Flex-Connect In Detail

FlexConnect is a wireless solution for easy branch office and remote office deployments.

It enables customers to configure and control access points (AP) in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office.

 The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost.

.FlexConnect access points support multiple SSIDs.

When AP is changed from local to FlexConnect it will not reboot, but when it is changed from FlexConnect to local it reboots and displays the following error message, “Warning: Changing AP Mode will reboot the AP and will rejoin the controller afer a few minutes. Are you sure you want to continue?” but CLI remains the same. Changing the AP’s mode will also cause the AP to reboot.

Central authentication, local switching—In this state, the controller handles client authentication, and the FlexConnect access point switches data packets locally.

After the client authenticates successfully, the controller sends a configuration command with a new payload to instruct the FlexConnect access point to start switching data packets locally.This message is sent per client. This state is applicable only in connected mode.

Connected Mode When FlexConnect AP can reach Controller, it gets help from controller to complete client authentication.

Standalone Mode When FlexConnect AP cannot reach Controller, it goes into standalone state and does client authentication by itself.

 Local Switching Data traffic switched onto local VLANs for an SSID Central Switching Data traffic tunneled back to WLC for an SSID

Refrence:

Wireless Access Point Modes

1.Local

2.Monitor

3.FlexConnect

4.Sniffer

5.Rogue Detector

6.Bridge/Mesh

7.Flex plus Bridge

1.Local:

• This is the AP’s default mode.
• In this mode the access point has a direct tunnel (CAPWAP or LWAP) connection with the WLC over WAN.
• This mode is totally dependent on the WLC.

2.Monitor

• An AP in monitor mode doesn’t broadcast any SSID and transmit client traffic.
• Users cannot connect to this mode. This is purely for security purposes.
• This mode is commonly used when wIPS (Wireless Intrusion prevention system) are deployed in the network.

It’s a dedicated sensor that:

• Checks Intrusion Detection System (IDS) events
• Detects rogue APs
• Determines the position of wireless stations

3.FlexConnect

• This mode helps  you to configure and control access points in  remote office from the corporate office through a wide area network (WAN) link without deploying an independent controller in each remote office.
• The FlexConnect access points (APs) can switch client data traffic locally and perform client authentication locally
• Flex connect modes previously known as Hybrid Remote Edge Access point mode.
• In this mode, the AP can still function even if it loses connection with the controller.

4.Sniffer

• An AP in sniffer mode dedicates its time to receive 802.11 wireless frames.
• The AP becomes a remote wireless sniffer; you can connect to it from your PC with an application like Wildpackets Omnipeek or Wireshark.
• This can be useful if you want to troubleshoot a problem and you can’t be on-site.

5.Rogue Detector

• Rogue detector mode makes the AP detect rogue devices full-time.
• The AP checks for MAC addresses it sees in the air and on the wired network.

6.Bridge/Mesh

• The AP becomes a dedicated point-to-point or point-to-multipoint bridge. Two APs in bridge mode can connect two remote sites. Multiple APs can also form an indoor or outdoor mesh.

7.FlexConnect plus Bridge mode:

• This mode allows flex connect features across the mesh AP’s
• Flex + Bridge mode is used to enable Flex Connect capabilities on Mesh (Bridge mode) APs. Mesh APs inherit VLANs from the root AP that it is connected to it.
• This feature is enabled in Cisco IOS after 8.0