Cisco C9800 WLC FlexConnect Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome network junkies to this video on configuring flex connect with the catalyst 9800 wireless lan controller the the 9800 is vastly different from aeros configuration the the whole configuration model is just plain different altogether where we're dealing with configuring profiles and tags that get associated to access points and that's how that's going to configure different settings such as your flex connect settings or local settings depending on what type of configuration is required in your environment so what i want to do is show you my network environment where uh what what i plan on showing you will will be the flex connect configuration this here is my my 9800 it's running virtually on vmware and just to quickly show you i have one access point that is already associated and it has a default site tag policy tag and rf tag you can tell that it is registered it's it's ready to go right and even if we look at the configuration of this access point you can see that it is in local mode so our goal here is to broadcast a single ssid which i have configured as boogie bomb and that's the ssid we want to configure but we want to drop the clients locally on the switch rather than bringing them all the way back centrally out of this controller and on to where the network wherever my controller is located so you might have an environment that's distributed where your controller is located at a data center and we want to just drop the clients locally have get their ip address and get straight out to whatever network network resources they need to reach so i'll be running uh wi-fi explorer pro in the background so you can see it's not being broadcasted just yet because we need to set up some of the the tags and profiles so what i'm going to do is head over to configuration on the left side and the first thing i want to configure is my flex policy profile so i have a default flex profile here but with the tags and profile configuration you can get very granular which i like depending on how you want to configure each environment so i will click on new there at the top i'll give it a name and let's just say this is my my san jose site so i'm going to call it san jose flex profile for san jose so here we want to say what the native vlan is for that site and i'll do it as vlan 3 because if i go here to this tab i'm actually running a unified security gateway and so this shows you where my networks are right so vlan 3 is my lab infrastructure vlan so that is the ip subnet that my ap should be getting its its own ip address from and where i want to place users on with this ssid is vlan 129 which is up here so that's the subnet that it should be receiving for clients i'll go back to my controller it's native vlan id3 and what i will also do is for vlans i will add that vlan we'll just call it wi-fi for now and vlan 129 for that's a that's the vlan that will get added to the access point as it drops the clients locally on the switch it needs to tag them so those are the only two sections i will configure for now which is general and vlan so i'll apply that to the device then i'll go back up here and we'll look at the ap join profile i already have one configured but this is uh where you can configure different settings like your cap lap timers maybe management where you you enable ssh in a user account but i already have that there so i'm going to use that i will go to policy create a policy profile right now i only have a default policy so i'll create one for this site we'll call sjc policy profile so i'm using a very similar naming convention here in this section under general we want it to be locally switched so we will disable central switching i will also disable excuse me central authentication dcp and association we will then head over to access policies where i want to associate this with the boogie bomb ssid so i will say one type in vlan id 129. now that i think about it i want to go back to general and name this differently so maybe we could be more descriptive with this and i'll put in the name of the ssid as well just so we know what we're looking at when we see this policy profile i will apply to device that's all the settings i'm applying here i want to reiterate typing in the vlan there is a drop down here but it's going to you're going to be picking the name of the vlan i want to just use the vlan number so i type it in we'll apply that to the device then we'll go down to tags so here are the different tags that get associated to the access point we have a default policy tag i'm going to create a new one we'll call this sjc policy tag for my san jose site and here's where we map our ssid to a policy profile so i click add here i will select the boogie bomb wlan i already have configured and what kind of policy do i want to assign to this wlan and we'll create select that sjc boogie bomb policy and click on the check mark then we will click on apply to device from here we'll go to the site tag i have one default site tag but i'm going to create a site tag just for sjc so i'll create sjc type site tag this is for san jose we'll use the hq ap join profile that i have previously already and here is where we define flex connect mode it doesn't really say it but we want to uncheck enable local site and you'll see once i uncheck that now this flex profile option is enabled from that drop down i will select the sjc flex profile so we will apply to device now the rf tag i'm just going to keep as default and here we can statically set that site tag which is the ap that's right here the the other way to apply this the tags is if you go to configuration and then access points you'll see here is the access point i want to configure here's the ip address that it has currently and it's in local mode with all the the three tags assigned to it i will click on it scroll down and you could see here the the tags now i can change the ap mode um manually if i wanted to but what i want to do is assign the right tags to it so the sjc policy tag that i created and the sjc site tag and then we will save this update and apply and the access point will reboot and come back to join the controller now if i head over to wi-fi explorer pro you can see that the policy has been applied because now i see the ssid being broadcasted the next thing is to test if i can connect to this ssid so on my mac i will look for that ssid and we will type in the super secret password if i remember it let's see if that password works i might have typed it in incorrectly but we should see whether or not we join to it no it's just testing one two three four we'll try that again connect to my 80 mhz wide channel and we will see if i have configured the infrastructure side correctly meaning do i have the right vlans attached to the switch that i have plugged i mean the ap that i have plugged into the switch port so that way i can get the right ip address so i can see that i'm not getting an ip address i'm getting a 169 address which means i need to look at the switch port so why don't i do that and troubleshoot all right so i did mess up the port configuration on my switch it was actually set to an axis port on a specific vlan so what i did is reconfigure that port to be a trunk port on the right native vlan which is vlan 3 and then allowed vlan 129 on the trunk port so we'll wait for that to um take effect with the access point and then we will reassociate to the ssid okay so the port was um was reset where i i make sure that the port was able to bring up this ap again by just doing a reset on it but we can see now that the access point has the right ip address on the subnet that i wanted it is in flex connect mode so now why don't i try to join that ssid again go down up to my ssid and it's not there again why all right so it's not there yet because the access point is still booting up cisco access points take a while to boot up after you restart the port so why don't i review the configuration again the key parts to this was having a flex profile in the flex profile i have a native vlan for the access point where it will get its ip address and then i have a vlan that will get added to that access point which is tie which is going to be tied to the ssid that i'm broadcasting the next section is a policy profile where i have a policy for the ssid in which i disable central switching and you can disable these other three authentication dhcp association if that's what's required for that environment i then have an access policy for the ssid to that also says vlan 129 for this ssid um i do know that if this is set to 129 but then you don't have a v line in your flex policy then it'll use the vlan that's set to this policy then we have our site tags the site tag will will make it so that it is not set to local mode you have to uncheck the enable local site so with that then we can go to access points and see the configuration of the access point so it is back it is getting an ip address in the right place if we click on this blue icon here we can see what tags and a policy and policies are assigned or uh yeah assigned to this access point and then we can see here that we are broadcasting now so now let's try to connect to that ssid again select boogie bomb looks like i connected or not yet still trying to connect but now if i show you i am connected to boogie bomb and i have an ip address on 192 168 120 so it is getting the the right ip address and we are now using flex connect where i am dropped locally on the switch so there it is that's configuring flex connect on the 9800 controller something i have to get used to with the 9800 having to deal with more tags and policy profiles to create or profiles and but it allows you to be very detailed with the configuration so if you have something specific for a site for example you can make that change pretty easily but having that many tags and profiles really is going to com be a complex configuration and you can get lost in that so be sure to name things very specific so you know what you're looking at and from there do a lot of testing verify that the access point is configured with the right uh tags and policies so i hope you found something uh useful out of this video and if you did be sure to give me a like button on the video i want to thank you for watching and i'll see you on the next one
Info
Channel: Rowell Dionicio
Views: 5,318
Rating: undefined out of 5
Keywords: c9800, wlc, cisco
Id: FmUaJ0TYP_U
Channel Id: undefined
Length: 15min 2sec (902 seconds)
Published: Fri Nov 13 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.