Cisco Flex 7500 Deployment Manual
Flex 7500 Wireless Branch Controller
Deployment Guide
Last Updated: August, 2016
Introduction
This document describes how to deploy a Cisco Flex 7500 wireless branch controller. The purpose of
this document is to:
• Explain various network elements of the Cisco FlexConnect solution, along with their
• Provide general deployment guidelines for designing the Cisco FlexConnect wireless branch
Note Prior to release 7.2, FlexConnect was called Hybrid REAP (HREAP). Now it is called
Prerequisites
Requirements
There are no specific requirements for this document.
communication flow.
solution.
FlexConnect.
Components Used
This document is not restricted to specific software and hardware versions.
Cisco Systems, Inc.
www.cisco.com
Product Overview
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Product Overview
Figure 1 Cisco Flex 7500
The Cisco Flex 7500 Series Cloud Controller is a highly scalable branch controller for multi-site
wireless deployments. Deployed in the private cloud, the Cisco Flex 7500 series controller extends
wireless services to distributed branch offices with centralized control that lowers total cost of
operations.
The Cisco Flex 7500 series (Figure 1) can manage wireless access points in up to 2000 branch locations
and allows IT managers to configure, manage, and troubleshoot up to 6000 access points (APs) and
64,000 clients from the data center. The Cisco Flex 7500 series controller supports secure guest access,
rogue detection for Payment Card Industry (PCI) compliance, and in-branch (locally switched) Wi-Fi
voice and video.
The following table highlights the scalability differences between the Flex 7500, 8500, WiSM2 and
WLC 5500 controller:
Scalability Flex 7500/8500 WiSM2 WLC 5500
Total Access Points 6,000 1000 500
Total Clients 64,000 15,000 7,000
Max FlexConnect
Groups
Max APs per
FlexConnect Group
Max AP Groups 6000 1000 500
Note Flex 7500 only operates in FlexConnect mode. Additional modes are supported in WiSM2, 5500,
and 8500 series controllers.
Note DTLS license is required for Office Extend AP support.
Flex 7500 Wireless Branch Controller Deployment Guide
2
2000 100 100
100 25 25
Product Specifications
Data Sheet
Refer to Cisco Flex 7500 Series Cloud Controller Data Sheet:
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/
ps11635/data_sheet_c78-650053.html
Platform Feature
Figure 2 Flex 7500 Rear View
Product Specifications
Network Interface Ports
Interface Ports Usage
Fast Ethernet Integrated Management Module (IMM)
Port 1: 1G WLC Service Port
Port 2: 1G WLC Redundant Port (RP)
Port 1: 10G WLC Management Interface
Port 2: 10G WLC Backup Management Interface Port (Port
Note • LAG support for 2x10G interfaces allows active-active link operation with fast failover link
redundancy. An additional active 10G link with LAG does not change the controller wireless
throughput.
• 2x10G interfaces.
• 2x10G interfaces support optic cable with SFP product # SFP-10G-SR and SFP-10G-LR.
• Switch side SFP or X2 product should be of the same type SR or LR.
Failure)
Flex 7500 Wireless Branch Controller Deployment Guide
3
Flex 7500 Boot Up
System MAC Addresses
Port 1: 10G (Management Interface) System/Base MAC address
Port 2: 10G (Backup Management
Interface)
Port 1: 1G (Service Port) Base MAC address+1
Port 2: 1G (Redundant Port) Base MAC address+3
Serial Console Redirect
The WLC 7500 enables console redirect by default at the baud rate of 9600, simulating Vt100 terminal
with no flow control.
Inventory Information
The following is the WLC 7500 Console:
Base MAC address+5
(Cisco Controller) >show inventory
Burned-in MAC Address............................ E4:1F:13:65:DB:6C
Maximum number of APs supported.................. 2000
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT7510-K9, VID: V01, SN: KQZZXWL
The Desktop Management Interface (DMI) table contains server hardware and BIOS information. The
WLC 7500 displays BIOS version, PID/VID and Serial Number as part of inventory.
Note Flex 7500 is currently shipped with VID=V02.
Flex 7500 Boot Up
Cisco boot loader options for software maintenance are identical to Cisco's existing controller platforms.
Flex 7500 Wireless Branch Controller Deployment Guide
4
Figure 3 Boot-Up Order
Flex 7500 Boot Up
Flex 7500 Wireless Branch Controller Deployment Guide
5
Flex 7500 Boot Up
Figure 4 WLC Configuration Wizard
Note The Flex 7500 boot up sequence is equivalent and consistent with existing controller platforms.
Initial boot up requires WLC configuration using the Wizard.
Flex 7500 Wireless Branch Controller Deployment Guide
6
Flex 7500 Licensing
AP Base Count Licensing
AP Base Count SKUs
300
500
1000
2000
3000
6000
AP Upgrade Licensing
Flex 7500 Licensing
AP Upgrade SKUs
100
250
500
1000
Except for the base and upgrade counts, the entire licensing procedure that covers ordering, installation,
and viewing is similar to Cisco's existing WLC 5508.
Refer to the WLC 7.3 configuration guide, which covers the entire licensing procedure.
Software Release Support
The Flex 7500 supports WLC code version 7.0.116.x and later only.
Supported Access Points
Access Points 3600, 3500, 2600, 1600, 1550, 1260, 1240, 1140, 1130,1040, 700, and 600 series, Cisco
891 Series Integrated Services Router and Cisco 881 Series Integrated Services Router.
.
Flex 7500 Wireless Branch Controller Deployment Guide
7
FlexConnect Architecture
FlexConnect Architecture
Figure 5 Typical Wireless Branch Topology
FlexConnect is a wireless solution for branch office and remote office deployments.
The FlexConnect solution enables the customer to:
• Centralize control and manage traffic of APs from the Data Center.
–
Control traffic is marked by red dashes in Figure 5.
• Distribute the client data traffic at each Branch Office.
–
Data traffic is marked by blue, green, and purple dashes in Figure 5.
–
Each traffic flow is going to its final destination in the most efficient manner.
Advantages of Centralizing Access Point Control Traffic
• Single pane of monitoring and troubleshooting.
• Ease of management.
• Secured and seamless mobile access to Data Center resources.
• Reduction in branch footprint.
• Increase in operational savings.
Flex 7500 Wireless Branch Controller Deployment Guide
8
Advantages of Distributing Client Data Traffic
• No operational downtime (survivability) against complete WAN link failures or controller
unavailability.
• Mobility resiliency within branch during WAN link failures.
• Increase in branch scalability. Supports branch size that can scale up to 100 APs and 250,000 square
feet (5000 sq. feet per AP).
The Cisco FlexConnect solution also supports Central Client Data Traffic, but it is limited to Guest data
traffic only. This next table describes the restrictions on WLAN L2 security types only for non-guest
clients whose data traffic is also switched centrally at the Data Center.
Table 1 L2 Security Support for Centrally Switched Non-Guest Users
WLAN L2 Security Type Result
None N/A Allowed
WPA + WPA2 802.1x Allowed
CCKM Allowed
802.1x + CCKM Allowed
PSK Allowed
802.1x WEP Allowed
Static WEP WEP Allowed
WEP + 802.1x WEP Allowed
CKIP - Allowed
FlexConnect Architecture
Note These authentication restrictions do not apply to clients whose data traffic is distributed at the
branch.
Table 2 L3 Security Support for Centrally and Locally Switched Users
WLAN L3 Security Type Result
Web Authentication Internal Allowed
External Allowed
Customized Allowed
Web Pass-Through Internal Allowed
External Allowed
Customized Allowed
Conditional Web
External Allowed
Redirect
Splash Page Web
External Allowed
Redirect
Flex 7500 Wireless Branch Controller Deployment Guide
9
FlexConnect Architecture
For more information on Flexconnect external webauth deployment, please refer to Flexconnect External
WebAuth Deployment Guide
For more information on HREAP/FlexConnect AP states and data traffic switching options, refer to
Configuring FlexConnect.
FlexConnect Modes of Operation
FlexConnect Mode Description
Connected A FlexConnect is said to be in Connected Mode
Standalone Standalone mode is specified as the operational
when its CAPWAP control plane back to the
controller is up and operational, meaning the
WAN link is not down.
state the FlexConnect enters when it no longer has
the connectivity back to the controller.
FlexConnect APs in Standalone mode will
continue to function with last known
configuration, even in the event of power failure
and WLC or WAN failure.
For more information on FlexConnect Theory of Operations, refer to the H-Reap/FlexConnect Design
and Deployment Guide.
WAN Requirements
FlexConnect APs are deployed at the Branch site and managed from the Data Center over a WAN link.
The maximum transmission unit (MTU) must be at least 500 bytes.
Deployment
Ty pe
Data 64 Kbps 300 ms 5 25
Data 640 Kbps 300 ms 50 1000
Data 1.44Mbps 1 sec 50 1000
Data + Voice 128 Kbps 100 ms 5 25
Data + Voice 1.44Mbps 100 ms 50 1000
Monitor 64 Kbps 2 sec 5 N/A
Monitor 640 Kbps 2 sec 50 N/A
WAN
Bandwidth
(Min)
WAN RTT
Latency
(Max)
Max APs per
Branch
Max Clients
per Branch
Flex 7500 Wireless Branch Controller Deployment Guide
10
Wireless Branch Network Design
Note It is highly recommended that the minimum bandwidth restriction remains 12.8 Kbps per AP
with the round trip latency no greater than 300 ms for data deployments and 100 ms for data +
voice deployments.
For large deployments with scale for max APs per branch = 100 and max clients per branch = 2000.
Key Features
Adaptive wIPS, Context Aware (RFIDs), Rogue Detection, Clients with central 802.1X auth and
CleanAir.
Test Results
For 100 APs, 2000 Clients, 1000 RFIDs, 500 Rogue APs, and 2500 Rogue Clients (Features above
turned on):
Recommended BW = 1.54 Mbps
Recommended RTT latency = 400 ms
Test Results
For 100 APs, 2000 Clients, no rogue, and no RFIDs. (Features above turned off).
Recommended BW = 1.024 Mbps
Recommended Latency = 300 ms
Wireless Branch Network Design
The rest of this document highlights the guidelines and describes the best practices for implementing
secured distributed branch networks. FlexConnect architecture is recommended for wireless branch
networks that meet these design requirements.
Primary Design Requirements
• Branch size that can scale up to 100 APs and 250,000 square feet (5000 sq. feet per AP)
• Central management and troubleshooting
• No operational downtime
• Client-based traffic segmentation
• Seamless and secured wireless connectivity to corporate resources
• PCI compliant
• Support for guests
Flex 7500 Wireless Branch Controller Deployment Guide
11
Features Addressing Branch Network Design
Figure 6 Wireless Branch Network Design
Overview
Branch customers find it increasingly difficult and expensive to deliver full-featured scalable and secure
network services across geographic locations. In order to support customers, Cisco is addressing these
challenges by introducing the Flex 7500.
The Flex 7500 solution virtualizes the complex security, management, configuration, and
troubleshooting operations within the data center and then transparently extends those services to each
branch. Deployments using Flex 7500 are easier for IT to set up, manage and, most importantly, scale.
Advantages
• Increase scalability with 6000 AP support.
• Increased resiliency using FlexConnect Fault Tolerance.
• Increase segmentation of traffic using FlexConnect (Central and Local Switching).
• Ease of management by replicating store designs using AP groups and FlexConnect groups.
Features Addressing Branch Network Design
The rest of the sections in the guide captures feature usage and recommendations to realize the network
design shown in Figure 6.
Flex 7500 Wireless Branch Controller Deployment Guide
12
Ta b l e 3 F e a t u r e s
Primary Features Highlights
AP Groups Provides operational/management
ease when handling multiple branch
sites. Also, gives the flexibility of
replicating configurations for similar
branch sites.
FlexConnect Groups FlexConnect Groups provide the
functionality of Local Backup
Radius, CCKM/OKC fast roaming,
and Local Authentication.
Fault Tolerance Improves the wireless branch
resiliency and provides no
operational downtime.
ELM (Enhanced
Local Mode for
Adaptive wIPS)
Client Limit per
WLAN
AP Pre-image
Download
Auto-convert APs in
FlexConnect
Guest Access Continue existing Cisco’s Guest
Provide Adaptive wIPS functionality
when serving clients without any
impact to client performance.
Limiting total guest clients on branch
network.
Reduces downtime when upgrading
your branch.
Functionality to automatically
convert APs in FlexConnect for your
branch.
Access Architecture with
FlexConnect.
Features Addressing Branch Network Design
Note Flexconnect APs implemented with WIPS mode can increase bandwidth utilization significantly
based on the activity being detected by the APs. If the rules have forensics enabled, the link
utilization can go up by almost 100 Kbps on an average.
Flex 7500 Wireless Branch Controller Deployment Guide
13
IPv6 Support Matrix
IPv6 Support Matrix
Features Centrally Switched Locally Switched
IPv6 (Client
Mobility)
IPv6 RA guard Supported Supported Supported Supported
IPv6 DHCP
guard
IPv6 Source
guard
RA throttling/
Rate limit
IPv6 ACL Supported Not Supported Not Supported Not Supported
IPv6 Client
Visibility
IPv6 Neighbor
discovery
caching
IPv6 Bridging Supported Not Supported Supported Supported
5500/
WiSM-2/8500
Supported Not Supported Not Supported Not Supported
Supported Not Supported Not Supported Not Supported
Supported Not Supported Not Supported Not Supported
Supported Not Supported Not Supported Not Supported
Supported Not Supported Not Supported Not Supported
Supported Not Supported Not Supported Not Supported
Flex 7500 5500 /
WiSM-2/8500
Flex 7500
Feature Matrix
Refer to FlexConnect Feature Matrix for a feature matrix for the FlexConnect feature.
AP Groups
After creating WLANs on the controller, you can selectively publish them (using access point groups)
to different access points in order to better manage your wireless network. In a typical deployment, all
users on a WLAN are mapped to a single interface on the controller. Therefore, all users associated with
that WLAN are on the same subnet or VLAN. However, you can choose to distribute the load among
several interfaces or to a group of users based on specific criteria such as individual departments (such
as Marketing, Engineering or Operations) by creating access point groups. Additionally, these access
point groups can be configured in separate VLANs to simplify network administration.
This document uses AP groups to simplify network administration when managing multiple stores
across geographic locations. For operational ease, the document creates one AP-group per store to
satisfy these requirements:
• Centrally Switched SSID Data center across all stores for Local Store Manager administrative
access.
• Locally Switched SSID Store with different WPA2-PSK keys across all stores for hand-held
scanners.
Flex 7500 Wireless Branch Controller Deployment Guide
14
Figure 7 Wireless Network Design Reference Using AP Groups
AP Groups
Configurations from WLC
Complete the following steps:
Step 1 On the WLANs > New page, enter Store1 in the Profile Name field, enter store in the SSID field, and
choose 17 from the ID drop-down list.
Note WLAN IDs 1-16 are part of the default group and cannot be deleted. In order to satisfy our
Step 2 Under WLAN > Security, choose PSK from the Auth Key Mgmt drop-down list, choose ASCII from
the PSK Format drop-down list, and click Apply.
requirement of using same SSID store per store with a different WPA2-PSK, you need to use
WLAN ID 17 and beyond because these are not part of the default group and can be limited to
each store.
Flex 7500 Wireless Branch Controller Deployment Guide
15
AP Groups
Step 3 Click WLAN > General, verify the Security Policies change, and check the Status box to enable the
WLAN.
Step 4 Repeat steps 1, 2 and 3 for new WLAN profile Store2, with SSID as store and ID as 18.
Flex 7500 Wireless Branch Controller Deployment Guide
16
AP Groups
Step 5 Create and enable the WLAN profile with Profile Name DataCenter, SSID DataCenter and ID 1.
Note On creation, WLAN IDs from 1-16 are automatically part of the default-ap-group.
Step 6 Under WLAN, verify the status of WLAN IDs 1, 17 and 18.
Step 7 Click WLAN > Advanced > AP group > Add Group.
Step 8 Add AP Group Name as Store1, same as WLAN profile Store1, and Description as the Location of the
Store. In this example, California is used as the location of the store.
Step 9 Click Add when done.
Step 10 Click Add Group and create the AP Group Name as Store2 and the description as New York.
Step 11 Click Add.
Flex 7500 Wireless Branch Controller Deployment Guide
17
AP Groups
Step 12 Verify the group creation by navigating to WLAN > Advanced > AP Groups.
Step 13 Click AP Group Name Store1 to add or edit the WLAN.
Step 14 Click Add New to select the WLAN.
Step 15 Under WLAN, from the WLAN SSID drop-down, choose WLAN ID 17 store(17).
Step 16 Click Add after WLAN ID 17 is selected.
Step 17 Repeat steps (14 -16) for WLAN ID 1 DataCenter(1). This step is optional and needed only if you want
to allow Remote Resource access.
Step 18 Go back to the WLAN > Advanced > AP Groups screen.
Step 19 Click AP Group Name Store2 to add or edit WLAN.
Step 20 Click Add New to select the WLAN.
Step 21 Under WLAN, from WLAN SSID drop-down, choose WLAN ID 18 store(18).
Step 22 Click Add after WLAN ID 18 is selected.
Step 23 Repeat steps 14 -16 for WLAN ID 1 DataCenter(1).
Flex 7500 Wireless Branch Controller Deployment Guide
18
AP Groups
Note Adding multiple WLAN profiles with the same SSID under a single AP group is not permitted.
Summary
Note Adding APs to the AP group is not captured in this document, but it is needed for clients to
access network services.
• AP groups simplify network administration.
• Troubleshooting ease with per branch granularity
• Increased flexibility
Flex 7500 Wireless Branch Controller Deployment Guide
19
FlexConnect Groups
FlexConnect Groups
Figure 8 Central Dot1X Authentication (Flex 7500 Acting as Authenticator)
In most typical branch deployments, it is easy to foresee that client 802.1X authentication takes place
centrally at the Data Center as shown in Figure 8. Because the above scenario is perfectly valid, it raises
these concerns:
• How can wireless clients perform 802.1X authentication and access Data Center services if Flex
7500 fails?
• How can wireless clients perform 802.1X authentication if WAN link between Branch and Data
Center fails?
• Is there any impact on branch mobility during WAN failures?
• Does the FlexConnect Solution provide no operational branch downtime?
FlexConnect Group is primarily designed and should be created to address these challenges. In addition,
it eases organizing each branch site, because all the FlexConnect access points of each branch site are
part of a single FlexConnect Group.
Note FlexConnect Groups are not analogous to AP Groups.
Primary Objectives of FlexConnect Groups
Backup RADIUS Server Failover
You can configure the controller to allow a FlexConnect access point in standalone mode to perform full
802.1X authentication to a backup RADIUS server. In order to increase the resiliency of the branch,
administrators can configure a primary backup RADIUS server or both a primary and secondary backup
RADIUS server. These servers are used only when the FlexConnect access point is not connected to the
controller.
Note Backup RADIUS accounting is not supported.
Flex 7500 Wireless Branch Controller Deployment Guide
20
Local Authentication
Before the 7.0.98.0 code release, local authentication was supported only when FlexConnect is in
Standalone Mode to ensure client connectivity is not affected during WAN link failure. With the
7.0.116.0 release, this feature is now supported even when FlexConnect access points are in Connected
Mode.
Figure 9 Central Dot1X Authentication (FlexConnect APs Acting as Authenticator)
FlexConnect Groups
As shown in Figure 9, branch clients can continue to perform 802.1X authentication when the
FlexConnect Branch APs lose connectivity with Flex 7500. As long as the RADIUS/ACS server is
reachable from the Branch site, wireless clients will continue to authenticate and access wireless
services. In other words, if the RADIUS/ACS is located inside the Branch, then clients will authenticate
and access wireless services even during a WAN outage.
Note With Local Authentication turned on, the AP will always authenticate the clients locally, even
when it is in connected mode. When Local Authentication is disabled, the controller will
authenticate clients to the Central RADIUS server when the FlexConnect AP is in connected
mode. When the AP is in Standalone mode, the AP will authenticate clients to the Local
RADIUS / Local EAP on AP configured on the FlexConnect Group.
Note This feature can be used in conjunction with the FlexConnect backup RADIUS server feature.
If a FlexConnect Group is configured with both backup RADIUS server and local authentication,
the FlexConnect access point always attempts to authenticate clients using the primary backup
RADIUS server first, followed by the secondary backup RADIUS server (if the primary is not
reachable), and finally the Local EAP Server on FlexConnect access point itself (if the primary
and secondary are not reachable).
Flex 7500 Wireless Branch Controller Deployment Guide
21
FlexConnect Groups
Local EAP (Local Authentication Continuation)
Figure 10 Dot1X Authentication (FlexConnect APs Acting as Local-EAP Server)
•
You can configure the controller to allow a FlexConnect AP in standalone or connected mode to
perform LEAP or EAP-FAST authentication for up to 100 statically configured users. The controller
sends the static list of user names and passwords to each FlexConnect access point of that particular
FlexConnect Group when it joins the controller. Each access point in the group authenticates only
its own associated clients.
• This feature is ideal for customers who are migrating from an autonomous access point network to
a lightweight FlexConnect access point network and are not interested in maintaining a large user
database, or adding another hardware device to replace the RADIUS server functionality available
in the autonomous access point.
• As shown in Figure 10, if the RADIUS/ACS server inside the Data Center is not reachable, then
FlexConnect APs automatically acts as a Local-EAP Server to perform Dot1X authentication for
wireless branch clients.
CCKM/OKC Fast Roaming
• FlexConnect Groups are required for CCKM/OKC fast roaming to work with FlexConnect access
points. Fast roaming is achieved by caching a derivative of the master key from a full EAP
authentication so that a simple and secure key exchange can occur when a wireless client roams to
a different access point. This feature prevents the need to perform a full RADIUS EAP
authentication as the client roams from one access point to another. The FlexConnect access points
need to obtain the CCKM/OKC cache information for all the clients that might associate so they can
process it quickly instead of sending it back to the controller. If, for example, you have a controller
with 300 access points and 100 clients that might associate, sending the CCKM/OKC cache for all
100 clients is not practical. If you create a FlexConnect Group comprising a limited number of
access points (for example, you create a group for four access points in a remote office), the clients
roam only among those four access points, and the CCKM/OKC cache is distributed among those
four access points only when the clients associate to one of them.
• This feature along with Backup Radius and Local Authentication (Local-EAP) ensures no
operational downtime for your branch sites.
Note CCKM/OKC fast roaming among FlexConnect and non-FlexConnect access points is not
Flex 7500 Wireless Branch Controller Deployment Guide
22
supported.
Figure 11 Wireless Network Design Reference Using FlexConnect Groups
FlexConnect Groups
FlexConnect Group Configuration from WLC
Complete the steps in this section in order to configure FlexConnect groups to support Local
Authentication using LEAP, when FlexConnect is either in Connected or Standalone mode. The
configuration sample in Figure 11 illustrates the objective differences and 1:1 mapping between the AP
Group and FlexConnect group.
Step 1 Click New under Wireless > FlexConnect Groups.
Step 2 Assign Group Name Store 1, similar to the sample configuration as shown in Figure 11.
Step 3 Click Apply when the Group Name is set.
Flex 7500 Wireless Branch Controller Deployment Guide
23
FlexConnect Groups
Step 4 Click the Group Name Store 1 that you just created for further configuration.
Step 5 Click Add AP.
Flex 7500 Wireless Branch Controller Deployment Guide
24
FlexConnect Groups
Step 6 Check the Enable AP Local Authentication box in order to enable Local Authentication when the AP
is in Standalone Mode.
Note Step 20 shows how to enable Local Authentication for Connected Mode AP.
Step 7 Check the Select APs from current controller box in order to enable the AP Name drop-down menu.
Step 8 Choose the AP from the drop-down that needs to be part of this FlexConnect Group.
Step 9 Click Add after the AP is chosen from the drop-down.
Step 10 Repeat steps 7 and 8 to add all the APs to this FlexConnect group that are also part of AP-Group Store
1. See Figure 11 to understand the 1:1 mapping between the AP-Group and FlexConnect group.
If you have created an AP-Group per Store (Figure 7), then ideally all the APs of that AP-Group should
be part of this FlexConnect Group (Figure 11. Maintaining 1:1 ratio between the AP-Group and
FlexConnect group simplifies network management.
Flex 7500 Wireless Branch Controller Deployment Guide
25
FlexConnect Groups
Step 11 Click Local Authentication > Protocols and check the Enable LEAP Authentication box.
Step 12 Click Apply after the check box is set.
Note If you have a backup controller, make sure the FlexConnect groups are identical and AP MAC
address entries are included per FlexConnect group.
Flex 7500 Wireless Branch Controller Deployment Guide
26
FlexConnect Groups
Step 13 Under Local Authentication, click Local Users.
Step 14 Set the UserName, Password and Confirm Password fields, then click Add in order to create user entry
in the Local EAP server residing on the AP.
Step 15 Repeat step 13 until your local user name list is exhausted. You cannot configure or add more than 100
users.
Step 16 Click Apply after step 14 is completed and the No of Users count is verified.
Step 17 From the top pane, click WLANs.
Step 18 Click WLAN ID 17. This was created during the AP Group creation. See Figure 7.
Step 19 Under WLAN > Edit for WLAN ID 17, click Advanced.
Step 20 Check the FlexConnect Local Auth box in order to enable Local Authentication in Connected Mode.
Note Local Authentication is supported only for FlexConnect with Local Switching.
Note Always make sure to create the FlexConnect Group before enabling Local Authentication under
WLAN.
Flex 7500 Wireless Branch Controller Deployment Guide
27
FlexConnect Groups
NCS and Cisco Prime also provides the FlexConnect Local Auth check box in order to enable Local
Authentication in Connected Mode as shown here:
Flex 7500 Wireless Branch Controller Deployment Guide
28
FlexConnect Groups
NCS and Cisco Prime also provides facility to filter and monitor FlexConnect Locally Authenticated
clients as shown here:
Flex 7500 Wireless Branch Controller Deployment Guide
29
FlexConnect Groups
Flex 7500 Wireless Branch Controller Deployment Guide
30
Loading...