FlexConnect – The artist formerly known as H-REAP…
I am familiar with office extend AP technology, but I have not yet experienced FlexConnect in practicality. I recently ran into an environment that had FlexConnect AP’s and I was encouraged to learn a bit more about the mechanics of FlexConnect.
Lightweight access points in local mode are managed centrally via the wireless LAN controller – A FlexConnect AP is also managed centrally by the WLC, but has the benefit of working somewhat autonomously.
There are several benefits to using FlexConnect AP’s and it is an ideal solution for remote sites, especially over a WAN link.
A huge advantage of FlexConnect is the configurable survivability of the remote sites, should the central location experience an outage. Local resources are still accessible for FlexConnect AP clients when the WAN link is severed or hardware upstream fails.
Another warm and fuzzy feeling when deploying FlexConnect is that remote FlexConnect AP’s will help to reduce traffic on the WAN link – Nice when latency is a challenge. Unlike an AP deployed in local mode (traffic is forwarded to the WLC), the FlexConnect AP will drop local traffic at the local switched infrastructure/AP and branch local traffic will not need to traverse the WAN.
Be aware of the limitations of FlexConnect before you consider deploying AP’s in this mode – A notable prerequisite is the 300 ms latency round trip and that CAPWAP traffic is prioritized between AP and WLC.
It is recommended that you use a FlexConnect group when deploying FlexConnect AP’s. Some features will not work if FlexConnect AP’s are not in a FlexConnect group, such as CCKM and local authentication.
To get started with FlexConnect you must first change the associated AP from local mode to FlexConnect mode. FlexConnect AP’s operate in connected mode or standalone mode. If a remote AP is able to reach the controller, it is in connected mode and if it is not able to reach the controller, it is in standalone mode.
The WLANs will need to be made capable for FlexConnect. The basic setup includes allowing local switching, in addition to deciding whether or not to use local EAP authentication. Selecting local authentication will tell the clients to immediately authenticate locally to the FlexConnect AP without involving the WLC or RADIUS.
In connected mode the WLC and the centrally located AS are able to assist with authentication. A local radius server can be defined for backup in the FlexConnect group. Alternatively, a standalone mode FlexConnect AP will only be able to use local authentication.
To configure local EAP authentication, local users need to be defined and stored on on the FlexConnect AP. The local authentication users can be entered manually or uploaded with a .csv file.
Optionally, VLAN templates can be created for mapping VLAN ID’s to VLAN names. Even if you choose not to use templates, every FlexConnect WLAN will need to map to a local VLAN for local switching and every FlexConnect WLAN without a locally assigned VLAN will be centrally switched.
Lastly, the switchport will need to be configured to support a FlexConnect AP. The switchport will need to be configured with a dot1Q trunk and a native VLAN defined – It is good practice to limit the VLANs allowed on the trunk to only those that are used on the FlexConnect AP and to enable portfast trunk.
I hope this overview has been beneficial. I am excited to lab this AP mode and learn about the many options available when deploying FlexConnect AP’s.