To ensure the 1810 OEAP can join the controller from remote teleworker locations, the firewall must allow specific UDP ports that are used for AP communication with the controller. UDP ports 5246 and 5247 are used for Control and Provisioning of Wireless Access Points (CAPWAP) control and data messages, while UDP ports 12222 and 12223 are used for OfficeExtend APs’ data traffic. Blocking these ports would prevent the APs from joining the controller, hence they must be allowed on the firewall.

The Voice VLAN feature on switches allows the network to distinguish between voice traffic and data traffic from wireless clients connected to IP phones. This is crucial for applying the appropriate QoS to ensure that voice traffic is prioritized over client data traffic. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

The image provided shows a packet capture with multiple entries displaying UDP traffic between two IP addresses using different ports (notably port number ‘16666’ which is commonly used for NMSP). Network Mobility Services Protocol (NMSP) is used by wireless controllers like WLCs to communicate with management software such as Cisco’s Mobility Services Engine or CMX. This protocol helps in managing various mobility services across wireless networks. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To collect user demographic information in exchange for guest WLAN access and to have a customized portal per location, the marketing department should tie the Facebook social connector into Cisco CMX. Facebook is widely used for social login features and provides access to demographic data when users consent, making it the ideal choice for this requirement. References: The use of social connectors for demographic data collection is discussed in the context of advanced location services in the official certification guide.

 For an enterprise wireless network with distributed offices globally and APs configured in FlexConnect mode, enabling FlexConnect local authentication is essential to support 802.11r and CCKM. This configuration allows for fast roaming and maintains a secure connection by locally authenticating the clients without having to go back to the central site, thus providing a seamless and efficient roaming experience for the users.

 Cisco AVC (Application Visibility and Control) on a Cisco Wireless LAN Controller (WLC) is used to prioritize traffic by marking the packets. For Cisco IP cameras that use the wireless network, the AVC rule would be configured to mark the packets with a specific QoS value, ensuring that the video traffic is treated with higher priority as it traverses the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The true statement about the VideoStream/Multicast Direct feature is that each VideoStream client acknowledges receiving a video IP multicast stream. This feature enhances the reliability of IP multicast traffic over WLAN by using client acknowledgments to ensure delivery.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

The feature that must be enabled to ignore non-802.11 interference is “Avoid Persistent Non-WiFi Interference.” This setting allows the Radio Resource Management (RRM) to not react to non-802.11 noise and interference, which can be crucial in environments where such interference is common but does not significantly impact wireless performance. By enabling this feature, RRM will not change the channel in response to non-IEEE 802.11 interferers, thus maintaining a stable channel plan. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

In a multitenant building, competing wireless APs are initially classified as ‘unclassified’ in the WLC. This classification means that the APs are not recognized as part of the network’s infrastructure. Over time, administrators can classify these APs as ‘friendly’, ‘malicious’, or maintain them as ‘unclassified’ based on their potential impact on the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

Client profiling involves using various properties to identify and classify wireless clients. The HTTP user agent can provide information about the client’s device type and browser, DHCP can reveal details about the client’s network configuration and requests, and the MAC OUI (Organizationally Unique Identifier) can be used to determine the manufacturer of the device. These properties are crucial for profiling because they offer insights into the device’s capabilities and identity. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

Apple’s Fastlane technology is used to prioritize traffic from iOS devices on the network. By enabling Fastlane under each WLAN setting, the network can recognize and prioritize traffic from Apple iOS devices, addressing the QoS issues for these devices on the WLANs. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The AAA override feature on a WLAN allows for individualized security policies to be applied to users after they are authenticated by the AAA server, which in this case is Cisco ISE (Identity Services Engine). The company policy requires that all users be denied access to any resources until they pass validation. By using AAA override, the network can enforce access control policies based on user credentials and group membership, ensuring that users cannot access network resources until they have been validated by Cisco ISE. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

For guests to reach a Web Authentication Redirect page while blocking web management traffic to the controller, guest client HTTPS traffic must be allowed to a specific IP address that does not interfere with management access. The virtual interface IP on a Cisco Wireless LAN Controller serves as a DHCP relay and is used for web authentication processes. Therefore, allowing HTTPS traffic to this IP enables guests to reach the redirect page without granting them access to manage the controller. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 To resolve the issue of changing the Cisco Hyperlocation detection threshold, the engineer should shut down all radios on the controller, change the Cisco Hyperlocation detection range, and then enable the radios again. This process ensures that the new threshold settings are applied correctly across the network.

The issue is likely caused by the CPU ACL on the controller, which is blocking HTTP/HTTPS traffic from the guest clients. When a WLAN with Web Authentication is used, the wireless client’s browser is redirected to a web page for authentication. If the CPU ACL is configured to only allow controller web management traffic from the IT subnet, it may inadvertently block the necessary HTTP/HTTPS traffic for the Web Authentication process, leading to a timeout on the wireless client browser. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, specifically the sections discussing CPU ACLs and their impact on network traffic.

The AAA override feature on a WLAN allows for individualized security policies to be applied to users after they are authenticated by the AAA server, which in this case is Cisco ISE (Identity Services Engine). The company policy requires that all users be denied access to any resources until they pass validation. By using AAA override, the network can enforce access control policies based on user credentials and group membership, ensuring that users cannot access network resources until they have been validated by Cisco ISE. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To segregate iOS-connected devices onto a guest SSID on VLAN 101 and the rest of the clients on VLAN 102, specific configurations are needed on the Cisco Catalyst 9800 Wireless LAN Controller (WLC). The correct configurations required are:

• Add local profiling policy under global security policy settings (Option B): This allows the WLC to profile devices based on their operating system. By identifying iOS devices, a local profiling policy can then direct these devices to the appropriate VLAN.
• Enable device classification on global wireless settings (Option E): Device classification is necessary for the WLC to differentiate between device types. Once enabled, it can apply different policies based on whether a device is recognized as an iOS device or not.

References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

 The two protocols used to communicate between the Cisco Mobility Services Engine (MSE) and the Cisco Prime Infrastructure network management software are HTTPS and NMSP (Network Mobility Services Protocol). HTTPS is used for secure web-based communications, while NMSP is a Cisco proprietary protocol used specifically for efficient, real-time communication between MSE and network management software like Cisco Prime Infrastructure. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

 IGMP snooping is a feature that allows a network switch to listen to the Internet Group Management Protocol (IGMP) network traffic. This feature enables the switch to identify the multicast streams to which hosts are interested and to forward multicast traffic intelligently. By enabling IGMP snooping on the Wireless LAN Controller (WLC), it ensures that multicast streams are only forwarded to the access points (APs) where clients are subscribed to them. Setting the AP multicast mode to a specific multicast address, such as 238.255.255.255, allows the WLC to send multicast traffic to APs using this address, which helps in efficient distribution of the multicast stream.

When a client is authenticated but cannot pass traffic in the RUN state, it indicates that an ACL may be blocking the traffic post-authentication. Disabling or modifying this ACL to allow traffic can resolve the connectivity issue, ensuring that the client’s traffic flows correctly after authentication with Cisco ISE.

To offer indoor directions to patient rooms using the existing wireless infrastructure, the hospital would need to install Cisco MSE (B) and Cisco CMX Visitor Connect ©. Cisco Mobility Services Engine (MSE) provides advanced location services, including tracking for Wi-Fi clients, which is essential for indoor navigation. Cisco CMX Visitor Connect, part of the Cisco Connected Mobile Experiences (CMX) solutions, allows for the customization of visitor experiences, such as indoor navigation. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

The Cisco Hyperlocation feature requires enabling on both the wireless LAN controller and Cisco CMX to function correctly. This allows for precise location tracking by integrating data from both components. Additionally, if the Cisco CMX server is a virtual machine (VM), it is recommended to use a high-end VM to handle the processing demands of Cisco Hyperlocation deployments, ensuring optimal performance and accuracy.

The configuration required is to trust the DSCP (Differentiated Services Code Point) on the controller switch port. This ensures that the voice traffic’s class of service is maintained throughout the network. By trusting DSCP, the switch will preserve the DSCP value set by the wireless LAN controller, which is responsible for marking the voice packets. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

Before running a Client Traffic Stream Metrics report in Cisco Prime Infrastructure, the task that must be run is “client status”. This task collects the necessary data regarding the clients’ traffic streams, which is then used to generate the report. References := Cisco Prime Infrastructure Reports User Guide

When implementing Cisco Identity-Based Networking on a Cisco AireOS controller with two ACLs where one is applied directly on the WLC interface and another referenced by ISE for a specific group policy, the resulting ACL for a user in that group would be a combination of both ACLs. The BASE_ACL applied on the corporate_clients interface acts as the default ACL for all corporate clients, while HR_ACL is specific for Human Resources users. When a Human Resources user connects, HR_ACL takes precedence but does not replace BASE_ACL; instead, it appends its rules to those of BASE_ACL resulting in an aggregated set of rules from both ACLs. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

When an MSE with wIPS service is installed, it is crucial for alarm information to reach the MSE from the controllers. The Network Mobility Services Protocol (NMSP) is the protocol that facilitates this communication. Ensuring that NMSP is allowed through any firewalls or network security devices is essential for the proper functioning of the wIPS service. References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

 For a large company requiring support for 32 VLANs for different departments, the most efficient solution is to configure one single SSID and use Cisco ISE for dynamic VLAN assignment based on user roles. Cisco ISE can classify users into different groups and assign them to the appropriate VLANs. This approach reduces the complexity of managing multiple SSIDs and simplifies the user experience while maintaining a high level of security and network segmentation. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

To ensure that all Android devices are placed into a separate VLAN on their wireless network without deploying ISE, the feature that must be implemented on the Cisco WLC is “WLAN local policy”. This feature allows the network administrator to create policies that can classify and segregate devices based on their operating system, in this case, Android devices, into a designated VLAN. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

 For a BYOD setup using a dual SSID approach, the first SSID is typically used for device registration and the second for network access. Setting the NAC State to Radius NAC enables the network access control (NAC) to use RADIUS for authentication, authorization, and accounting. Allowing AAA Override enables the RADIUS server to dynamically change the VLAN and ACLs assigned to the endpoint, which is crucial for BYOD where devices need to be placed into the correct VLAN based on user role and device type. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, particularly the chapters on BYOD and advanced WLAN configuration.

 When configuring an autonomous Access Point (AP) for 802.1x authentication using an external authentication server like RADIUS, it’s essential that AP knows where to send authentication requests and has a secure method of communicating with it. The RADIUS server’s IP address must be configured on AP so it knows where to forward user credentials for verification. Additionally, a shared secret must be set up between AP and RADIUS server as part of their secure communication protocol; without this shared secret, they cannot trust each other’s communications. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

Graphical user interface Description automatically generated

For optimal voice over WLAN performance with a Cisco 8821 wireless phone, the Cisco recommended configuration is to set the switch port to access mode and trust the DSCP markings. This ensures that voice traffic is appropriately prioritized in the network, providing better quality of service for voice communications. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The feature that must be enabled to ignore non-802.11 interference is “Avoid Persistent Non-WiFi Interference.” This setting allows the Radio Resource Management (RRM) to not react to non-802.11 noise and interference, which can be crucial in environments where such interference is common but does not significantly impact wireless performance. By enabling this feature, RRM will not change the channel in response to non-IEEE 802.11 interferers, thus maintaining a stable channel plan. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

The issue described indicates a problem with the 802.1X authentication policy on the authenticator, which is typically the wireless controller or access point. Even though the CA certificate is correctly installed on the laptop, if the authenticator’s policy is incorrectly configured or does not match the required settings for the corporate network, the user’s authentication attempts will fail. It is essential to review and correct the 802.1X policy settings on the authenticator to resolve this issue. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 A single SSID method satisfies the requirements for a BYOD policy that includes onboarding unknown machines, scalability, and low overhead on the wireless network. It simplifies network access for users and reduces overhead by minimizing broadcast traffic associated with multiple SSIDs.

 If the administrator is unable to see interferers on the Cisco Prime Infrastructure maps, it could be due to the MSE (Mobility Services Engine) not being added and synchronized with Cisco Prime Infrastructure, which is essential for tracking and locating devices, including interferers. Additionally, if interferer tracking is not enabled on the MSE, it would not track or display the location of interferers on the maps. The other options, such as SNMP failure, reaching the Context Aware Service tracking limit, or inactive NSMP communication, would affect other aspects of network visibility but not specifically the tracking and display of interferers. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is an EAP method that an Access Point (AP) can use to authenticate to the wired network. EAP-TLS is considered one of the most secure EAP methods because it uses mutual authentication, where both the client and the server authenticate each other using certificates.

 In a BYOD (Bring Your Own Device) deployment strategy that prefers a single SSID model, an Identity Services Engine (ISE) is required. Cisco’s ISE is a security policy management platform that automates and enforces context-aware security access to network resources. It allows for the creation of policies that control access to the network based on user identity, device type, device health, and posture compliance, which is essential for a BYOD environment. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

When setting up identity-based networking with ISE and configuring AAA override on the WLAN, the attributes that can be used to change the client behavior from the default settings include the DNS server and DSCP value. The DNS server attribute allows for the specification of a DNS server per client, which can be essential for directing traffic through specific network paths or applying policies based on domain name resolutions. The DSCP value attribute is used to mark the packets with a specific Quality of Service (QoS) level, which can prioritize or deprioritize traffic as needed. References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

When a wireless controller is configured to authenticate clients against Microsoft Active Directory using PEAP (Protected Extensible Authentication Protocol), it uses RADIUS (Remote Authentication Dial-In User Service) as the protocol to communicate with the authentication server. RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

For RADIUS to restrict administrative control effectively, the engineer needs to define a Network Access Server (NAS) entry that corresponds to the WLC’s management IP address and the AP subnet. The correct entry would be the NAS IP of the virtual interface (typically used for RADIUS communications) and the specific network range of the AP subnet, which is 192.168.2.0 with a subnet mask of 255.255.255.0. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

Allowing access to the Local Area Network (LAN) without implementing a Mobile Device Management (MDM) solution poses a significant security risk to a Bring Your Own Device (BYOD) policy. Without MDM, the organization lacks control over the personal devices that connect to its network, which could lead to unauthorized access to sensitive data, potential data breaches, and the inability to enforce security policies.

 Configuring an AVC profile for the Jabber traffic and applying it to the WLAN ensures that voice traffic from Cisco Jabber receives Platinum QoS while keeping other WLAN traffic at Silver class. AVC allows for deep packet inspection which can identify Jabber application packets so they can be given priority over other types of traffic.

CMX Facebook Wi-Fi is designed to provide limited access to the network before a user completes authentication. This feature allows HTTP traffic only before authentication while blocking all other traffic, which corresponds with option A. Additionally, it intercepts HTTP traffic to redirect the user to the authentication page, which aligns with option D. The purpose of these restrictions is to ensure that users can be directed to log in via Facebook for Wi-Fi access without compromising network security by allowing unchecked access. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

On a Cisco Catalyst 9800 Series Wireless Controller, the command set that prevents a FlexConnect AP from allowing wireless clients to connect when its Ethernet connection is nonoperational is the fallback-radio-shut command within the FlexConnect profile configuration. This command disables the radios on the AP, thus preventing client connections during Ethernet link failure. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The Cisco OfficeExtend Access Point (OEAP) feature is enabled on a Cisco Catalyst 9800 Series Wireless Controller through the Flex Profile. The Flex Profile allows for the configuration of various settings specific to FlexConnect deployments, including OEAP settings, which enable remote workers to connect to the corporate network securely.

References :=

• CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide
• Cisco documentation on Catalyst 9800 Series Wireless Controllers

The default IEEE 802.1x AP authentication configuration on a Cisco Catalyst 9800 Series Wireless Controller is EAP-FAST with CAPWAP DTLS (Option D). This method uses EAP-FAST for authentication within a secure tunnel established by Datagram Transport Layer Security (DTLS) over CAPWAP, which provides both security for authentication credentials and encryption for wireless management frames. References := ( CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide )

The correct command to add a VLAN with a specific ID to a FlexConnect group in a Cisco Wireless LAN Controller (WLC) is ‘config flexconnect group BranchA-FCG vlan 30 add’. This command specifies the FlexConnect group name ‘BranchA-FCG’ and the VLAN ID ‘30’, followed by the action ‘add’, which is consistent with Cisco’s CLI syntax for WLC configuration. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

The primary change to the network when adding APs for location-based services, such as VolMLAN, would be the AP footprint. This refers to the physical coverage area of the access points. Increasing the AP footprint enhances the ability to perform location-based services by improving the accuracy of triangulation and location tracking of devices. This is because a denser AP footprint allows for more precise determination of a device’s location within the network. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide, specifically the sections discussing location-based services and AP deployment strategies for optimal coverage and location tracking.

The FlexConnect AP Upgrade feature allows for a selective upgrade process within a FlexConnect group. By not setting any master APs, the WLC will automatically select one AP of each model with the lowest MAC address to receive the upgrade directly from the controller. This ensures that the upgrade is distributed efficiently across different AP models in the group without manual intervention.

References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

When a wireless controller is configured to authenticate clients against Microsoft Active Directory using PEAP (Protected Extensible Authentication Protocol), it uses RADIUS (Remote Authentication Dial-In User Service) as the protocol to communicate with the authentication server. RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

Cisco Hyperlocation is enabled in the RF Profile on a Cisco Catalyst 9800 Series Wireless Controller web interface. The RF Profile contains settings that pertain to radio frequency management, which includes the configuration for Hyperlocation.

 Bluetooth Low Energy (BLE) is renowned for its ability to provide precise location services, especially in the context of indoor positioning systems. BLE beacons can be strategically placed throughout a facility, and when used in conjunction with a mobile application, they can deliver the high level of location accuracy required for various use cases, including navigation, asset tracking, and contextual marketing.

 For a wireless network supporting voice and video applications for Apple devices, especially with Fastlane implementation, the QoS profile to configure on the user WLAN for iPhones updated to version 14.5.432302546 is Platinum. This profile provides the highest level of QoS, ensuring priority for voice and video traffic. References:= (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

During the Extensible Authentication Protocol (EAP) process, the RADIUS server generates an encrypted session key after the client’s identity is authenticated. This session key is sent to the access point to encrypt data frames between the client and the access point. It ensures that each session has a unique encryption key, enhancing security. References: Look for information on EAP and RADIUS in the CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide.

For location analytics in a shopping center using AireOS controllers with Cisco Wave 2 APs, the CMX server settings must exclude probing clients to track only associated clients. This setting ensures that the location analytics data reflects the movements of clients that are actively connected to the WLAN, providing accurate insights into popular areas within the shopping center. References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

 The correct configuration for limiting Internet bandwidth for each guest client on a Cisco Catalyst 9800 WLC is through a policy map. A policy map allows the creation of policies that can manage traffic within a network. By setting a bandwidth limit within the policy map, the WLC can enforce the required QoS for guest clients. References := (CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide)

To load balance the data coming through NMSP from the WLCs and spread the load between multiple CMX servers, the configuration cmxctl config feature flags nmsplb.cmx-ap-grouping true should be used. This enables the load balancing feature and helps optimize the data flow for APs in a large network environment. References: The configuration for load balancing in CMX is explained in the certification guide, which outlines the commands and flags necessary to manage data flow efficiently.

 In a distributed deployment of Cisco ISE, profiling services are configured on Policy Services Nodes (PSNs). These nodes handle all context-based access control, including profiling services.

References: CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide

In a FlexConnect group with local switching but central DHCP, clients can use features like multicast and static IP without any issues. However, fast roaming, which allows clients to move seamlessly between access points with minimal delay, requires the access points to handle client information locally. If the configuration is changed to allow local DHCP, then the access points can cache client credentials, enabling fast roaming.

References :=

• CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide
• Cisco documentation on FlexConnect configurations