As part of SP-wifi solution, Cisco wireless is providing some Key features
Key Points based on 7.3 version for WLC
NAT/PAT is configured implicitly on Cisco AP.
Manual configuration of NAT/PAT on Cisco AP is not supported.
Static NAT is NOT supported.
Central-DHCP is supported only on local-switching wlan.
NAT/PAT and DNS Override can be configured only when Central-DHCP is configured.
Only Flex AP is supported.
NOTE- Central-DHCP, DNS Override and NAT/PAT can be enabled at three different levels – on WLAN (local-switching), on Flex AP.
Point to remember-- All three features [central-dhcp, dns override and nat/pat] by default will be enabled on PPPoE AP when WLAN is configured as local-switching and cannot be disabled or deleted.
Let’s discuss in detail.
Wireless client gets IP address from central-site even though wlan is configured with Local-switching. Before this feature there was no way to control DHCP addressing from central site for local-switched wireless clients. If the feature is enabled then the Cisco AP sends DHCP packets to WLC using CAPWAP, same as central-switching wlan. When client gets IP Address, AP starts local-switching for DATA traffic. When local-switching and Central-DHCP is enabled, Cisco AP will do Authentication and DHCP for wireless client at Central-site (same as central-switching) and data traffic (except DHCP) will be local-switched.
NOTE– Local-auth on Flex AP is NOT supported when Central-DHCP is enabled.
NOTE– DHCP_Required option has to be enabled before enabling Central-DHCP on wlan. DHCP_Required is will be enabled internally on PPPoE AP if wlan is local-switching. DHCP_Required will be enabled on non-PPPoE Flex AP and Flex-Group if Central-DHCP.
In the SP-wifi deployment with Central-DHCP in use, it’s very tough for an Admin to know DNS IP Address for each branch (when there are different ISP's at each branch) on and configure in the DHCP server at central site because when Central-DHCP option is configured and Cisco AP is doing NAT/PAT. Wireless client has to get DNS IP of local ISP.
This feature [DNS Override] will make Administrator’s life easy. In the SP-wifi deployment, Cisco AP gets IP address including DNS ip address from local ISP.
Wireless Controller comes to know about AP’s DNS IP Address when AP is joining wireless Controller. If the “DNS Override” feature is enabled then Wireless Controller will override the DNS IP Address when wireless client does DHCP.
In SP-wifi deployment where ISP line is terminating at Cisco AP and then Cisco AP should do NAT/PAT for wireless client traffic. This feature is very useful when wireless gets Private IP address and there is no device between AP and ISP that can do NAT/PAT for wireless client but it’s not limited to this kind of deployment. The feature can be enabled wherever Admin wants Cisco AP to do NAT/PAT for wireless client.
Currently manual configuration is not required on Cisco AP of NAT/PAT. It’s configured implicitly on the AP when client associates if NAT/PAT is enabled or AP is PPPoE AP.
As we discussed before, Central-DHCP, DNS Override and NAT/PAT can be configured at three levels – on wlan, on AP and on Flex group. Configuration on Flex AP is highest priority then Flex-Group and then WLAN.
There are three parameters to configure on Flex AP and on Flex-Group – Enable, Disable and Delete and Two parameters on WLAN – Enable and Disable.
NOTE– Configuration on higher level should be “Deleted” to take effect of lower level configuration. Example – If Flex AP is configured with Enable and if administrator wants to enable these features [central-dhcp, dns-override or nat/pat] then Flex AP’s configuration should be “Deleted” NOT “Disabled” to take effect Flex-Group configuration.
NOTE– As discussed earlier, all three features [Central-DHCP, DNS Override and NAT/PAT] are by default enabled on PPPoE Flex AP if WLAN is local-switching and the configuration cant be disabled or deleted.
Configuration via GUI
Configuration on WLAN
Configuration on Flex AP
------ >> Click on the “Central DHCP Processing” option.
When local-switching is enabled on WLAN and AP is broadcasting the WLAN then the WLAN entry will be created on the Flex AP to configure Central-DHCP, DNS Override and NAT/PAT.
Check the box to “Enable”.
Uncheck the box to “Disable”.
Keep the cursor on blue arrow mark and click on “Remove”. No need to get confused if the entry still there even after removing the config.
NOTE – Currently there is NO option in 7.3 image to see on Flex AP that whether Central-DHCP, DNS Override and NAT/PAT configuration of Flex AP, Flex-Group or WLAN on GUI but CLI has it.
Configuration on Flex-Group
Check the box to “Enable”.
Unchecked the box to “Disable”.
Keep the cursor on blue arrow mark and click on “Remove”.
config flexconnect group sp-group central-dhcp <wlan_id> [enable | disable] override dns [enable | disable] nat-pat [enable | disable]
Commands to verify
1. Show wlan <wlan_id> 2. Show ap config general <ap_name> 3. Show flexconnect group detail <flex_group_name>
(sp-wifi-wlc)show wlan sp-wlan
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
Wi-Fi Direct policy configured................ Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Enabled
flexconnect nat-pat Flag...................... Enabled
flexconnect Dns Override Flag................. Enabled
(sp-wifi-wlc)show ap config general ap_3600
Flexconnect Central-Dhcp Values :
WLAN ID PROFILE NAME Central-Dhcp DNS Override Nat-Pat Type
------- ----------------------- -------------- ---- ----------------- --------- ------
12 spwifi True True True Flex-Group
AP TCP MSS Adjust................................ Disabled
Hotspot Venue Group.............................. Unspecified
Hotspot Venue Type............................... Unspecified
DNS server IP ............................. 126.96.36.199
---------------xxxx--------------NOTE– “Type” shows of which level config is being used. In above example Flex-Group config is being used for central-dhcp.
(sp-wifi-wlc) >show flexconnect group detail sp-group
Number of User's in Group: 0
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
12 spwifi False False False
There is no new commands since the DHCP packet comes to wireless controller all old commands can be used.
There is no debug command but we can troubleshoot using following commands
1. Show ap config general <ap_name> -------------- >> it will show the DNS ip of AP. 2. Show client detail <client_mac> -------------- >> it will show DNS ip on client and AP. 3. Show hosts ----------------- >> The command is used at Flex AP to check DNS IP on the AP. 4. Check DNS IP on the wireless client.
There is no command on wireless controller since the NAT/PAT is done at Flex AP. All most all IOS commands can be used to see or troubleshoot NAT/PAT issue on AP.
Our SP Wi-Fi Services portfolio is a comprehensive set of services representing a holistic approach to the total lifecycle of service provider Wi-Fi engagements. Starting with a proof of concept, it covers the end-to-end spectrum of planning, building, optimization, and operation services, each assured by Cisco service-level agreements (SLAs). These services are flexible and can be customized.
• Cisco SP Wi-Fi Proof of Concept Service – Demonstration of a centralized management system, with zero-touch service fulfillment for rapid deployments of meshed access points, using a cloud-based architecture hosted in a Cisco data center
• Cisco SP Wi-Fi RF Plan and Build Service – Professional services from Cisco and our Wi-Fi specialized partners – Help in planning and deploying the RF components of the Cisco SP Wi-Fi solution – Analysis of architectural readiness, with guidance on selecting and prioritizing locations for Wi-Fi – RF expertise to obtain the most from your wireless access points – Coverage and capacity planning – Post-deployment RF analysis assistance to promote deployment success
• Cisco SP Wi-Fi Core Plan and Build Service – Professional services from Cisco and our Wi-Fi specialized partners – Help planning and deploying the core components of the Cisco SP Wi-Fi solution – Analysis of architectural readiness and assistance with the SP Wi-Fi deployment design – Start-to-finish deployment assistance, including a mobile subscriber policy enforcement system – Pre-deployment validation to help ensure deployment success – Post-deployment knowledge transfers to help ensure your understanding of the solution
• Cisco SP Wi-Fi Solution Support Service (Reactive) – Expert assistance to streamline operation of the Wi-Fi architecture – Quick isolation and remediation of unplanned service disruptions – Tracking and identification of the root cause of disruptive incidents, which provides valuable information for design changes and to help you scale with mobile subscriber growth
• Cisco SP Wi-Fi Optimization Services (Proactive) – Expert analysis and recommendations for transforming your Wi-Fi architecture into a high-performing, efficient environment – Help creating a strategy for managing all the critical components of the Cisco SP Wi-Fi architecture using a suite of Cisco hosted network management applications – Availability and performance optimization expertise to validate your planned design changes – Collaboration in developing a strategy for managing software releases and changes – Continuous learning activities that help your IT staff become more self-sufficient
• Cisco SP Wi-Fi Assurance Service (Preemptive) – Extension of the measurement and analytical capabilities provided by your Cisco SP Wi-Fi architecture – Real-time monitoring of various key performance indicators (KPIs) from Cisco network operations center – Comprehensive analytics using fault, capacity, availability, and performance information to help ensure reliable operations
• Cisco SP Wi-Fi Operate Service (End-to-End Platform Management) – Monitoring of the managed devices in the your environment to help ensure access points and controllers are properly activated and provisioned – Management of incident and problem resolution – Identification of operational trends to continually improve performance