4402 and H-Reap

Suppose I have a 4402 installed on a campus and have an internal WLAN and a guest WLAN. Now I want to install some access points at a branch office. Now I have been told that H-Reap is the way to go. But I want to keep the same SSID and Security across both sites. Do I enable H-Reap on my original WLAN configuration but only apply H-Reap to the the access points at the branch office.
I'm also trying to slip this in on a running network but an nervous that all the APs wil reboot. I guess I'm just unclear since I can't find an configuration example where both a local and remote locations are involved.
Any insights?

Richard,
I checked my config and don't have DHCP server override configured on the Advanced tab of the WLAN. I do have H-REAP Local Switching and Learn Client IP Address checked on the same tab.
On the AP configuration under the H-REAP tab, I selected VLAN support and used the VLAN that the remote AP's IP address is configured for as the Native VLAN. I then mapped the SSID to the remote VLAN under VLAN Mappings as.
Native VLAN 10
SSID: WLAN1 VLAN: 73
SSID: WLAN2 VLAN: 74
The ASA would need to be set up to trunk vlans 10, 73, and 74 on an 802.1q trunk with vlan 10 as the native vlan.
I believe you already have these settings, but wanted to let you know what worked for me.
NOTE: I did have an issue recently with a centrally switched WLAN. I was getting IP addresses from the subnet that the AP interface was configured on. I'm not sure if the DHCP traffic was being switched locally at the AP or if it was getting it through the WLC. Under WLAN, I had the correct interface chosen. Reboots didn't fix the issue. I had to select a different interface click apply and then click the correct interface again and click apply to get it working correctly again. This is not the same issue you are seeing, but does show that the WLC can be particular at times.
Let me know if there are any other parts of the config you would like me to compare to my setup. If you attach screen shots of the WLAN and the AP pages, it might help as well.
Thanks,
Mark

Similar Messages

REAP and H-REAP

I have a question regarding design and protocol. I have a network consisting of four buildings all connected through a combination of fiber and MPLS. These building need wireless. I would like to implement a solution using one 4402 WLC with LAPs in the buildings. My question regards the REAP and H-REAP protocols. Each building will have servers that the wireless users will need to access. I do not want all the traffic coming over the WAN only to return the way it came. It seems like implementing the LAPs with H-REAP is the solution to my problem. I want to ask the community if this seems correct and also ask anyone to add any other information that may be helpful as I may be missing something.
My concern is unnecessary traffic on the WAN. I want the ease of managing one controller without wasting bandwidth on my WAN. Is there a way to have traffic that is destined for a server that may be local to the LAP not use the WAN? What if the wireless users are on a seperate VLAN/subnet than the servers in the same building?
Please ask any questions if possible. I hope I was clear enough.
Thank you.

Yes... H-REAP is your answer. With H-REAP as you know, you can traffic egress out of the AP's interface directly into the local LAN just as an autonomous AP would. Only centrally switched SSID's will need to be tunneled back to the WLC, but it is up to you on what you want locally and what you want tunneled back. Traffic will stay local since the wireless device will have a gatway local and routing will not send traffic out the WAN if it is destined for another local subnet.

Does ISE 1.1 support TACACS and H-REAP?

Hello,
Does ISE1.1 support TACACS/TACACS+ and H-REAP mode ?
Also, customer wants to have quick access to the corporate network with some few laptops without going through the Actice Directory? Any suggestion on this?
Thanks
Olu

EAP-TLS does not rely on AD.
CA root cert is installed on ACS for trust and identity.
you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory
Users and Identity Stores >
Certificate Authentication Profile >
Edit: "CN Username"
see the checkbox at the bottom.
I do EAP TLS machine auth only without integrating AD into the policy at all.
hth,
jk

Initial 4402 and VLAN Config Questions

We have a 4402 connected through a 3750 with ints as follows:
ap-manager/untagged/192.168.1.241/yes
management/untagged/192.168.1.244/n
s.p./na/172.16.0.1/n
v/na/1.1.1.1/n
wireless/100/10.10.0.1/n
Internal DHCP Server enabled at 192.168.1.241
In viewing the port address table on the switch connecting to the WLC, no traffic is showing on VLAN100 (port is tagged for that VLAN). Any ideas?
Also, is there a need for a NAT box anywhere to translate IPs between the distinct subnets?
Thanks in advance.
Doug

Hi Hoof,
I haven't used NAT, just a standard router.
I'm not sure what you mean when you say "pointing at the address on the controller", if you're talking about the ap-manager or management interfaces then that is definitely not what you want (unless I've completely misunderstood you).
Yes, the gateway address on your dynamic interface for vlan 100 should be the gateway on your router. The other "IP Address" parameter is a free address from the subnet that is associated with vlan 100 which I believe is used to route (for want of a better term) between the WLC and your wired network.
Hoping this is helpful.
Scott

Guest Access and H-REAP

I have 30 1242 LWAPPs on my network. Six of these are operating in H-REAP mode as they are outside of our main campus area in other states. We use two WLANs on our wireless network.
One of the WLANs is for all company users and the other is a guest network run off our anchor controller in the DMZ. The 24 APs that are in local mode have very few issues, but more often than not, when someone tries to connect to my guest network on an AP that is running in H-REAP mode I have to reboot the AP in order to get them authenticated.
This happens about 75% of the time. There are some cases when it just works and I have no issues, but those are few and far between.
Does anyone have any idea why this may be occuring?

Are you seeing any errors when the clients try to connect to the guest network? Does it happen with all the LAPs? We will need more information to troubleshoot this issue.

Inter-Controller and Inter-Subnet Roaming between WLC 4402 and 5508?

Hi!
Will it support roaming between WLC 5508 ver. 7.0 and WLC 4402 ver. 4.2?

Here is the matrix for support of IRCM, but the answer is yes.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp116668
Sent from Cisco Technical Support iPhone App

LAP 802.1x supplicant and H-REAP

Hallo,
is it possible to combine the 802.1x supplicant feature of a LAP with a H-REAP scenario with trunked/tagged uplinks to the switching infrastructure?
Will the switchport opened via successfull 802.1xauthentication for the native vlan only (management traffic) or does it also be valid for the tagged vlans on trunk?.
br
am

Did you ever figure out a resolution to this? I'm facing the same problem. 802.1x authentication does not work for the system profile and I have to login and manually click the connect button for 802.1x.

Wlc 4402 and 1010 Aps

Hi,
I have 2 vlans (wired-side) in my corporation: the first one for Data (vlan 1, native) and the second one for voice (vlan 2). We've just get a wlc 4402 with 1010 Aps and I would like to know one thing:
Could I create 2 Ssids(one for voice and another for Data) and map each one to its wired Vlan?.
Does the 1010 Ap support 802.1q?
Thanks in advance for your help

The 1010 aps connect to the switches as hosts
(switchport mode access; switchport access vlan ...)
The controller has 2 ports that connect to the network as trunks. You can connect them as port 1 and 2, or put them in a lag group [aka etherchannel)
All the vlan trunking is done at the controller port to switch port. The AP sends the info down to the controller over the vlan specified for the aps
In your case, you should create another vlan for the APS.
The 4402 controller mgmt interface would sit in the same vlan as the APs. You would then create dynamic interfaces on the controller that have a vlan id and ip address for the desired network per your needs. You would then create a wlan on the controller and then bind it to the dynamic interface you just created.
I am oversimplfying this process quite a bit, but it should get you started. There is now a good bit of info on cisco.com for the wireless products

P7N Diamond AND OCZ Reaper 8500 @ 1066

Any1 who has P7N diamond and is using OCZ reaper 8500 @ 1066 Plz tell me the settings so that finally i can get my system stable . By default it runs at 1.8v @ 800 MHz with 7-7-7-24 timing . How will I get it to 1066MHz with 5-5-5-18 timing . Plz Help me here . Currently I am using C2D E6600 @ 2.4 GHz runnig at stock speed .

Quote from: ksgehlot on 28-April-09, 15:59:01
Any1 who has P7N diamond and is using OCZ reaper 8500 @ 1066 Plz tell me the settings so that finally i can get my system stable . By default it runs at 1.8v @ 800 MHz with 7-7-7-24 timing . How will I get it to 1066MHz with 5-5-5-18 timing . Plz Help me here . Currently I am using C2D E6600 @ 2.4 GHz runnig at stock speed .
Funny, people should read first.
Running them on 1066MHz instead of 800MHz will get you little to none extra speed.
The only thing you'll get is the possibilty of an unstable system and maybe a 2 second win.
Furthermore, it will only be noticeable in benching, in real life you will not know the differ between 800MHz and 1066MHz.
Just my thoughts on the "1066MHz memory issue", which alot of peeps have lately.

Non-Cisco WGB and H-REAP

Anyone had success rolling out non-Cisco WGBs with H-REAP?
My customer is using WLC 5508 with code 7.0.116.0. As per WLC config guide ( http://goo.gl/6kX0d ), Cisco has tested multiple third-party devices for compatibility. Is it possible to get that device list somewhere? My customer is using TP-Link model TL-WA901N v2. The 5508 WLC does not recognize this device as a WGB. Rather, it displays the wired client behind the non-Cisco WGB.
Is H-REAP supported for non-Cisco WGBs? The WLC config guide says H-REAP is not supported with Cisco WGBs, but does not make a distinction for non-Cisco WGBs.
Regards,
-steve w.

Hello Stephen,
Thanks for clarifying. Can Cisco disclose the third-party devices it has tested (non-Cisco WGB)?
TIA,
-steve w.

WLC 4402 and 1000 series APs

I just want to ask if this is possible:
Certain group of APs will advertise a
specific SSID which will not be advertised
by other APs.
thanks,

Hi Raul,
This is probably the feature that can help with this requirement;
Have a look at this info;
Enabling WLAN Override
By default, access points transmit all defined WLANs on the controller. However, you can use the WLAN Override option to select which WLANs are transmitted and which ones are not on a per access point basis. For example, you can use WLAN override to control where in the network the guest WLAN is transmitted or you can use it to disable a specific WLAN in a certain area of the network.
From this doc;
http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a008076cbfd.html#wp1114777
Once you create a new WLAN, the WLAN > Edit page for the new WLAN appears. In this page you can define various parameters specific to this WLAN including General Policies, RADIUS Servers, Security Policies, and 802.1x Parameters.
**Check Admin Status under General Policies to enable the WLAN. If you want the AP to broadcast the SSID in its beacon frames, check Broadcast SSID.
Note: You can configure up to sixteen WLANs on the controller. The Cisco WLAN Solution can control up to sixteen WLANs for Lightweight APs. Each WLAN has a separate WLAN ID (1 through 16), a separate WLAN SSID (WLAN name), and can be assigned unique security policies. Lightweight APs broadcast all active Cisco WLAN Solution WLAN SSIDs and enforce the policies that you define for each WLAN.
From this good doc;
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml#c3
Hope this helps!
Rob

WLC 4402 and coverage hole error software version 5.2.157.0

Hello!
Can you tel me what RRM coverage hole error:
%RRM-3-RRM_LOGMSG: rrmLrad.c:2462 RRM LOG:
RRM Verify Coverage Hole returned L7_FAILURE
means and how it can be fixed.
Thank you in advanced
Lasse

I'm interested in with the answer too. I got millions of syslog entries such like this: Verify Coverage Hole returned L7_FAILURE
Ok I can turn of Coverage Hole detection or syslog but it makes no sense :)
Can i Just remuve this message from sending to syslog ?

MSI Eclipse SLI and OCZ Reaper 1866MHz memory OC

Hi there!
I have a problem with my board (I think) and memory. Everytime I try to overclock my CPU to 4GHz and my memory to 1600MHz my PC restarts after few minutes in windows :/ Also if I want to overclock my CPU should I change something on that switch on the motherboard? I think it's called CPU_CLK1 the red one with white switches.
I got this RAM: http://www.newegg.ca/Product/Product.aspx?Item=N82E16820227382&nm_mc=OTC-PricebatCA&cm_mmc=OTC-PricebatCA-_-Memory+(Desktop+Memory)-_-OCZ+Technology-_-20227382
I tried to set them at 1600MHz 8-8-8-28 (crash) 9-9-9-28 (crash) :/ And I need some help with CPU. I overclocked only AMD CPUs, and my record on X4 920 2.8GHz was 4.2 stable :P But never OCd an Intel CPU, specially i7. Can someone help me?
Oh I almost forgot... Why my mobo recognize my RAM as 1066MHz? :/

Quote from: sp4wners on 15-September-09, 23:25:30
Also if I want to overclock my CPU should I change something on that switch on the motherboard? I think it's called CPU_CLK1 the red one with white switches.
Don't use the OC switches.
Quote from: sp4wners on 15-September-09, 23:25:30
I tried to set them at 1600MHz 8-8-8-28 (crash) 9-9-9-28 (crash) :/ And I need some help with CPU.
One assumes you did increase the DIMM voltage?
Quote from: sp4wners on 15-September-09, 23:25:30
Oh I almost forgot... Why my mobo recognize my RAM as 1066MHz? :/
Because that's what it is.

802.1a is admin down. wlc 4402 and ap1252

Hello all,
I am trying to enable the 802.11a and use the 5Ghz band in my house. However, I am having difficulty in doing this. Please see screenshot below. I have select AU (Australia) as my regulatory domain (2nd image). 802.11a band is enabled(3rd image), but the interface is still down (1st image). Australia regulatory code is -Z. Not sure why -A and -N are showing up
http://i.imgur.com/H3K4wTl.jpg
http://i.imgur.com/KvVzlqJ.jpg
http://i.imgur.com/VR38ZpV.jpg
In the cli, the dot11 radio interface is down. This might be the issue? If so, how would I turn this on from the wlc management page?
http://imgur.com/8g6ikzt
Note: I've tried other regulatory domains - US, US and Mexico, but to no avail.
note 2: now, both radio interfaces are admin down.

Hi Leo,
cisco AIR-LAP1252AG-A-K9 (PowerPC 8349) processor (revision C0) with 49142K/16384K bytes of memory.
Processor board ID FTX14449019
PowerPC 8349 CPU at 533Mhz, revision number 0x0031
Last reset from reload
LWAPP image version 7.0.250.0
1 Gigabit Ethernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 58:8D:09:5E:72:4A
Part Number : 73-10425-06
PCA Assembly Number : 800-27630-06
PCA Revision Number : B0
PCB Serial Number : FOC144102MJ
Top Assembly Part Number : 800-29536-03
Top Assembly Serial Number : FTX14449019
Top Revision Number : A0
Product/Model Number : AIR-LAP1252AG-A-K9
Configuration register is 0xF
Does the A in AIR-LAP1252AG-A-K9, signify the regulatory domain?
I am located in Australia.

WLC 4402 and 802.1x How to...

We have an WLC 4402 with the latest code on it. We also have LAP1131AG as our AP's. We have an MS IAS as our RADIUS server. Is there a document on how to implement 802.1x for the internal Laptop users to use wireless networking in the office?
Thanks.

Hi Kendo,
See f this link helps you
http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41sol.htm#wp1086421
http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41sol.htm#wp1086421
HTH
Ankur
*Pls rate all helpfull post

4402 and H-Reap

Similar Messages

Maybe you are looking for