Here is the info Jeffry: The number of FlexConnect groups and access point support depends on the platform that you are using. You can configure the following:
Up to 100 FlexConnect groups and 25 access points per group for a Cisco 5500 Series Controller. Up to 1000 FlexConnect groups and 50 access points per group for a Cisco Flex 7500 Series Controller in the 7.2 release. Up to 2000 FlexConnect groups and 100 access points per group for Cisco Flex 7500 and Cisco 8500 Series Controllers in the 7.3 release. Up to 20 FlexConnect groups and up to 25 access points per group for the remaining platforms. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010001010.html#d34284e204a1635 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Legge, Jeffry Sent: Wednesday, March 18, 2015 9:51 AM To: [email protected] Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect Hector I am just starting to think about using FlexConnect. I have two Wism2's and about 750 Aps. Can you tell me where I can read up on the 25 AP restriction? -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Hector J Rios Sent: Wednesday, March 18, 2015 10:10 AM To: [email protected] Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect We use WiSM2s, and based strictly on the numbers supported by this platform (which are pretty horrible: 25 APs per FlexConnect group) I don't think we will be using FlexConnect any time soon. -Hector -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Watters, John Sent: Wednesday, March 18, 2015 1:29 AM To: [email protected] Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect Please post any results you have if/when try expand FlexConnect to your entire campus. It looks like you are close to our size (we now have about 125 buildings & about 38K students plus about 4K faculty/staff). Thanks. Sent from my iPhone > On Mar 17, 2015, at 4:12 PM, Hector J Rios <[email protected]> wrote: > > I've not performed tests to that scale yet. Plus we are only considering this > for our ResHalls, of which we have 21 buildings only. > > -Hector > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Watters, John > Sent: Tuesday, March 17, 2015 11:55 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect > > We played with FlexConnect for a number of months but still could not get > what we needed it to do on a consistent basis. Essentially we wanted > FlexConnect to drop users into their building VLAN so they would be able to > easily interact with the same devices that the wired connections in the > buildings could see. As I'm sure you know, this also resolves many of the > Apple, Chromecast, etc., problems. > > We did have one caveat though that we just couldn't get past -- we wanted to > drop faculty/staff into one VLAN and students into another (we can easily > return the proper VLAN for a particular client in a particular building from > Radius server - FreeRadius with a call to our LDAP server for info) but we > also need to send everything else back to the controller for central > switching (e.g., police connections, special bar-code scanners that roam and > serve to identify a user, but not being used for client traffic, for example, > to give out free flu shots to eligible folks or let folks into a sporting > event). We just couldn't get past having 95+% locally switched and the > remainder centrally switched for over 200 buildings many with now over 100 > APs each without using FlecConnect groups which are limited to numbers way > too small for our campus. > > We can even live comfortably without roaming between buildings. MOst folks > are not used to being able to roam between buildings downtown or many cannot > roam between apartments off campus. > > How did you get around the FlexConnect group problem? > > > > > ========================== > -jcw > ________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [[email protected]] on behalf of Hector J Rios > [[email protected]] > Sent: Tuesday, March 17, 2015 9:27 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > I tested FlexConnect on 8.0.110.0. Here are my observations: > > *Great alternative to switch data locally (obviously) *No AVC Support *When > controller is down, AP goes into standalone more. Must make sure that AP is > not able to reach any other controller you don't want. This was fixed with an > ACL. > *Client details page does not show client IPv6 address. Client still gets > IPv6 address. (PRIME does show it if you run a report). > *Client details page does not show VLAN ID. > *Putting AP in FlexConnect mode does not require reboot (Cool!) *No > IPv6 ACL support > > More testing to do, but so far so good. > > -Hector > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Hector J Rios > Sent: Thursday, March 12, 2015 11:13 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > We use Cisco's wireless solution with WiSM2s and a variety of WAPs. We > actually implemented the guest anchor controller solution last year with dual > controllers (WLC2504) and we've been happy. > > I like Britton's idea of using FlexConnect at the dorms to switch the student > data locally. However, I believe there are some limitations that would keep > us from using it such as no support for AVC, and some limitations on IPv6. > > -Hector > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Osborne, > Bruce W (Network Services) > Sent: Thursday, March 12, 2015 7:42 AM > To: > [email protected]<mailto:[email protected] > SE.EDU> > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > Hector, > > You do not say what wireless solution you are using. Let me assume a Cisco or > Aruba controller based solution. You can have vlans from your controller > tunnel to an anchor controller in a DMZ. Use 802.1X authentication based on > AD groups. > > This solution permits controlled internal access and, if you desire, > unfiltered Internet access. Until recently, we did something similar with our > open Guest wireless network on our Aruba system. We now use a different > solution for this. > > The anchor controller idea was based on Cisco wireless training several years > ago. At that time, it was their recommended guest solution. > > Bruce Osborne > Wireless Engineer > IT Infrastructure & Media Solutions > > (434) 592-4229 > > LIBERTY UNIVERSITY > Training Champions for Christ since 1971 > > From: Hector J Rios [mailto:[email protected]] > Sent: Wednesday, March 11, 2015 9:48 AM > Subject: ResHall Wireless > > I'm wondering how many of you treat the wireless in the ResHalls differently > from the wireless on the rest of your campus. In terms of geography, we have > 21 ResHalls that are in the perimeter of our campus. Some of these buildings > are next to academic or administrative buildings. Eduroam is our main SSID. > So, for the longest time it has only made sense to broadcast eduroam > everywhere. Now, on the wired side of the house, our ResHalls have a > dedicated connection that gives them direct, non-firewall access to the > internet (for access to campus resources, a student must VPN). This came > about as a request from the students to have more freedom in their residence. > Makes sense. But wireless is different as it goes through our campus core, > traverses our perimeter firewall, and goes out our main internet connection. > > I've struggled to find an alternative solution to this. We recognize that > students in ResHalls are different in the sense that they pay for a place to > live and should get an internet service that is similar to their home > service. However, any alternatives that we have considered (separate SSID, > dynamic VLAN assignment, user groups) just seem to complicate the setup. > > Any good ideas out there or creative ways in which you have tackled this > challenge? > > Thanks, > > Hector Rios, CCNP, CCA > Assistant Director, Network Engineering Dept. of Networking and > Infrastructure Information Technology Services Louisiana State > University > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_&d=AwIFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=mz4qZ89gIzboU68QSioB8egnL5r4NbnrlHD3BQd069E&s=qx-R61pX-nFrr26l3StPEAntIU7AJ_x5tyGe6G1AKL0&e= . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
