Technology

Wireless is day by day going most popular and the reason is that without connecting any cable we can work easily with roaming anywhere within the office. There are many wireless solution Modes (Local, FlexConnect, Bridge, Monitor, Sniffer & Rouge Detector, Flex+ Bridge) and design but in this blog, we will know the Wireless Solution with FlexConnect Mode.

Picture1-Brijesh
Image Credits – CISCO

What is Wireless LAN?

Wireless means without wire and LAN is Local Area Network. So, for the wired connected user, how to give the solution without wire connect and they can do all their work as it is, this technology is known as Wireless LAN solution.

For this solution, we have required some components to manage the user connectivity, security, and traffic flow, Wireless LAN Controller (WLC) & Access Points (APs).

Wireless LAN Controller (WLC)

From the name, we can understand this device is used to control the Wireless LAN user’s traffic. WLC will not directly be connected with the user or APS rather WLC connects and Access point will connect with any switches. WLC and Access Points can be in the same place/Site or different. For WLC here we only understand how it will work when any Access Point connects in FlexConnect mode. Model wise many series of WLC some cisco APs 2500, 3500, 5500, 8500, 9800, etc.

Access Points & their Modes

Access Point (AP) is a hardware component, it is used to create the Wireless LAN (WLAN). This device is used to connect the user by wi-fi. AP will broadcast the SSID and respond to the probes request of the associated user with WLAN. We can set the APs modes (Local, FlexConnect, Bridge, Monitor, Sniffer & Rouge Detector, Flex+ Bridge) as per design consideration. Here we will know about FlexConnect AP mode. Some most popular cisco series of APs 1500,1800,2800,3800,4800 & 9100.

FlexConnect Mode

FlexConnect Mode is also known as H-REAP (Hybrid Remote Edge Access Point). This mode is mostly used for the different-different office or sites for wireless user data and authentication processes. This is also a very good solution for cost minimization. In this mode, we can there are an option to switched user data and authentication locally or Centrally. If we have limited (One or Two) WLC in total more than one site, with this flexConnect mode solution we can easily implement it.

Wireless Terminology and Workflow

To understand the wireless terminology and workflow we have to know all connectivity and traffic flow, CAPWAP (Control and Provisioning of Wireless Access Point) tunnel, Switching (Local/Central) & authentication (Local/Central) process. Between WLC and APs has logical CAPWAP tunneling connection, any users authentication traffic, Data traffic (In local Mode) will flow via this tunnel. WLC is responsible to redirect the user’s traffic to appropriate servers or destinations.

Operational Modes
Connected Mode:- In this mode, a CAPWAP tunnel will be established and WLC will be reachable.
Standalone Mode:- In Standalone mode CAPWAP connectivity will be not establish or failed and WLC will also not reachable.

Solution
We have two WLC solution for two different site

Two WLC At One Site (Site-B)
With this solution  (SSO functionality) we have two same models but in one site-A only and other site-B without WLC. In this scenario we will configure site-A both WLC in HA with SSO (Stateful Switch Over) AP can be either Local or FlexConnect mode. In this design, one WLC will be Active, and the other will be in standby mode.

All configurations only can be made on active WLC and it will sync automatically in Secondary WLC. Site-B all APs will be in flexConnect mode with local Switching (To prevent every time sent the data traffic to WLC for either local site user of other sites) and Central authentication (If we have Centralized Radius/TACACs Server).

Picture2-Brijesh

Failover- During the failover of Primary (Active) WLC, Secondary will act as Active within a few seconds (Depend on setting), IP address will also the same. In this scenario, very minor fluctuation happened at the time of failover. Authentication and traffic flow will be the same because no IP address of WLC change or authentication server also the same.

One WLC For Each Site
In this scenario, we can use either N+1(one WLC will be primary and the other will become backup) or N+N (Means Equal number of Primary and backup WLC) functionality. Traffic Flow for both Site-A & Site-B both location’s WLC CAPWAP tunnel will associate with respective all APs and APs will be configured with FlexConnect mode, client data traffic will locally be switched, and authentication can be centrally (Depend on Server availability local or Centrally).

Picture3-Brijesh

Failover– At the time of failover scenario, Site-A or Site-B clients will send authentication traffic to reachable WLC and WLC will redirect the traffic to their centralized reachable Radius Server. During the CAPWAP failover, APs will re-join, and clients need to reassociate and reauthenticate.

To sum up we can say that FlexConnect is the best solution if we have different sites and limited WLC. In this mode, we can switch the users’ data traffic locally to prevent unnecessary data flow and utilize the links. With these solutions, we can achieve our requirements. If we have only one site and two WLC we can go to the same solution with Two WLC at one site & configure in WLC HA SSO and APs in local mode.

Zindagi Technology is an IT consultancy company that provides Wireless, Data Centre, Campus Network, and many more services. If you have any query let us know or call us on +919773973971.

Author
Brijesh Yadav
Network Consultant Engineer