Solved: flexconnect

James Hoggard · ‎02-11-2014

Hi,

We have a cisco controller at or main site ( 2500 series ) and we have around 8 access point connected to it.

We also have 7 other sites over a IPSEC VPN which have cisco wireless access pointss ( c1140 ) in standalone mode about 4 on each site

Will i need to make the remote access points in standalone mode to lightweight mode? and can this be done remotely?

Does this require some sort of license?

I want to be able to enable roaming and support the AP'S via the controller for all remote sites.

How the 2500 series controller have a limit of AP'S in can support?

any help of this would be great

Thanks.

Scott Fella · ‎02-11-2014

Will i need to make the remote access points in standalone mode to lightweight mode? and can this be done remotely?

> You will need to convert them and it can be done remotly, but over VPN might be a bad thing.

c1140-rcvk9w8-tar.152-4.JB3.tar

http://software.cisco.com/download/release.html?mdfid=282439881&flowid=6789&softwareid=280775090&release=15.2.4-JB3&relind=AVAILABLE&rellifecycle=ED&reltype=latest

Does this require some sort of license?

> No... Your WLC supports X number of AP's depending on your license.

I want to be able to enable roaming and support the AP'S via the controller for all remote sites.

> Roaming is supported, but roaming requires good coverage

How the 2500 series controller have a limit of AP'S in can support?

> Yes... depending on the license. If you look at the main GUI page for the WLC, you will see a number of AP's supported. That will be your max unless you purchase more AP license.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-11-2014

Will i need to make the remote access points in standalone mode to lightweight mode? and can this be done remotely?

> You will need to convert them and it can be done remotly, but over VPN might be a bad thing.

c1140-rcvk9w8-tar.152-4.JB3.tar

http://software.cisco.com/download/release.html?mdfid=282439881&flowid=6789&softwareid=280775090&release=15.2.4-JB3&relind=AVAILABLE&rellifecycle=ED&reltype=latest

Does this require some sort of license?

> No... Your WLC supports X number of AP's depending on your license.

I want to be able to enable roaming and support the AP'S via the controller for all remote sites.

> Roaming is supported, but roaming requires good coverage

How the 2500 series controller have a limit of AP'S in can support?

> Yes... depending on the license. If you look at the main GUI page for the WLC, you will see a number of AP's supported. That will be your max unless you purchase more AP license.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎02-11-2014

Additional notes:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch7_HREA.html

WAN Link

For the FlexConnect AP to function predictably, keep in mind the following with respect to WAN link characteristics:

•Latency—A given WAN link should not impose latencies greater than 100 ms. The AP sends heartbeat messages to the WLC once every thirty seconds. If a heartbeat response is missed, the AP sends five successive heartbeats (one per second) to determine whether connectivity still exists. If connectivity is lost, the FlexConnect AP switches to standalone mode (see Operation Modes for operation mode definitions). The AP itself is relatively delay tolerant. However, at the client, timers associated with authentication are sensitive to link delay, and thus a constraint of < 100 ms is required. Otherwise, the client can time-out waiting to authenticate, which can cause other unpredictable behaviors, such as looping.

•Bandwidth—WAN links should be at least 128 kbps for deployments when up to eight APs are being deployed at a given location. If more than eight APs are deployed, proportionally more bandwidth should be provisioned for the WAN link.

•Path MTU—An MTU no smaller than 500 bytes is required.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

James Hoggard · ‎02-11-2014

we have 100 mbps links at each site however our Hong Kong office gets like 250-300ms ping times from our main office.

Thanks for you help.

James.

rupert.wever · ‎04-28-2014

So I wonder if it is possible to use Flexconnect local authentication and be able to support 1-sec delay WAN links?

Not considering it for voice, but how about data-only traffic?

EAP-TLS (and PEAP for that matter) is supported since 7.5 for Flexconnect local authentication, so client time-outs would not be so bad.

Has anyone been successful doing Flexconnect over links slower than 300ms?

Scott Fella · ‎04-30-2014

That is something you would need to test for yourself. It would be interesting to see if it's stable or not:)

-Scott
*** Please rate helpful posts ***