Not sure if it applies to flex connect. There is an option called fast
ssid, or something like it. I believe it's a global change (and may require
a reboot of the controller). It's supposed to disable that "caching"
behavior. Been a few years since I had to play with that particular option.
On Oct 22, 2014 5:25 PM, "Watters, John" <[email protected]> wrote:
>
>
> We are a Cisco shop using WiSM2 controllers (7.6.130.0) and a variety of
> AP models from 1131s up to 2702s. We are very interested in using
> FlexConnect to drop our users into an appropriate VLAN in the building that
> they are in. This solves several problems for us including huge IP subnets
> for wireless users and allowing wireless users easy access assets on their
> local building subnet (e.g., AppleTV, ChromeCast, printers) - basically
> making a building look like home to them.
>
>
>
> All of our users use a WPA2 Enterprise SSID. And, we can easily make
> Radius (FreeRadius right now) return an appropriate VLAN upon
> authentication based on their status (faculty/staff, student, or special
> case) and their location (the AP name contains a building abbreviation as
> its first part that is easily parsed). We are not worried about roaming.
> Our students are used to re-associating and re-authenticating when they
> roam around town or through various apartment complexes. We have had
> roaming disabled for about 6 months now without a single complaint. We do
> not have any WiFi phones now nor does our campus design really consider
> this right now (a shortcoming for our next big project, I'm sure). We would
> like for normal faculty/staff and student traffic to be dropped in the
> appropriate VLAN (i.e., locally switched) while special cases which return
> a VLAN from radius that is not local to their building need to be centrally
> switched. Initial testing has had mixed results. Switching a machine from
> one UserID to another (and thus getting differing VLANs) seems to confuse
> the controllers. They seem to think the MAC, and thus the user, has already
> been authenticated and the controller wants to keep the same IP address/net
> mask/gateway/VLAN as was originally assigned. This makes things easy &
> quicker for the controller but leaves the user in a state where his device
> is inoperable. This doesn’t bother me too much. But, the same thing happens
> when a user moves to an adjacent building (if the APs are on the same
> controller) where the originally assigned address info is not appropriate
> any longer and the controller really needs to re-authenticate the user to
> get new address info.
>
>
>
> we have looked extensively for documentation on FlexConnect in a campus
> environment rather than the intended remote office environment but without
> any luck so far. Our local Cisco tech has been very helpful, but we still
> haven't gotten past all the hurdles.
>
>
>
> Current environment size is slightly over 200 buildings with just under
> 5,000 APs and just over 33,000 concurrent users at peak times.
>
>
>
> Is anyone out there using FlexConnect in a similar manner? Do you have any
> decent documentation that you can point me to? Or, do you have any advice
> to offer ("don't even try to do this" *is* an acceptable response)?
>
>
>
>
>
>
>
> Thanks.
>
>
>
>
>
>
>
>
>
> -jcw
> [image: UA Logo]
>
>
>
>
> John Watters The University of Alabama
>
> Office of Information
> Technology
>
> 205-348-3992
>
>
> ********** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
