FlexConnect Feature Matrix

This section describes the feature matrix for the FlexConnect feature on the Catalayst Wireless Controller . This feature matrix applies to Catalyst wireless platform on IOS-XE release 16.10.

Introduction

This document describes the feature matrix for the FlexConnect feature on the Catalyst Wireless Controller.

Prerequisites and Requirements

Cisco recommends that you have knowledge of these topics:

  • Control and Provisioning of Wireless Access Points (CAPWAP) protocol

  • Configuration of lightweight Access Points (APs) and Cisco WLCs

FlexConnect

FlexConnect is a wireless solution for branch office and remote office deployments. It enables you to configure and control APs in a branch or remote office from the corporate office through a WAN link without the deployment of a controller in each office. The FlexConnect APs can switch client data traffic locally and perform client authentication locally. When they are connected to the controller, they can also send traffic back to the controller. FlexConnect features listed in the dociument is supported on the below platforms:

  • AP18xx, 2802, 3802, 4800, 1540, 1560, 1700, 2700, 3700, 1570

  • Catalyst wireless controller running 16.10 IOS-XE

FlexConnect local authentication is useful where you cannot maintain a remote office setup with a minimum bandwidth of 128 kb/s and a round-trip latency of no greater than 100 ms. The maximum tolerated latency for FlexConnect is 300 ms, regardless of the features that are used.

The next section outlines the FlexConnect Feature Matrix.

Security–Client

Feature

WAN Up (Central Switching)

WAN Up (Local Switching)

WAN Up (Local Switching, Local Authentication)

WAN Down (Standalone)

Open

Yes

Yes

Yes

Yes

Static WEP

Yes

Yes

WPA-PSK

Yes

Yes

Yes

Yes

802.1x (WPA/WPA2)

Yes

Yes

Yes

Yes

MAC filter Authentication

Yes

Yes

No

No

Fast Roaming

Yes

Yes

Yes

Yes, for connected clients. No, for new clients.

Security-Infrastructure

WAN Up (Central Switching)

WAN Up (Local Switching,Local authentication)

WAN Down (Standalone)

Data DTLS

Yes

N/A

N/A

Local EAP

Yes(central auth)

Yes , for only wave 1 and EAP-LEAP

Yes , for only wave 1 and EAP-LEAP

Backup radius

Yes

Yes

Yes

Security

Feature

WAN Up (Central Switching)

WAN Up (Local Switching)

WAN Up (Local Switching, Local Authentication)

WAN Down (Standalone)

Adaptive Wireless Intrusion Prevention (aWIPS)

No

No

No

No

Intrusion Detection (IDS)

No

No

No

No

Management Frame Protection (MFP) (Client, Infrastructure)

No

No

No

No

802.11w "MFP"

Yes

Yes

Yes

Yes

802.11r Fast Transition

Yes

Yes

No

No

Self-Signed Certificate (SSC)

Yes

Yes

Yes

N/A

Rogue Location Discovery Protocol (RLDP)

Yes

Yes

Yes

No (Not applicable, since RLDP is triggered and orchestrated by controller)

Opportunistic Key Caching (OKC) Fast Roam

Yes

Yes

Yes

No

FlexConnect Local Auth

N/A

Yes

Yes

Yes

Ipv4 AAA Override Vlan name /ID / ACL

Yes

Yes

Yes

Yes

Ipv6 AAA override Vlan name /ID

Yes

Yes

Yes

Yes

AAA VLAN assignment with VLAN name

Yes

Yes

Yes

Yes

Static ACL

Yes

Yes

Yes

Yes

Per-user radius ACL

Yes

Yes

Yes

Yes

L2 ACL

No

No

No

No

DNS ACL

Yes

Yes

Yes

No

P2P Blocking

Yes

Yes

Yes

Yes

Bring Your Own Device /ISE(BYOD)

Yes

Yes

No

No

PCI Compliance for Neighbor Pkts

Yes

Yes

Yes

No

Russia DTLS Support

No

No

No

No

Wips Enhanced Local Mode (ELM)

No

No

No

No

Limit Clients per WLAN

Yes

Yes

Yes

No

Limit Clients per Radio

Yes

Yes

Yes

Client Exclusion Policy

Yes

Yes

Yes

No

Radius NAC

Yes

Yes

No

No

TrustSec SXP/enforcement at AP level

Yes

Yes

Yes

Yes

TrustSec SXP/enforcement at WLC

Yes

Yes

Yes

Yes

Identity PSK

Yes

Yes

No

No

Identity PSK with P2P blocking

No

No

No

No

AAA-enforced Policy and quota management

Yes

Yes

No

No

Voice and Video

Feature

WAN Up (Central Switching) 100 ms RTT

WAN Up (Local Switching) 100 ms RTT

WAN Down (Standalone)

Voice

Yes with RTT 100 ms

Yes with RTT 100 ms

Yes with RTT 100 ms

Yes with RTT 900 ms (with CCKM and OKC)

Yes with RTT 900 ms (with CCKM and OKC)

QoS Markings

Yes

Yes

Yes

QoS policing

Yes

Yes

No

UAPSD

Yes

Yes

Yes

Voice Diagnostics

No

No

No

Voice Metrics

No

No

No

TSPEC /Call Admission Control (CAC)

Yes

Yes

Yes

Services

Feature

WAN Up (Central Switching)

WAN Up (Local Switching)

WAN Up (Local Switching, Local Authentication)

WAN Down (Standalone)

Internal Webauth

Yes

Yes

No

N/A

External Webauth

Yes

Yes

No

N/A

CleanAir

Yes

Yes

Yes

N/A

Multicast-Unicast (Videostream)

Yes

Yes

Yes

Yes

Radio Resource Management

Yes

Yes

Yes

Yes

SE Connect (Cleanair Update)

No

No

No

No

Native Profiling

Yes

Yes (if you enabled Central DHCP Processing)

Yes (if you enabled Central DHCP Processing)

No

AVC

Yes

Yes

Yes

No

Bonjour Gateway

No

No

No

No

mDNS AP

No

No

No

No

LSS

No

No

No

No

Origin Based services

No

No

No

No

Priority MAC

No

No

No

No

Bonjour Browser

No

No

No

No

Flex+Bridge mode

Yes

Yes

Yes

Yes

Infrastructure

Feature

WAN Up (Central Switching)

WAN Up (Local Switching)

WAN Down (Standalone)

Passive Clients

No

No

No

Proxy ARP

Yes

Yes

Yes

Syslog

Yes

Yes

Yes

CDP

Yes

Yes

Yes

Client Link

Yes

Yes

Yes

Load Balancing

Yes

Yes

No

Band Select

Yes

Yes

No

AP Image PreDownload

Yes

Yes

No

FlexConnect Smart AP Image Upgrade

Yes

Yes

Yes

VLAN Pooling/Mcast Optim.

Yes

N/A

N/A

Mesh - 24 backhaul

N/A

N/A

N/A

Cisco WGB Support

Yes

Yes

Yes

3rd party WGB Support

Yes

Yes

Yes

Web Auth Proxy

Yes

Yes

No

Client fault tolerance

N/A

Yes

N/A

DHCP Option 60

No

No

No

DFS/802.11h

Yes

Yes

Yes

vlan-based central switching

Yes

Not Applicable

Not Applicable

Mobility / Roaming Scenarios

WLAN Configuration

Local Switching

Central Switching

CCKM

PMK (OKC)

Others

CCKM

PMK (OKC)

Others

Mobility Between Same AP having same Site tag

Fast Roam

Fast Roam

Full Auth

Fast Roam

Fast Roam

Full Auth

Mobility Between Ap using different site tag

Full Auth

Full Auth

Full Auth

Full Auth

Full Auth

Full Auth