Table of Contents
Problem Summary
A branch site reported that multiple wireless clients were randomly disconnecting. This issue affected different SSIDs and was reported during peak business hours. There were no recent code upgrades or changes (at least none that the local IT admitted.
- Location: Branch office with WAN uplink
- Mode: APs in FlexConnect mode
- WLC: Centralized (at HQ)
- SSID Behavior: Clients drop and reconnect; DHCP seems flaky
Symptoms Observed
- Clients show “connected, no internet”
- DHCP IP assignment fails intermittently
- Ping drops between client and gateway
- APs show “Central Switching” on FlexConnect SSIDs
- Wired clients work fine at branch
Root Cause Analysis
After logging into the APs and checking the WLC configuration, we found this:
- SSID was configured for Central Switching
- WAN latency to HQ WLC was inconsistent (~300ms at times)
- FlexConnect APs were NOT caching DHCP or switching traffic locally
Since the SSID was centrally switched, all client traffic, including DHCP and DNS, was being tunneled back to the controller — and when WAN latency spiked, the client DHCP requests failed or timed out. This led to random disconnects.
So in short: The FlexConnect APs were misconfigured with Central Switching on a latency-sensitive network.
The Fix
Step-by-Step Fix:
- Login to WLC
- Navigate to WLANs > [SSID] > Advanced
- Check the box: FlexConnect Local Switching
- Apply the change and push to Flex AP group
- SSH to AP and validate new mode:
show flexconnect summary show flexconnect vlan
- Optional but recommended: Enable Local DHCP or DHCP proxy fallback if DHCP server is at the branch
Clients instantly started getting IPs from the branch DHCP server, and the disconnect issues vanished.
EVE-NG Lab Topology

Key Elements:
- WLC: 9800-CL in EVE-NG cloud
- AP: Simulated or packet-traced with Flex settings
- DHCP Server: Local router or Linux DHCP
- WAN simulation: Add delay on EVE-NG interface using
tc
or GNS3 cloud config
Verification
Use these commands:
# On WLC show wlan id <SSID-ID> show ap name <AP-NAME> wlan <SSID-ID> # On AP show flexconnect summary show flexconnect vlan # From client ipconfig /all OR ifconfig ping default gateway
Check for:
- AP reports Local Switching enabled
- Client IP from local subnet
- Zero packet loss on ping
- DHCPDISCOVER seen locally, not tunneled
Key Takeaways
- FlexConnect Local Switching is essential for branch deployments with latency.
- Avoid Central Switching unless you have low-latency WAN and specific reasons.
- Enable FlexConnect DHCP fallback for resilience.
- Always validate FlexConnect policies on both WLC and AP after deployment.
Best Practices & Design Tips
- Use AP groups to consistently apply FlexConnect settings
- Always define native VLAN and mappings on FlexConnect APs
- Monitor WAN latency — anything >150ms will impact Central Switching
- Implement local DHCP or DHCP relay at branches
- Use Event Logs and WLC Syslogs for disconnect analysis
FAQs
1. What is FlexConnect in Cisco Wireless?
FlexConnect allows APs to locally switch client traffic and authenticate users even when the WAN to the controller is down.
2. What is the difference between Local and Central Switching?
- Local Switching: Client data stays at the branch.
- Central Switching: Traffic is tunneled to the controller.
3. Why do clients disconnect when using Central Switching?
Because all traffic is routed over the WAN. If WAN latency increases or drops, client DHCP or authentication may fail.
4. How can I confirm if an SSID is set to Central Switching?
Use WLC GUI or CLI:
show wlan id <id>
Look for FlexConnect Local Switching: Disabled
.
5. What happens during WAN failure in Central Switching mode?
Clients are disconnected. Flex APs can’t handle traffic locally unless Local Switching is enabled.
6. How to enable Local Switching in WLC?
Navigate to WLAN > Advanced > FlexConnect Local Switching and enable it.
7. Is DHCP Proxy required in FlexConnect?
Not required, but Local DHCP server or fallback is recommended to avoid dependence on WAN.
8. Can I use Central Auth + Local Switching?
Yes! That’s a Hybrid FlexConnect design: central authentication, local switching.
9. How to simulate WAN latency in EVE-NG?
Use Linux cloud or router with tc qdisc
command:
tc qdisc add dev eth0 root netem delay 300ms
10. Can a misconfigured VLAN cause this issue?
Absolutely. If VLAN mappings in FlexConnect are incorrect, clients won’t get IPs or connectivity.
11. How can I bulk update FlexConnect APs?
Use AP Groups in WLC and push WLAN settings to all APs in one go.
12. Do I need to reboot APs after changing switching mode?
No. Changes are dynamic, but a client reconnect might be needed.
13. How can I check logs for disconnects?
WLC: show logging
, AP: debug client <MAC>
Also check syslog servers if configured.
14. Is Local Switching secure?
Yes, as long as you use strong authentication methods like 802.1X or WPA2-Enterprise.
15. Which Cisco WLC models support FlexConnect?
All modern WLCs, including 9800 series, 2504, and 5520, support FlexConnect.
YouTube Link
Watch the Complete CCNP Enterprise: Wireless Clients Disconnect Randomly: FlexConnect Central Switching Misconfigured Lab Demo & Explanation on our channel:
Final Note
Understanding how to differentiate and implement Wireless Clients Disconnect Randomly: FlexConnect Central Switching Misconfigured is critical for anyone pursuing CCNP Enterprise (ENCOR) certification or working in enterprise network roles. Use this guide in your practice labs, real-world projects, and interviews to show a solid grasp of architectural planning and CLI-level configuration skills.
If you found this article helpful and want to take your skills to the next level, I invite you to join my Instructor-Led Weekend Batch for:
CCNP Enterprise to CCIE Enterprise – Covering ENCOR, ENARSI, SD-WAN, and more!
Get hands-on labs, real-world projects, and industry-grade training that strengthens your Routing & Switching foundations while preparing you for advanced certifications and job roles.
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088
Upskill now and future-proof your networking career!