{"id":2156,"date":"2015-12-01T13:11:00","date_gmt":"2015-12-01T13:11:00","guid":{"rendered":"https:\/\/jay-miah.co.uk\/?p=2156"},"modified":"2024-11-18T13:21:46","modified_gmt":"2024-11-18T13:21:46","slug":"cisco-wireless-setting-up-flexconnect-aka-h-reap-with-local-switching-of-multiple-vlans","status":"publish","type":"post","link":"https:\/\/jay-miah.co.uk\/index.php\/cisco-wireless-setting-up-flexconnect-aka-h-reap-with-local-switching-of-multiple-vlans\/","title":{"rendered":"Cisco Wireless \u2013 Setting up FlexConnect aka \u201cH-REAP\u201d with Local Switching of Multiple VLANs"},"content":{"rendered":"

FlexConnect also known previously as H-REAP \u2013 \u201cHybrid Remote Edge Access Point\u201d is usually set-up for branch sites which are connected via a WAN link, FlexConnect access points have the ability to perform local switching and authentication, which means they can make layer 2 forwarding decisions without having to send them up to the WLC using CAPWAP. The benefits of this type of set-up\u00a0is, in the event\u00a0that\u00a0the WAN link goes down \u2013 the AP will still be able to service new clients,\u00a0maintain connections and perform local switching until the WAN link is available again.<\/p>\n

To support local switching of multiple VLANs the FlexConnect access point should be connected to trunk interface on the switch, although it can be used on a access port, plugging into an access port will only allow DHCP to issues addresses to clients from the same VLAN as the AP.<\/p>\n

In this step-by-step guide we will look at configuring \u201cFlexConnect\u201d for an access-point to locally switch multiple VLANs. We will set-up multiple VLANs and Muliple SSIDs, the AP will receive an IP address from our VLAN1 \u2013 Management VLAN and as our clients connect to the relevant SSIDs we will be able to associate them with the relevant VLANs.\u00a0e.g clients associated with SSID \u201cVLAN10\u201d will get IP address from DHCP for \u201cVLAN10\u201d.<\/p>\n

I will be using\u00a0a vWLC, a L3 switch, DHCP Server and an 2600 Series AP, Lets get started!<\/p>\n

Create DHCP Scopes for all the required VLANs\u00a0<\/strong><\/p>\n

1.<\/strong>\u00a0Create the scopes required in DHCP so that when wireless clients associate themselves with an SSID, DHCP will be able to lease out an address from the correct subnet. In this example I have used a Microsoft DHCP Server with the following:<\/p>\n

VLAN1 \u2013 Native\/Management VLAN \u2013 192.168.0.0 \/24<\/p>\n

VLAN10 \u2013 192.168.10.0 \/24<\/p>\n

VLAN20 \u2013 192.168.20.0 \/24<\/p>\n

VLAN30 \u2013 192.168.30.0 \/24<\/p>\n

VLAN40 \u2013 192.168.40.0 \/24<\/p>\n

\"DHCP\"<\/p>\n

 <\/p>\n

Configure the Switch<\/strong><\/p>\n

1.<\/strong>\u00a0Configure the trunk interface for the Access Point on the switch, if this is set as an access port the associated clients will only receive IP addresses from that access port vlan.<\/p>\n

\"Switch<\/p>\n

2.\u00a0<\/strong>Optional Step\u00a0\u2013 Configure the SVI interfaces on the switch if required, normally this would be done on the core switch at the main site for intervlan routing purposes, the interfaces would also point to a DHCP server using the IP Helper- Address.<\/p>\n

<\/p>\n

 <\/p>\n

\u00a0Configure FlexConnect on the\u00a0AP<\/strong><\/p>\n

1.<\/strong>\u00a0Login to the Wireless LAN Controller, and click\u00a0\u201cWireless\u201d \u2013 \u201cAccess-Points\u201d \u2013 \u201cAll APs\u201d \u2013 \u201cname of AP\u201d\u00a0to bring up the configuration details. From the\u00a0\u201cGeneral\u201d\u00a0Tab click the drop-down box\u00a0\u201cAP Mode\u201d\u00a0and select\u00a0\u201cFlexConnect\u201d<\/p>\n

<\/p>\n

2.<\/strong>\u00a0Give the AP a name and click on\u00a0\u201cApply\u201d<\/p>\n

\"2\"<\/p>\n

the Access-Point will reboot to complete the mode change, the WLC will display a warning, click\u00a0\u201cOK\u201d<\/p>\n

\"2.1\"<\/p>\n

3.<\/strong>\u00a0Once the AP is \u00a0back up navigate to\u00a0\u201cWireless\u201d \u2013 \u201cAccess-Points\u201d \u2013 \u201cAll APs\u201d \u2013 \u201cname of AP\u201d\u00a0and click on the newly listed\u00a0\u201cFlexConnect\u201d\u00a0tab. Tick the\u00a0\u201cVLAN Support\u201d\u00a0tickbox and hit\u00a0\u201cApply\u201d<\/p>\n

<\/p>\n

The\u00a0WLC will display a warning regarding FlexConnect changes may disrupt clients, in our case we have no clients yet so its not a problem. Click\u00a0\u201cOK\u201d<\/p>\n

\"2.6\"<\/p>\n

 <\/p>\n

Create the Logical\u00a0Interfaces<\/strong><\/p>\n

1.<\/strong>\u00a0We now need to create the logical interfaces corresponding to\u00a0each VLAN. Navigate to\u00a0\u201cController\u201d \u2013 \u201cInterfaces\u201d\u00a0\u2013 and click\u00a0\u201cNew\u201d, give the interface a name and enter the\u00a0\u201cVLAN Id\u201d\u00a0and click\u00a0\u201cApply\u201d<\/p>\n

\"3\"<\/p>\n

2.\u00a0<\/strong>Input the interface details specific to the VLAN, in this step we are configuring the interface for VLAN10 which is in the 192.168.10.0 \/24 subnet.<\/p>\n

Insert the following for the interface and click\u00a0\u201cApply\u201d:<\/p>\n

Port No \u2013\u00a01<\/p>\n

VLAN Id \u2013\u00a010<\/p>\n

IP address \u2013\u00a0192.168.10.254<\/p>\n

Netmask \u2013\u00a0255.255.255.0<\/p>\n

GW \u2013\u00a0192.168.10.1<\/p>\n

Primary DHCP Server \u2013\u00a0192.168.0.23 (Microsoft DHCP Server)<\/p>\n

<\/p>\n

3.<\/strong>\u00a0Once the Interface for the VLAN has been added, click\u00a0\u201cNew\u201d\u00a0and \u00a0repeat the above steps to continue adding the rest of the VLAN interfaces. from the below output we can see that VLAN10 is present but I have also added the interfaces for VLAN 20,30 & 40.<\/p>\n

<\/p>\n

 <\/p>\n

Create the WLANs (SSIDs)<\/strong><\/p>\n

1.<\/strong>\u00a0 Now that we have our logical interfaces setup we can create our WLANs and map the VLAN interfaces to them. Navigate to\u00a0\u201cWLANs\u201d \u2013 \u201cCreate New\u201d<\/p>\n

<\/p>\n

2.<\/strong>\u00a0Give the WLAN a\u00a0\u201cProfile Name\u201d\u00a0and an\u00a0\u201cSSID\u201d\u00a0and click\u00a0\u201cApply\u201d\u00a0this does not correspond with anything, the profile name and SSID can be anything you like. In this example to keep things uniform I have given them their VLAN names, meaning when clients connect to the SSID \u201cVLAN10\u201d they will be on \u201cVLAN10\u201d<\/p>\n


\n<\/a> \"7\"<\/p>\n

3.<\/strong>\u00a0Specify the details of the WLAN, on the\u00a0\u201cGeneral\u201d\u00a0tab tick the\u00a0\u201cStatus\u201d\u00a0box to enable the WLAN, under\u00a0\u201cRadio Policy\u201d\u00a0select the policy you want to use \u2013 In this case ill be using\u00a0\u201c802.11a only\u201d\u00a0which will allow me to broadcast on the 5GHz range. Finally select the\u00a0\u201cInterface\/Interface Group\u201d\u00a0of the logical interface created earlier.<\/p>\n

<\/p>\n

4.\u00a0<\/strong>Select the\u00a0\u201cSecurity\u201d\u00a0tab and from the dropdown box select\u00a0\u201cNone\u201d\u00a0\u2013 in this example I will not be using any authentication just to keep things simple, however in a production environment you must always use some form of authentication.<\/p>\n

<\/p>\n

5.<\/strong>\u00a0Click the\u00a0\u201cAdvanced\u201d\u00a0tab and scroll down, under\u00a0\u201cFlexConnect\u201d\u00a0tick the box \u201cFlexConnect Local Switching\u201d, this will allow the WLAN to perform local switching.<\/p>\n

<\/p>\n

The WLC will display a warning \u2013 that mDNS snooping will be disabled if we use FlexConnect, this fine as we are not using any\u00a0\u00a0discovery services. Click\u00a0\u201cOK\u201d<\/p>\n

\"11\"<\/p>\n

6.<\/strong>\u00a0Once the WLAN has been created, select\u00a0\u201cCreate New\u201d\u00a0and repeat the above steps for the remaining VLANs 20,30,40.<\/p>\n

<\/p>\n

From the output below we can see that the WLANs for VLAN 10, 20, 30 and 40 have now been added.<\/p>\n

<\/p>\n

 <\/p>\n

Assign a Native VLAN Id & Check the VLAN Mappings\u00a0<\/strong><\/p>\n

1.<\/strong>\u00a0Navigate to\u00a0\u201cWireless\u201d \u2013 \u201cAccess-Points\u201d \u2013 \u201cAll APs\u201d \u2013 \u201cname of AP\u201d\u00a0and click on the\u00a0\u201cFlexConnect\u201d\u00a0tab. Under\u00a0\u201cNative VLAN ID\u201d\u00a0insert the VLAN of your native VLAN which is routable back to the WLC, in this case the AP will be able to reach our WLC through VLAN1 as this is where we have configured our management interface, also the AP will obtain an IP address through DHCP on this VLAN. Hit\u00a0\u201cApply\u201d\u00a0and click\u00a0\u201cVLAN Mappings\u201d<\/p>\n

<\/p>\n

Verify the WLAN and VLAN Mappings are correct. Under inheritance they all should specify \u201cWlan Specific\u201d meaning the VLAN mapping policy is being inherited from our WLAN policies which we created earlier.<\/p>\n

<\/p>\n

 <\/p>\n

Client Testing<\/strong><\/p>\n

Using a client device perform the following tests:<\/p>\n

1.<\/strong>\u00a0Check to make sure the SSIDs are visible<\/p>\n

<\/p>\n

2.<\/strong>\u00a0Make sure you can connect to each of the SSIDs, in this case VLAN10,20,30, & 40.<\/p>\n

\"\"<\/p>\n

3.<\/strong>\u00a0Verify the correct IP addresses are being obtained by the client when connected to the relevant VLAN.<\/p>\n

\"\"<\/p>\n

4.<\/strong>\u00a0Ping the Default Gateway & an IP on another subnet to verify connectivity\/Intervlan routing.<\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

5.<\/strong>\u00a0Finally On the WLC, Verify the connected client is visible and that local switching is being performed by the AP. Navigate to\u00a0\u201cMonitor\u201d \u2013 \u201cClients\u201d<\/p>\n

<\/p>\n

Click on the \u201cClient MAC Addr\u201d and view the details of the client<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

FlexConnect also known previously as H-REAP \u2013 \u201cHybrid Remote Edge Access Point\u201d is usually set-up for branch sites which are connected via a WAN link,<\/p>\n","protected":false},"author":1,"featured_media":2185,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,17],"tags":[131,132,133,135,134],"class_list":["post-2156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-network","category-wireless","tag-cisco-wireless","tag-flex-connect","tag-hreap","tag-local-switching","tag-ssid"],"_links":{"self":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/2156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=2156"}],"version-history":[{"count":2,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/2156\/revisions"}],"predecessor-version":[{"id":2187,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/2156\/revisions\/2187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/media\/2185"}],"wp:attachment":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=2156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=2156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=2156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}