cisco无线WLC flexconnect配置

1 背景

使用场景
分支站点的AP注册到总部WLC，但数据流量不需要上行到总部的WLC，在AP本地就实现转发。这种模式叫做Flexconnect，或叫做 AP local switching.
当然，不仅限于分支站点，在园区内部也可以使用这种模式.
Flexconnect是思科的叫法，其他厂家叫AP本地转发

2 配置步骤

2.1 WLAN修改：勾选 flexconnect local switching

进入要启用flexconnect的wlan中

2.2 修改AP的模式

这里是针对要启用flexconnect的AP进行修改，所以需要遂一AP修改
APGeneral AP Mode Flexconnect Apply

修改完成后，点右上角的apply按钮，这时AP会重启。
重启后AP的选项就会多出1个flexconnect

2.3 AP—flexconnect

APFlexConnect checkbox “Vlan support” , native vlan xx
Native vlan is for AP register traffic
这里解释一下vlan id是啥意思，因为flexconnect模式下的AP是本地转发，流量直接从AP进行处理，所以交换机连接AP的接口需要开启trunk，使不同vlan的业务流量能够在AP上终结。
但是，AP的注册流量是没有vlan ID的，所以我们指定1个vlan用于AP的注册流量，即不打vlan tag的流量是AP注册流量，我们将其设置为vlan 57。
这里的vlan 57就是我们规划好的，用于注册的vlan。

以上是WLC上配置完成了，但交换机上也需要配置
配置哪些？
连接AP的交换机端口开启trunk , Native vlan设置为AP注册网段的vlan ID.

2.4 交换机配置

AP注册的vlan以99为例

Interface G1/0/1
Description 3F-AP-2802-1
Switchport 
Switchport trunk encap dot1q
Switchport mode trunk 
Switchport trunk native 56

3 Flexconnect科普

1 问题解答列表：
问：-那在本地部署的时候用FLEXCONNECT有什么缺点么?–或者说本地部署的时候用LOCALTRAFFIC和CENTRLIZEDTRAFFICE什么有优缺点
答：-因为centralswitching条件下WLC对客户端有完整的控制。这样centralswitching模式下支持更多的高级功能。而这些功能在localswitching下不支持。演讲的slides说明是那些功能。-
问：-在分支部署FLEXCONNECT当和中心WLC通讯中断的时候数据本地转发没问题，那认证怎么办呢
答：-可以配置localauth，认证可以在local的radiusserver或者FLEXAP自身配置为认证服务器，用于在WAN中断情况下的认证。
问：–WCS就被PI(NCS)替代了吗?-
答：-是，目前的产品系列是PI-
问：-flex会对客户端的漫游有什么影响吗?-
答：–在一个flexconnectgroup中也支持快速漫游。
问：-怎么做多个AP间使用同一个SSID啊?–
答：-多个AP使用同样的SSID名字，这是通常的设计。通过AP-group可以灵活的定义特定AP组广播那些SSID，以及怎么做SSID和VLAN的映射。-
问：-local/monitor/flexconnect一般分别在什么场景中用到(local是控制器在本地，flex是控制器在总部?–
答：–Local是通常的设计，用于WLC和LAP之间有充裕的带宽。monitormode不服务client的traffic，用于wIPS等安全需求高的情况。Flexmode用于典型的branchoffice，这样traffic终结在本地。但是又有centralWLC的全局控制和管理。
问：如果我用ise做portal认证，ap模式在localswitching模式下，当与控制器失去联系，就无法继续提供服务了吗?能否在远端部署一套ise，提供冗余认证服务?-
答：–web认证在wan中断时目前不能工作。
问：-可以配置localauth，认证可以在local的radiusserver或者FLEXAP自身配置为认证服务器，用于在WAN中断情况下的认证。。那是需要中断之后改认证配置来实现么?-
答：-不需要，预先配置好就可以。
问：–localswitch模式下用web认证，wan中断之后，能否做到切换local认证呀?-
答：–web认证在WAN中断时目前不能工作。
问：–Disable是默认可以通信，drop是不可以通信。是吧?
答：-是的。drop是不可以通信，disable可以通讯-。

4 总结：Flexconnect配置步骤

 Create wlan
 Enable flexconnect local switching
 Select the AP ap mode flexconnect apply
 此时AP会重启，重启后AP选项卡上会多出1个flexconnect项
 Select the VLAN Support check box and enter the number of the native VLAN on the remote network (such as 100) in the Native VLAN ID
 Apply
 选择AP下面的vlan mapping
 输入vlan ID， 这里的vlan是客户端获取Ip的vlan

4.1 Configuring the Wireless LAN Controller for FlexConnect (GUI)

1. Choose WLANs from Controller web interface to open the WLANs page.

2. From the drop-down list, select Create New option and click on Go to open the WLANs > New page.

3. From Type drop-down list, choose WLANS.

4. In the Profile Name text box, enter a unique profile name for the WLAN. In this example Profile Name is Flexcon.

5. In the WLAN SSID Text box, enter a name for WLAN. In our example, SSID is FlexWIFI.

6. From the WLAN ID drop-down list, choose the ID number for this WLAN. Here WLAN ID is 4.

7. Click on Apply to save your changes.

8. Once we apply the changes, Edit page appears. The controller can be configured for FlexConnect in both centrally switched and locally switched WLANs. In this example, lets configure the controller for FlexConnect in a locally switched WLAN.

9. In the General tab, select the Status check box to enable the WLAN.

10. In the Security > Layer 2 tab, select WPA+WPA2 from the Layer 2 Security drop-down list and then set the WPA+WPA2 parameters as required.

11. In the Advanced tab, select the FlexConnect Local Switching check box to enable local switching for the WLAN. Click Apply to save your changes. Click Save Configuration to save your changes.
    

12. We can verify the configuration of the FlexConnect in WLANS tab

4.2 Configuring an Access Point for FlexConnect (GUI)

1. Select Wireless to open the All APs page. And click the name of the desired access point. In our example click on AP_3500E. The All APs >
   Details page appears.

2. Select FlexConnect from the AP Mode drop-down list to enable FlexConnect for AP_3500E access point.

3. Click Apply to save your changes and the AP will reboot

4. After the reboot the AP will have Flexconnect Tab. Click on FlexConnect tab to open the All APs > Details for (FlexConnect) page. Note: If the access point belongs to a FlexConnect group, the name of the group appears in the FlexConnect Name text box.

Select the VLAN Support check box and enter the number of the native VLAN on the remote network (such as 100) in the Native VLAN ID
text box.

1. Click Apply to save the changes. The access point temporarily loses its connection to the controller while its Ethernet port is reset.
2. Click the name of the same access point and then select the FlexConnect tab.
3. Click VLAN Mappings to open the All APs > Access Point Name > VLAN Mappings page.

Enter the number of the VLAN from which the clients will get an IP address when doing local switching (VLAN 61, in this example) in the VLAN
ID text box

1. Click Apply to commit your changes.
2. Click Save Configuration to save your changes

4.3 Verifying the client connectivity
Choose MONITOR > Clients or MONITOR > Summary to verify whether the clients are getting associated to the Flexconnect AP.

5 Flexconnect基础
5.1 Flexconnect scenario
Branch Office
5.2 How to encrypt
DTLS
Control plane : udp 5246
Data plan: udp 5247 (encryption is optional)
5.3 Autonomous AP and lightweight ap advantage
Autonomous AP work independently, but if in a large scale deployment
5.4 What is UA
Unified access
By 3650 , 3850 , 5760, which switch act as controller
5.5 Centralized mode 两个终端在1个AP下面是否可以直接通信
No
5.6 Capwap是私有的吗
公有的
5.7 LAP VS CAP
Lap= cap
都是瘦AP，只是2种不同叫法
LAP: Lightweight ap
CAP: Controller base ap
5.8 Capwap modes
Split mac (centralized mode)
Local mac (flexconnect, HREAP)