- Overview
- Flexconnect modes of operation
- WAN requirements
- Configuration on AireOS
- Configuration on IOS-XE (9800)
Overview and requirements of Flexconnect
Flexconnect allows central management of APs for remote sites but allows for the traffic to be dropped locally at the switch rather than tunneled back to the WLC. Not all SSIDs have to be locally switched as the name indicates it is flexible and able to have central and local switched SSIDs applied to the same AP.
Flexconnect Modes of operation
Connected mode – This is the mode when the state of the AP is actively joined to the WLC with the CAPWAP control tunnel being up. This is the normal operation of the AP. Provides central authentication, profiling, and RRM.
Standalone mode – AP is unable to reach the WLC but will operate locally allowing authenticated clients to still pass traffic on the local network.
Features not available in standalone:
- Client Web Auth
- Central Switched SSIDs
- RRM
- IPv6 Mobility
- Native Profiling
- Policy Classification
- Service Discovery Gateway
- Configuration Updates
- WIPS
WAN Requirements
| Deployment Type | WAN Bandwidth (Min) | WAN RTT Latency (Max) | Max APs per Branch | Max Clients per Branch |
| Data | 64Kbps | 300 ms | 5 | 25 |
| Data | 640Kbps | 300 ms | 50 | 1,000 |
| Data | 1.44Mbps | 1 sec | 50 | 1,000 |
| Data + Voice | 128Kbps | 100 ms | 5 | 25 |
| Data + Voice | 1.44Mbps | 100 ms | 50 | 1,000 |
| Monitor | 64Kbps | 2 sec | 5 | N/A |
| Monitor | 640Kbps | 2 sec | 50 | N/A |
Configuration on AireOS
- Convert the AP to Flexconnect mode
- Go to Wireless > Access Point > <AP Name>
- On the General tab, change the AP mode to Flexconnect.
- .Enable Flexconect switching
- Go to WLANs > click the WLAN ID to edit > Advanced.
- Under the FlexConnect section, enable “FlexConnect Local Switching.”
- Configure the native VLAN On The AP
- Go to Wireless > Access Point > <AP Name> > FlexConnect
- Check the “VLAN Support” box
- Enter the VLAN ID in the “Native VLAN ID” field
- Configure a Native VLAN for a Flexconnect group
- Configuring multiple APs can be cumbersome, so creating a FlexConnect Group allows settings to be the same for a site.
- Go to Wireless > FlexConnect Groups > <Group Name> (if needed, click the new button on the right to create a new group)
- Under the WLAN VLAN Mapping tab, check the “VLAN Support.”
- Enter the “Native VLAN ID”
- Switch port config
- AP ports need to be a trunk port with the native VLAN set.
- Interface GigabitEthernet1/0/1
- Switchport trunk encapsulation dot1q
- Switchport trunk allowed VLAN <VLANs for all WLANs>
- Switchport trunk native VLAN <native VLAN number>
- Switchport mode trunk
- WLAN to VLAN mapping on the AP
- Go to Wireless > Access Point > <AP Name> > FlexConnect
- Click on the VLAN Mappings next to the Native VLAN ID.
- Change the VLANs per WLAN ID using the VLAN ID box.
- WLAN to VLAN mapping for a Flexconnect group
- Go to Wireless > FlexConnect Groups > <Group Name>
- Enter the WLAN ID and corresponding VLAN ID and then click add
Configuration on IOS-XE (9800)
- Setup Flex Profile
- Go to Configuration > Tags & Profiles > Flex
- Click the add button
- fill in the name for the profile and the native VLAN ID on the General tab.
- Apply any local auth and Umbrella settings under the appropriate tabs.
- under the VLAN tab, add the VLAN name and ID along with any ACL policies
- Under the Policy ACL tab if you have a web auth redirect you would add the ACL and check the central web auth box.
- Add the Flex Profile to a Site Tag
- Go to Configuration > Tags & Profiles > Tags > Site
- add a site tag
- fill in the name for the site tag, optional description, add the AP Join Profile
- Uncheck the “Enable Local Site” and the Flex Profile will appear
- Select the appropriate Flex Profile and apply.
- Change the Site Tag on the AP
- Go to Configuration > Wireless > Access Points > <AP Name>
- General > Tags
- change the Site Tag to the one created with the Flex Profile
