11-13-2018 01:59 PM - edited 07-05-2021 09:26 AM
Hey guys,
I got dot1x wireless deployment of Cisco WLC 5500 and ISE. Currently we have centrally switched WLAN with 2 VLANs Data and Remediation and all work fine. we need to make the Data VLAN local breakout while keeping the Remediation VLAN centrally switched.Based on the "FlexConnect VLAN Based Central Switching" that should work fine. But what happening is below
If both Data and Remediation are locally switched ( both VLAN are presented on the AP) then all good also if both are centrally switched ( flexconnect local switching not active on the WLAN ) but when I try to do the remediation centrally (VLAN not presented on the AP) and Data locally ( VLAN presented on the AP) then the AP is ignoring the VLAN tag coming from Cisco ISE for the remediation and put the client direct into Data ( default) VLAN locally . it behaves like before the "VLAN Based Central Switching" feature has been introduced!!!
I had version 8.3 then upgraded to latest version 8.5 but still no joy
thought please!! is it a bug somewhere or am I missing something ?
Thanks,
Sam
Solved! Go to Solution.
11-21-2018 08:21 PM
It has been solved by sending VLAN ID# from ISE not the VLAN-name despite the VLAN is defined in "FlexConnect VLAN Template" while it is fine to send the VLAN name for the VLAN's that are presented on the AP
Do not know what is the sense of this special case in FlexConnect VLAN Based Central Switching
Cheers,
Sam
11-13-2018 05:04 PM
11-13-2018 05:11 PM
11-13-2018 05:14 PM
11-13-2018 05:57 PM
11-13-2018 08:04 PM - edited 11-13-2018 08:05 PM
Here is the traffic flow when that feature enabled on FlexConnect local switching WLAN. In your scenario, I hope that remediation vlan is trunk to WLC (In that case, behavior should similar to step 1). As far as I understand, you see behavior described in step 2. Pls clarify if I understood it wrongly.
Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in connected mode are as follows:
Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in standalone mode are as follows:
HTH
Rasika
*** Pls rate all useful responses ***
11-15-2018 04:02 PM - edited 11-15-2018 04:16 PM
Hi Rasika,
It has to behave like described in step 1 as the VLAN is presented on the WLC but not on the AP and this feature is enabled. But what is happening that it is being switched locally using the default VLAN (data) presented on the AP. So it is something similar to step 2 but locally not Centrally so it behaves like the feature is not enabled.
To make sure that there is no issue with the VLAN/interface (Remediation) on the WLC, I have changed the WLAN to central switching then both VLANs ( Remediation and Data) work fine centrally.
Also to make sure that ISE is returning the VLAN attribute when it is local breakout (so it is not something like in step 4) I tried to make both VLANs local breakout (both presented on the AP and available locally in the remote site ) then both VLANs worked fine local breakout (as described in step 3 above)
But when the WLAN is local breakout and the Remediation VLAN is not presented on the AP, it is ignoring this feature and breakout locally to the default VLAN presented on the AP
thought!
Thanks,
Sam
11-21-2018 08:21 PM
It has been solved by sending VLAN ID# from ISE not the VLAN-name despite the VLAN is defined in "FlexConnect VLAN Template" while it is fine to send the VLAN name for the VLAN's that are presented on the AP
Do not know what is the sense of this special case in FlexConnect VLAN Based Central Switching
Cheers,
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide