Wireless FlexConnect Group

EUMT0004Fabio · ‎10-06-2014

Hi folks,

due wifi 802.1x implementation our customer decided to implement CCKM for fast roaming of cisco 7925 wifi phones.
At the same time customer have an Headquarter, and about 300 remote sites all of them implement FlexConnet tecnology with local switching.
For every sites he got a 5508 WLC with ver 7.4, and a 5508 in Headquarter as well acting as a backup WLC for remote sites.

Using FlexConnect and CCKM for remote sites requires FlexConnect Grouping.

From Release Notes
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_flexconnect.html#wp1241304

I've noted there is some limit for this configuration that I'd like to be confirmed:
1) 25 APs for FlexConnect group -> true for 5508 WLC?
2) 100 FC Group for 5508 -> is still true in ver 7.4 or higher?

Third question:
I'd like to implement PMK/OKC instead CCKM. How can I do it? I'm missing configuration in GUI menus.

Last question: How can I resolve the FlexConnect Group Limit in my Headquarter due the fact I got more than 100 Groups to create? Is really necessary to add new 5508? No other way?

Thanks a lot

Rasika Nayanajith · ‎10-06-2014

Please confirm you got a 5508 for each branch site ? (ie 300 WLC ?) If it is the case,, why FlexConnect for branches, you can deploy local mode & configure the HQ controller as back up for each branch WLC.

Here is the answers to other queries

1) 25 APs for FlexConnect group -> true for 5508 WLC?

YES

2) 100 FC Group for 5508 -> is still true in ver 7.4 or higher?

NO

3) I'd like to implement PMK/OKC instead CCKM. How can I do it?

Why you want to do this, CCKM is the best for 7925 as that is proprietary fast roaming protocol for Cisco. That is a number 1 best practice in 7925G deployment guide. OKC is not configurable, but enabled automatically when using FlexConnect groups.

4) How can I resolve the FlexConnect Group Limit in my Headquarter due the fact I got more than 100 Groups to create? Is really necessary to add new 5508?

If you require many FlexConnect group then 7500 is the correct platform.(2000 FC group with 7.4)

HTH

Rasika

**** Pls rate all useful responses ****

EUMT0004Fabio · ‎10-06-2014

Thak you Rasika!

We've decided for Flexconnect so we can:

1) allowing WAN QoS for Voice/Data wifi client. Local switching allows voice packet to follow same routing and QoS of wired IP Phone. Analogue reason for PC data traffic. And is more useful when in backup/centralized auth mode. Encapsulate all traffic in CAPWAP tunnel doesn't allow us QoS implementation.

2) now 5508 are present for 80 sites but could growing. All remaining sites are managed by old 2106 WLC. For this purpose in next plan maybe we'll decide for a Centralized WLC. No plan at this moment.

3) so, what's the limit for FC Group in 5508 WLC?

4) OKC allows PKI AP cache as well CCKM. But OKC release fast roaming between different Flexconnect Groups while CCKM not. For sites with more than 30 APs should be very usuful, expecially considering 7925 phones.

Rasika Nayanajith · ‎10-06-2014

Hi

Typically FlexConnect design is for a branch wireless where you DO NOT have a local WLC to terminate CAPWAP.

If you have a WLC at branch & still you deploy FlexConnect at that branch then it is a waste of WLC resource.

Here is my feedback for your points

1) allowing WAN QoS for Voice/Data wifi client. Local switching allows voice packet to follow same routing and QoS of wired IP Phone. Analogue reason for PC data traffic. And is more useful when in backup/centralized auth mode. Encapsulate all traffic in CAPWAP tunnel doesn't allow us QoS implementation.

I understand Wireless QoS is tricky to implement & you will never get same policy for wired/wireless (that's where Unified Access or Converged Access design come onto play-by the way I am not telling you have to go for CA ) You need to assess pros & cons of going for FlexConnect design & I am not sure this QoS is purely justifying go for it.

2) now 5508 are present for 80 sites but could growing. All remaining sites are managed by old 2106 WLC. For this purpose in next plan maybe we'll decide for a Centralized WLC. No plan at this moment.

My view is

All sites you have WLC - Deploy local mode AP with primary WLC as branch & back up as HQ WLC.

All sites you do not have a WLC - Deploy FlexConnect local switching mode with Central Auth where HQ WLC used.

3) so, what's the limit for FC Group in 5508 WLC?

100 (refer the given Ciscolive presentation)

4) OKC allows PKI AP cache as well CCKM. But OKC release fast roaming between different Flexconnect Groups while CCKM not. For sites with more than 30 APs should be very usuful, expecially considering 7925 phones.

When it comes to fast roaming CCKM is the best if it is CCX clients, otherwise 802.11r which is IEEE standard & supported by multivendor clients. OKC is a way vendors implemented prior to 802.11r ratified as a way of fast roaming. So you should not look at OKC over 802.11r or CCKM(if it is for cisco clients)

I think since you are lock-down to this FlexConnect design, you try to overcome the limitations of that design, rather look at high level to see "flexconnect is the best way to go or not" . In my view if it is fastroaming 802.11r is the way forward (CCKM is must if you are 100% cisco clients)

Refer this Ciscolive material for FlexConnect design
BRKEWN-2016 Architecting Network for Branch with Cisco Unified Wireless

Do not forget to rate our responses if that is useful.

HTH

Rasika