Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FlexConnect (aka H-REAP) and Auto-Anchor functionality

Hi Board,

I never did H-REAP on my wireless deployments. Now, I have an H-REAP (FlexConnect) requirement for branch offices.

Also there is the requirement for guest access at the same time.

From my understanding those features (FlexConnect and Auto-Anchor) should work together.

Please refer to the following exibit:

Auto-Anchor_and_FlexConnect_v0.01.jpg

There is a FlexConnect AP at my branch office. The traffic from internal users (SSID "Internal") should be switches locally at the LAP (Lightweight Access Point). At the same time the guest SSID (SSID "Guest") should be tunneled back via CAPWAP to the controller to which the LAP is associated ("Central Controller"). The guest traffic should not emerge (switched) at the "Central Controller", instead it should be tunneled to an anchor controller in a DMZ via an "Ethernet Over IP tunnel" (Auto-Anchor functionality).

First question: Does this work (FlexConnect in conjunction with Auto-Anchor functionality)?

If this works, where's the web portal for guest authentication hosted (if using the internal web auth on WLC)? On the "central controller" or the Anchor controller? (I guess at the Anchor Controller in the DMZ, right?)

Is it possible to leave the guest SSID "open" with no webauth and still using the Anchor Controller? This would be needed if I have an external web authentication service, which would be hosted by a provider.

Thanks in advance for all your replies!

Johannes

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: FlexConnect (aka H-REAP) and Auto-Anchor functionality

Your statement is in fact correct.  Your guest traffic will be sent back to the flexconnect wlc or wlc and then you would anchor that SSID to the dmz SSID.  The anchor wlc in the dmz will host the webauth, passthrough splash page. This would be the same if you just wanted open auth. Anchoring works either way.  Make sure these ports are open between the anchor and remote wireless LAN controller: UDP 16666 or IP 97

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: FlexConnect (aka H-REAP) and Auto-Anchor functionality

Yes that is what you want.... WLC5508-12.

-Scott
*** Please rate helpful posts ***
9 REPLIES
Hall of Fame Super Silver

Re: FlexConnect (aka H-REAP) and Auto-Anchor functionality

Your statement is in fact correct.  Your guest traffic will be sent back to the flexconnect wlc or wlc and then you would anchor that SSID to the dmz SSID.  The anchor wlc in the dmz will host the webauth, passthrough splash page. This would be the same if you just wanted open auth. Anchoring works either way.  Make sure these ports are open between the anchor and remote wireless LAN controller: UDP 16666 or IP 97

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: FlexConnect (aka H-REAP) and Auto-Anchor functionality

Thank you so much for the answer. One last question if I may:

The anchor controller can be licensed with the smallest AP count, right?

So a 5508 with 12 AP support should do the job.

There are no APs associated at the anchor controller

Hall of Fame Super Silver

Re: FlexConnect (aka H-REAP) and Auto-Anchor functionality

Yes that is what you want.... WLC5508-12.

-Scott
*** Please rate helpful posts ***

FlexConnect (aka H-REAP) and Auto-Anchor functionality

Thanks Scott for helping Johannes..5+ .

Thanks,

Vinay Sharma

Thanks & Regards
New Member

FlexConnect (aka H-REAP) and Auto-Anchor functionality

Yeah - right. Sorry, I totally forgot about rating the second post!

FlexConnect (aka H-REAP) and Auto-Anchor functionality

The document was generated from the following discussion:-

https://supportforums.cisco.com/docs/DOC-24096

Thanks & Regards
Cisco Employee

FlexConnect (aka H-REAP) and Auto-Anchor functionality

From the diagram, can I use a Flex 7500 instead of the 5508 in the central location?

New Member

FlexConnect (aka H-REAP) and Auto-Anchor functionality

The Flex 7500 deployment guide ("

http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml

") states:

"The Cisco FlexConnect Solution also supports  Central Client Data Traffic, but it should be limited to Guest data  traffic only."

later in the document there is a section about Guest access that states "Flex 7500 will allow and continue to support creation of EoIP tunnel to your guest anchor controller in DMZ."

Hope that helps.

Cisco Employee

FlexConnect (aka H-REAP) and Auto-Anchor functionality

Thanks Johannes!

2580
Views
10
Helpful
9
Replies