Hi all,
I'm implementing flexconnect for a customer and I would kindly need your support, as we have a problem with internet reachability from clients. I'd like to point out that this is not a branch office but it's their only office, so from the beginning it's not a best practice to implement flexconnect, in fact at first we opted to configure the AP in local mode (the standard one) and everything work
The architecture currently consists of 2 distribution cores (9500) that are directly connected to perimeter switch which in turn is connected the Huawei cpe (of service provider) . The only routing is a default route versus CPE.
WLC 3540 (in SSO mode) are connected to 2 access switches because the customer is not yet in possession of the transceivers to connect them to the CORE (even this thing is not a best practice).
Today doing some tests and enabling the flexconnect as Cisco guide and with Central DHCP (so we don't have to create the pools on the access switches), we had problems with the traffic to the internet; first of all the ip is released correctly but, from a traceroute we saw that the packets get stuck to the CORE, which it didn't do in the local mode (in fact before it was released correctly on the internet). As for the internal traffic, even between different vlan, the flexconnect works correctly not passing through the WLC.
is it possible that the NAT-PAT option of the DHCP central does a weird NAT and my client presents itself with another ip that is then blocked by the perimeter switch with an ACL? (customer doesn't have any Firewall yet). The Flexconnect configuration is done as standard: I configured the port of the switch where the ap is connected with the native management vlan and the other vlan in allowed; I did the vlan mapping on the ap and enabled the flexconnect local switching under the WLAN.
Someone has some suggestions.
Thanks to everyone for the support
No comments:
Post a Comment