View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

WL0034 - WLC FlexConnect Fundamental (Part 1)

Rating: 
4.5
Average: 4.5 (2 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Video Download: 
Title: WL0034 - Video Download $20.00
Purchase WL0034 - Video Download $20.00
operation of Cisco FlexConnect, including traffic switching, and client authentication. We will configure and shows how FlexConnect Group can reduce configuration overhead and maintain configuration consistency. We will test FlexConnect failover to validate local EAP and backup RADIUS using various mobile devices.
 
Part 1 of the video covers configuration of FlexConnect AP, WLAN, and Group
 
Topic:
  • Central Switching and Local Switching
  • Central Authentication and Local Authentication
  • Connect Mode and Standalone Mode
  • FlexConnect Mode AP
  • FlexConnect WLAN
  • FlexConnect VLAN Template
  • FlexConnect Group
  • Local EAP
  • Backup RADIUS Server
  • WLAN to VLAN Mapping
  • Failover Testing
  • FlexConnect AP Override

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

8 comments

Thanks alot for all of your awesome videos
i really confused about the native VLAN as you put it to 1 , i have reading about this in cisco , can you please clarify if i can for example create one dhcp for APs and then swport->AP i make it as a native , and also in the same time there is a different native vlan between switch for example VLAN99

i hope my question is clear
can i make two native vlans
1- for my network in the remote site and it's between switch (VLAN99)
2- for all interfaces that have APs connected to it will have different vlan (VLAN1)
????

There can only be one native VLAN on a switchport. This is the VLAN the AP will use for its mgmt traffic and it can be any VLAN of your choice. You can either use the same native VLAN also for data traffic or have them on another tagged (not native) VLAN.

thanks a lot for your reply

sorry am still confused but will make my question clear this time
i know there can only be one native vlan per switch port
and you are talking from perpective of AP config in WLC

but my question is :

you mean there should be only one native vlan in the remote site , by that i mean the native vlan between switches should match the native vlan connected to the AP??
by means if
switch ->trunk(native VLAN=1)->switch
and also the same native vlan for
switch->trunk(native vlan=1)->FlexconnAP

my question is , should the native vlan between switches (switch->switch) match the native vlan between sw->AP

am not talking about mgmt traffic and user data traffic
i am talking about having 2 different native vlans
one native vlan between switches
another native vlan between switch and FlexAP

hope to hear from you soon

Thank you for clarification. Native VLAN is per switchport and they are independent of one another. You could have every port on the switch configured as trunk and have different native VLAN per port as long as whatever connected to that port have matching native VLAN. Hope that helps.

Thank you for in-depth coverage of Cisco WLAN features. For guest SSID you used ACL - i assume this is required only when we want to redirect the guest user to ISE and not required if user is to be authenticated by WLC from its local user database. i am interested in Guest SSID with local switching with central authentication via WLC with guest VRF at each remote sites with DHCP and DNS functionality at each site. guest uses local internet breakout. Please provide guidance if i have to configure something extra then what is covered in your video.

If you refers to the pre-auth ACL on Guest SSID then that has nothing to do with redirection to ISE. The ACL allows traffic to pass before user authenticates. If all you want is central auth with local switching then the config you see in this video should be it.

Hello Metha

I'm having a hard time to understand a concept regarding Where to place a WLC in the network... maybe you can help?... I'll be grateful.

The thing is... in no place I can find info about what happends when you place the WLC in the CORE SWITCH... this means that that we have a Layer 3 link between the core and distribution switch... so... this means we CANT reuse the VLAN we use in the WLC -> Core trunk port for wired LAN clients right??? because we would have the same subnet/VLAN in 2 places (1 in LAN and 1 In Core-WLC conection)... i'm wrong?... I think this is why we should connect the WLC in distribution layer so this way we can use the same VLAN for WLAN and Wired clients... I hope you can clarify the concept for me.

If you have a true core/distribution architecture, the WLC usually goes into the distribution (user or edge) as you do not want the core to have any VLAN.