employee
Cisco Employee
In response to abhisar patil

‎10-07-2014 02:10 AM

Hi,

 

Please go though the link which I shared. What you are asking is normally used and is very much possible.

"I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally."

This is central authentication and local switching. So for initial authentication , WLC will be used and after that for DHCP and local traffic route ..local vlans would be used. Although here , several other variations are possible as given in that link. You can have same ssid at central and at remote.

Go through that deployment guide for setting it up

Regards

Dhiresh

**** Pls rate all useful responses ****

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Dhiresh Yadav
Cisco Employee
Cisco Employee

‎10-07-2014 01:45 AM

Hi ,

 

Which VPN?//

AP to get register to WLC need reachability to the WLC and specific ports to be opened for capwap.If you dont want user traffic to be sent to the WLC , use Flex connect local switching to dump the user traffic to the local switch. From there on , it would be your switch and routers who would take that data to the Internet , the way they do for wired users.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/Flex_7500_DG.html

There are other Cisco remote solution also like OEAP but for this requirement flex deployment looks best.

Regards

Dhiresh

0 Helpful

Go to solution
abhisar patil
Level 1
Level 1
In response to Dhiresh Yadav

‎10-07-2014 02:02 AM

Dear Rasika/Dhiresh,

 

Thank you for your reply. Just one confirmation regarding SSIDs.

I have four access points and WLC 2504 in main branch with Guest and Staff SSIDs. Now, when I connect new 2600 APs in remote branch and register to WLC 2504(Over Site to Site VPN), I will get same SSIDs in remote branch as well, correct? And then use flexconnect and local switch to route traffic locally or I have to configure new SSIDs with new DHCP scope at remote office?

I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally.

 

Please clarify how will be the setup.

 

Thank You,

Abhisar.

0 Helpful

Go to solution
Dhiresh Yadav
Cisco Employee
Cisco Employee
In response to abhisar patil

‎10-07-2014 02:10 AM

Hi,

 

Please go though the link which I shared. What you are asking is normally used and is very much possible.

"I am asking this because, we want to use same guest portal for users in remote office and generate passwords for them and then route the traffic locally."

This is central authentication and local switching. So for initial authentication , WLC will be used and after that for DHCP and local traffic route ..local vlans would be used. Although here , several other variations are possible as given in that link. You can have same ssid at central and at remote.

Go through that deployment guide for setting it up

Regards

Dhiresh

**** Pls rate all useful responses ****

0 Helpful

Go to solution
abhisar patil
Level 1
Level 1
In response to Dhiresh Yadav

‎10-07-2014 02:42 AM

Dear Dhiresh,

 

Thank you. I will check the guide, will come back if something.

 

Thank You,

Abhisar.

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP

‎10-07-2014 01:48 AM

Hi Abhisar,

If you configure this AP into FlexConnect mode (by default it is local mode) & then enable local switching for the SSIDs you want to locally terminate traffic.

Refer FlexConnect config guide related to the software version you are running on your WLC

 

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card