Document ID: 112042 | PDF Downloads
|
FeedbackIntroduction
This document provides the feature matrix for the FlexConnect feature on the Wireless LAN Controller. This feature matrix applies to Cisco Unified Wireless Network release 7.0.116.0 and above.
Prior to 7.2, FlexConnect was called Hybrid REAP (HREAP). It is now called FlexConnect.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
-
Control and Provisioning of Wireless Access Points (CAPWAP) protocol.
-
The configuration of lightweight APs and Cisco WLCs.
Components Used
-
This feature matrix outlines the features that work with Cisco Unified Wireless Network release 7.0.98.0 and above.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
FlexConnect
FlexConnect is a wireless solution for branch office and remote office deployments. It enables you to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without the deployment of a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally. When they are connected to the controller, they can also send traffic back to the controller. FlexConnect is only supported on these components:
-
1130AG, 1140, 1240AG, 1250, AP801, 3500I, 3500E, 3600, 1040, and AP 1260 access points
-
Cisco Flex 7500, Cisco 5500, 4400, and 2500 Series Controllers
-
Catalyst 3750G Integrated Wireless LAN Controller Switch
-
Cisco WiSM and WiSM2
-
Controller Network Module for Integrated Services Routers
The next section outlines the FlexConnect Feature Matrix.
FlexConnect Feature Matrix
Legacy and New Features in 7.0.116.0 and Above
Security - Client
Depending on the modes and states, security support on the FlexConnect varies. This table summarizes the security features supported.
| WAN Up (Central switching) | WAN Up (Local Switching) | WAN Down (Standalone) | |
|---|---|---|---|
| Open/Static WEP | Yes | Yes | Yes |
| WPA-PSK | Yes | Yes | Yes |
| 802.1x (WPA/WPA2) | Yes | Yes | Yes |
| MAC Authentication | Yes | Yes | No |
| CCKM Fast Roaming | Yes | Yes | Yes, for connected clients. No, for new clients. |
Security - Infrastructure
| WAN Up (Central Switching) | WAN Up (Local switching) | WAN Down (Standalone) | |
|---|---|---|---|
| Data DTLS | Yes | N/A | N/A |
| Local EAP (LEAP/ EAP-FAST) | Yes in 7.0.116 | Yes in 7.0.116 | Yes |
| Backup Radius | Yes in 7.0.116 | Yes in 7.0.116 | Yes |
| MIC | Yes | Yes | N/A |
Security
Depending on the modes and states, security support on the FlexConnect varies. This table summarizes the legacy and new security features supported with WLC version 7.0.116.0 and above.
| WAN Up (Central switching) | WAN Up (Local switching) | WAN Down (Standalone) | |
|---|---|---|---|
| awIPS | Yes | Yes | No |
| Rogue, IDS | Yes | Yes | No |
| MFP (Client, Infrastructure) | Yes | Yes | No |
| SSC | Yes | Yes | N/A |
| RLDP | May work depending on hops, WAN speed | May work depending on hops, WAN speed | No |
| OKC Fast roam | Yes | Yes | No 1 |
| FlexConnect Local Auth | N/A | Yes | Yes |
| AAA Override | Yes | Yes | Yes |
| ACL | Yes | Yes2 | Yes2 |
| P2P Blocking | Yes | Yes | Yes |
| Mesh LSC Support | N/A | N/A | N/A |
| ISE 1.1 | Yes | Yes (7.2.110.0) | No |
| PCI Compliance for Neighbor Pkts | Yes | Yes | No |
| Russia DTLS Support | Yes | N/A | No |
| wIPS ELM | Yes | Yes | No |
| Limit Clients per WLAN | Yes | Yes3 | No |
| Limit Clients per Radio | Yes | Yes | Yes |
| Client Exclusion Policy | Yes | Yes3 | No |
1 Yes for clients that have assoc at connected mode 2 FlexConnect ACLs should be used 3 Limits/exclusion done by WLC so client will be deauth after a successful Assoc Resp
Voice & Video
This table lists the legacy and new Voice & Video services supported with WLC version 7.0.116.0 and above with FlexConnect
| WAN Up (Central switching) 100 ms RTT | WAN Up (Local switching) 100 ms RTT | WAN Down (Standalone) | |
|---|---|---|---|
| Voice | Yes with RTT 100 ms | Yes with RTT 100 ms | Yes with RTT 100 ms |
| Yes with RTT 900 ms (with CCKM and OKC) | Yes with RTT 900 ms (with CCKM and OKC) | ||
| QoS Markings 2 | Yes | Yes | Yes |
| UPSD | Yes | Yes | Yes |
| Voice Diagnostics | Yes | Yes | No |
| Voice metrics | Yes | Yes | No |
| TSPEC /CAC | Yes – non CCX | Yes – non CCX | No |
| Yes – CCX 3 | Yes – CCX 3 |
2 - Includes both dscp/dot1p markings 3 - CAC on WLC, deauth on roaming failure
Services
This table lists the legacy and new services supported with WLC version 7.0.116.0 with FlexConnect.
| WAN Up (Central Switching) | WAN Up (Local switching) | WAN Down (Standalone) | |
|---|---|---|---|
| Internal Webauth | Yes | Yes | N/A |
| External Webauth | Yes (7.2.110.0) | Yes (7.2.110.0) | N/A |
| CleanAir (SI on 3500) | Yes | Yes | N/A |
| Multicast-Unicast (Videostream) | Yes | N/A | N/A |
| Location | Yes with BW/Scale limitation | Yes with BW /Scale limitation | N/A |
| RRM | Yes | Yes | No |
| NG RRM – RF Static Grouping | Yes1 | Yes1 | No |
| SE Connect (Cleanair Update) | Yes | Yes | No2 |
| S60 Enhancement | Yes | Yes | No |
1 Any RRM specific requirements apply (at least 4 APs for TPC) 2 Yes for standalone after disconnecting from WLC but no for reboot
Infrastructure
| WAN Up (Central Switching) | WAN Up (Local switching) | WAN Down (Standalone) | |
|---|---|---|---|
| Passive Clients | No | Yes | Yes |
| Syslog | Yes | Yes | Yes |
| CDP | Yes | Yes | Yes |
| Client Link | Yes | Yes | No |
| AP Image PreDownload | Yes | Yes | No |
| FlexConnect Smart AP Image Upgrade | Yes | Yes | Yes1 |
| AP Regularity Domain Updates (Chile) | Yes | Yes | Yes |
| VLAN Pooling/Mcast Optim. | Yes | N/A | N/A |
| Mesh – 24 backhaul | N/A | N/A | N/A |
| WGB Support | No | No | No |
| 3rd party WGB Support | Yes | Yes | Yes |
| Web Auth Proxy | Yes | Yes | No |
| FlexConnect AP Group Increase | Yes | Yes | Yes |
| Client fault tolerance | N/A | Yes | N/A |
| DHCP Option 60 | Yes | Yes | Yes |
| DFS/802.11h | Yes | Yes | Yes |
| AP Group VLANs | Yes | N/A | N/A |
1 Provided if Master AP is already upgraded and Slave APs are updated with their Master AP
Mobility / Roaming Scenarios
| WLAN Configuration | Local Switching | Central Switching | ||||
| CCKM | PMK(OKC) | Others | CCKM | PMK(OKC) | Others | |
| Mobility Between Same Flex Group | Fast Roam1 | Fast Roam1 | Full Auth1 | Fast Roam | Fast Roam | Full Auth |
| Mobility Between Different Flex Group | Full Auth1 | Fast Roam1 | Full Auth1 | Full Auth | Fast Roam | Full Auth |
| Inter Controller Mobility | N/A | N/A | N/A | Full Auth | Fast Roam | Full Auth |
1 Provided WLAN is mapped to same VLAN (same subnet)
Cisco Support Community - Featured Conversations
Related Information
- H-Reap Design and Deployment Guide
- Hybrid Remote Edge Access Point (H-REAP) Basic Troubleshooting
- Cisco Wireless LAN Controller Configuration Guide, Release 7.0
- Technical Support & Documentation - Cisco Systems
| Updated: Jul 02, 2012 | Document ID: 112042 |