REAP and H-REAP

I have a question regarding design and protocol. I have a network consisting of four buildings all connected through a combination of fiber and MPLS. These building need wireless. I would like to implement a solution using one 4402 WLC with LAPs in the buildings. My question regards the REAP and H-REAP protocols. Each building will have servers that the wireless users will need to access. I do not want all the traffic coming over the WAN only to return the way it came. It seems like implementing the LAPs with H-REAP is the solution to my problem. I want to ask the community if this seems correct and also ask anyone to add any other information that may be helpful as I may be missing something.
My concern is unnecessary traffic on the WAN. I want the ease of managing one controller without wasting bandwidth on my WAN. Is there a way to have traffic that is destined for a server that may be local to the LAP not use the WAN? What if the wireless users are on a seperate VLAN/subnet than the servers in the same building?
Please ask any questions if possible. I hope I was clear enough.
Thank you.

Yes... H-REAP is your answer. With H-REAP as you know, you can traffic egress out of the AP's interface directly into the local LAN just as an autonomous AP would. Only centrally switched SSID's will need to be tunneled back to the WLC, but it is up to you on what you want locally and what you want tunneled back. Traffic will stay local since the wireless device will have a gatway local and routing will not send traffic out the WAN if it is destined for another local subnet.

Similar Messages

  • Is it possible to config H-REAP/REAP and CAPWAP in Autonomous mode with a WLC?

    I'm going to deploying all new AP as Remote-Edge AP and they will be shipped straight to site.  With a pool of WLCs deployed in central DC locations.  I would like to get local staff to deploy a basic CLI discovery script for the APs.  However, i thought LAPs don't have CLI???
    I'm thinking I must use a Lightweight AP with the WLC to use Remote-Edge AP functionality - However, I'm not sure... the configuration example at the bottom doesn't state whether it an Autonomous AP or a Lightweight one.  
    http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
    H-REAP Controller Discovery using CLI commands
    H REAPs will most commonly discover upstream controllers via DHCP option 43 or DNS resolution. Without either of these methods available, it may be desirable to provide detailed instructions to administrators at remote sites so that each H REAP may be configured with the IP address of the controllers to which they should connect. Optionally, H REAP IP addressing may be set manually as well (if DHCP is either not available or not desired).
    This example details how an H REAP's IP address, hostname, and controller IP address may be set through the console port of the access point.
    AP_CLI#capwap ap hostname ap1130ap1130#capwap ap ip address 10.10.10.51 255.255.255.0ap1130#capwap ap ip default-gateway 10.10.10.1ap1130#capwap ap controller ip address 172.17.2.172
    Could anyone help?
    Cheers
    Adrian.

    Hi Adrian,
    Further down in the doc you linked;
    H-REAP Controller Discovery using CLI commands
    H REAPs will most commonly discover upstream controllers via DHCP       option 43 or DNS resolution. Without either of these methods available, it may       be desirable to provide detailed instructions to administrators at remote sites       so that each H REAP may be configured with the IP address of the controllers to       which they should connect. Optionally, H REAP IP addressing may be set manually       as well (if DHCP is either not available or not desired).
    This example details how an H REAP's IP address, hostname, and       controller IP address may be set through the console port of the access       point.
    AP_CLI#capwap ap hostname ap1130
    ap1130#capwap ap ip address 10.10.10.51 255.255.255.0
    ap1130#capwap ap ip default-gateway 10.10.10.1
    ap1130#capwap ap controller ip address 172.17.2.172
    Note: Access points must run the LWAPP-enabled IOS® Recovery Image Cisco           IOS Software Release 12.3(11)JX1 or later, in order to support these CLI           commands out of the box. Access points with the SKU prefix of LAP (for example,           AIR-LAP-1131AG-A-K9), shipped on or after June 13, 2006 run Cisco IOS Software           Release 12.3(11)JX1 or later. These commands are available to any access point           that ships from the manufacturer running this code level, has the code upgraded           manually to this level, or is upgraded automatically by connecting to a           controller running version 6.0 or later.
    These configuration commands are only accepted when the access point is       in Standalone mode.
    Cheers!
    Rob

  • Does ISE 1.1 support TACACS and H-REAP?

    Hello,
    Does ISE1.1 support TACACS/TACACS+ and H-REAP mode ?
    Also, customer wants to have quick access to the corporate network with some few laptops without going through the Actice Directory? Any suggestion on this?
    Thanks
    Olu

    EAP-TLS does not rely on AD.
    CA root cert is installed on ACS for trust and identity.
    you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory
    Users and Identity Stores >
    Certificate Authentication Profile >
    Edit: "CN Username"
    see the checkbox at the bottom.
    I do EAP TLS machine auth only without integrating AD into the policy at all.
    hth,
    jk

  • H-REAP and Client Load-Balancing

    I'm told by Cisco that H-REAP does not support client load-balancing.
    We have a situation where we want to deploy LWAPPs using H-REAP into a conference room where training would take place.
    Any suggestions on how to overcome the inevitable slowness these people are going to experience from being unevenly associated with the APs?
    We can't re-write the application so we are looking for a wireless solution.
    Anyone hear about how other organizations have dealt with this type of situation?
    I'll be glad to supply more details if I am not being clear in my description of the problem.
    Thanks in advance. All responses will be rated.
    Paul

    This is the functionality which is missing in H-REAP: Client and Network Load Balancing
    "Radio Resource Management (RRM) load-balances new clients across grouped lightweight access points reporting to each controller. This function is particularly important when many clients converge in one spot (such as a conference room or auditorium) because RRM can automatically force some subscribers to associate with nearby access points, allowing higher throughput for all clients. The controller provides a centralized view of client loads on all access points. This information can be used to influence where new clients attach to the network or to direct existing clients to new access points to improve wireless LAN performance. The result is an even distribution of capacity across an entire wireless network.
    Note: Client load balancing works only for a single controller. It is not operate in a multi-controller environment."
    I suppose if we limit the number of users that can associate with a particular AP then we will achieve some client load-balancing. Though a hard limit on the number of end-users will also lead to situations where some end users will not be allowed any access.

  • Have os x 10.8.5.  have downloaded and installed melodyne essential but when i open garage band i cannot see this vst plugin with my other effects.  i also have Reaper installed and it shows up as a vst plugin there.  am i looking in the wrong place ? ?

    have never used this forum before (obviously) and thought the "ask a question"  space was all i had.  m;y app. 
    2 more questions :   is melodyne essential compatible with garrage band.
                                    would having Reaper installed interfere with the plugin being installed in GB ?
    any help app
    rogerdc

    answered my own question - i was looking in the wrong place

  • FlexConnect (aka H-REAP) and Auto-Anchor functionality

    Hi Board,
    I never did H-REAP on my wireless deployments. Now, I have an H-REAP (FlexConnect) requirement for branch offices.
    Also there is the requirement for guest access at the same time.
    From my understanding those features (FlexConnect and Auto-Anchor) should work together.
    Please refer to the following exibit:
    There is a FlexConnect AP at my branch office. The traffic from internal users (SSID "Internal") should be switches locally at the LAP (Lightweight Access Point). At the same time the guest SSID (SSID "Guest") should be tunneled back via CAPWAP to the controller to which the LAP is associated ("Central Controller"). The guest traffic should not emerge (switched) at the "Central Controller", instead it should be tunneled to an anchor controller in a DMZ via an "Ethernet Over IP tunnel" (Auto-Anchor functionality).
    First question: Does this work (FlexConnect in conjunction with Auto-Anchor functionality)?
    If this works, where's the web portal for guest authentication hosted (if using the internal web auth on WLC)? On the "central controller" or the Anchor controller? (I guess at the Anchor Controller in the DMZ, right?)
    Is it possible to leave the guest SSID "open" with no webauth and still using the Anchor Controller? This would be needed if I have an external web authentication service, which would be hosted by a provider.
    Thanks in advance for all your replies!
    Johannes

    The Flex 7500 deployment guide ("
    http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml
    ") states:
    "The Cisco FlexConnect Solution also supports  Central Client Data Traffic, but it should be limited to Guest data  traffic only."
    later in the document there is a section about Guest access that states "Flex 7500 will allow and continue to support creation of EoIP tunnel to your guest anchor controller in DMZ."
    Hope that helps.

  • Guest Access and H-REAP

    I have 30 1242 LWAPPs on my network. Six of these are operating in H-REAP mode as they are outside of our main campus area in other states. We use two WLANs on our wireless network.
    One of the WLANs is for all company users and the other is a guest network run off our anchor controller in the DMZ. The 24 APs that are in local mode have very few issues, but more often than not, when someone tries to connect to my guest network on an AP that is running in H-REAP mode I have to reboot the AP in order to get them authenticated.
    This happens about 75% of the time. There are some cases when it just works and I have no issues, but those are few and far between.
    Does anyone have any idea why this may be occuring?

    Are you seeing any errors when the clients try to connect to the guest network? Does it happen with all the LAPs? We will need more information to troubleshoot this issue.

  • SunMC - Process is forking and reaping child processes. What's that?

    Hey folks,
    Im really new to the sysadmin world, and I think maybe my company really didn't think things well when they've decided to put me doing this, hehehe.
    I work with a general queue for which my team receives tickets with different kind of problems, among them, Automation Alerts (I think you all know what Im talking about).
    Recently (maybe 2-4 days) we've started to receive an Automation Ticket with the following message:
    Solaris Process Monitoring Process Monitoring Base03 CPU
    time for reaped children 107.1 30.0 Process is forking and
    reaping child processes.
    I've found almost nothing about this, and even when I think what's this ticket about (I've closed 2 or 3 of them stating no issues were found), I really want to understand and know where to look and if something can be done about this, because processes on the server and general state of it seems in good condition and nothing looks bad, apparently. The server is a Solaris 10 with zones.
    Can you shed some light on this? I'd appreciate all the help you can give me.
    Thank you and regards all.

    The same thought occurred to me, except I started seeing "failure" logs in JAMF the morning after we run maintenance policies. All of these failures were due to the Mac not restarting, which isn't really a failure - more of an inconvenience - since the second part of the policy (removing eTrust antivirus and restarting is part 1, installing SEP 12.1 and restarting is part 2) runs immediately on restart no matter what time of the day it is.
    In some cases the macs did not restart because the user had unsaved work or something else that would cancel logout. In this case, Casper prompts the user to restart and waits until the OK button is clicked, then counts down 1 minute and restarts. In the other case, nothing would have prevented logout yet the computer still did not logout and then restart, leading me to believe that the reason the Mac did not log out was a locked desktop, and since I am telling System Events to simulate a gui log out, this would be blocked by a locked desktop.
    The problem basically stems from the following two issues: 1. I am not to force a logout or restart when a console user is logged in and 2. Casper will not automatically log a console user out on it's own OR restart the computer if a console user is logged in - and then I have to rely on the end user to follow on screen instructions since the Casper restart prompt can be moved to the side and effectively ignored.
    When no restarts are required for the various policies we run, this is not an issue. And anyway, I originally just wanted to know what process is running when a desktop is asleep and locked, but no screen saver is active...

  • LAP 802.1x supplicant and H-REAP

    Hallo,
    is it possible to combine the 802.1x supplicant feature of a LAP with a H-REAP scenario with trunked/tagged uplinks to the switching infrastructure?
    Will the switchport opened via successfull 802.1xauthentication for the native vlan only (management traffic) or does it also be valid for the tagged vlans on trunk?.
    br
    am

    Did you ever figure out a resolution to this? I'm facing the same problem. 802.1x authentication does not work for the system profile and I have to login and manually click the connect button for 802.1x.

  • H-REAP and Workgroup Bridge

    Has anyone setup a Workgroup Bridge on a remote H-REAP site and got it working? I have the AP associated to the controller but the AP cannot ping the controller and the controller cannot see the wired clients on the AP.

    Hello, yes we current have many WGB's connected to FlexConnect LAP's.  Support for connecting to FlexConnect LAP's (formerly H-REAP) has been added in WLC Code 7.3.  Please refer to release notes:  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn73.html
    Thank you.

  • H-Reap Ap and guess access

    Can I configure guest access on a H-Reap Ap so that guest traffic is switch locally and not send to the controller? Are there any documents that explain how this can be configured?

    yes, you can have a webauth ssid that is locally switched. however, initial authentication via http has to still go the wlc.
    there is no document that explain webauth + hreap + local switching
    create the webauth ssid / try it on a local mode ap if you have one
    enable local switching on the ssid under the advanced tab
    do the local switching configuration on the ap side from the wlc gui
    add any needed vlan to the trunk of the ap interface
    it should be done
    thanks
    Serge

  • 4402 and H-Reap

    Suppose I have a 4402 installed on a campus and have an internal WLAN and a guest WLAN.  Now I want to install some access points at a branch office.  Now I have been told that H-Reap is the way to go.  But I want to keep the same SSID and Security across both sites.  Do I enable H-Reap on my original WLAN configuration but only apply H-Reap to the the access points at the branch office.
    I'm also trying to slip this in on a running network but an nervous that all the APs wil reboot.  I guess I'm just unclear since I can't find an configuration example where both a local and remote locations are involved.
    Any insights?

    Richard,
    I checked my config and don't have DHCP server override configured on the Advanced tab of the WLAN. I do have H-REAP Local Switching and Learn Client IP Address checked on the same tab.
    On the AP configuration under the H-REAP tab, I selected VLAN support and used the VLAN that the remote AP's IP address is configured for as the Native VLAN. I then mapped the SSID to the remote VLAN under VLAN Mappings as.
    Native VLAN 10
    SSID: WLAN1  VLAN: 73
    SSID: WLAN2  VLAN: 74
    The ASA would need to be set up to trunk vlans 10, 73, and 74 on an 802.1q trunk with vlan 10 as the native vlan.
    I believe you already have these settings, but wanted to let you know what worked for me.
    NOTE: I did have an issue recently with a centrally switched WLAN. I was getting IP addresses from the subnet that the AP interface was configured on. I'm not sure if the DHCP traffic was being switched locally at the AP or if it was getting it through the WLC. Under WLAN, I had the correct interface chosen. Reboots didn't fix the issue. I had to select a different interface click apply and then click the correct interface again and click apply to get it working correctly again. This is not the same issue you are seeing, but does show that the WLC can be particular at times.
    Let me know if there are any other parts of the config you would like me to compare to my setup. If you attach screen shots of the WLAN and the AP pages, it might help as well.
    Thanks,
    Mark

  • H-Reap, Guest-Access and CAPWAP

    If I use acces-points in H-Reap mode, is guest-traffic still encapsulated in CAPWAP?
    I think so, but I'm not really shure.
    Sven

    Hi Sven,
    If you are using HREAP's then you can choose WLANs to be either locally switched or centrally switched with the WLC.
    If a WLAN is centrally switched, then all traffic should be sent to the WLC and hence being encapsulated in CAPWAP the whole way between AP and WLC.
    If a WLAN is locally switched however, then the traffic of the clients will be managed in the locally and traffic of the clients will be sent directly to the network without going through any tunnel to the WLC.
    Local or central switching can be configured per WLAN basis from advanced tab of the WLAN configuraiton under "HREAP" field.
    By default the central switching is active. You can choose to use local switching per WLAN from the advanced tab of the WLAN as I said above.
    You may find more information about the matter here:
    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml
    Hope this is helpful.
    Amjad

  • WLC4402 and 104x H-REAP mode

               Hi,
    Is there is is any posibility to run WLC4402 and 104x family in H-REAP mode.
    Some documantaion says yes , some no. What is the true?
    Marcin

    7.0 or later release on controller is enough.
    check this:
    http://www.cisco.com/en/US/partner/prod/collateral/wireless/ps5678/ps11203/data_sheet_c78-609338.html

  • P7N Diamond AND OCZ Reaper 8500 @ 1066

    Any1 who has P7N diamond and is using OCZ reaper 8500 @ 1066 Plz tell me the settings so that finally i can get my system stable . By default it runs at 1.8v @ 800 MHz with 7-7-7-24 timing . How will I get it to 1066MHz with 5-5-5-18 timing . Plz Help me here . Currently I am using C2D E6600 @ 2.4 GHz runnig at stock speed .

    Quote from: ksgehlot on 28-April-09, 15:59:01
    Any1 who has P7N diamond and is using OCZ reaper 8500 @ 1066 Plz tell me the settings so that finally i can get my system stable . By default it runs at 1.8v @ 800 MHz with 7-7-7-24 timing . How will I get it to 1066MHz with 5-5-5-18 timing . Plz Help me here . Currently I am using C2D E6600 @ 2.4 GHz runnig at stock speed .
    Funny, people should read first.
    Running them on 1066MHz instead of 800MHz will get you little to none extra speed.
    The only thing you'll get is the possibilty of an unstable system and maybe a 2 second win.
    Furthermore, it will only be noticeable in benching, in real life you will not know the differ between 800MHz and 1066MHz.
    Just my thoughts on the "1066MHz memory issue", which alot of peeps have lately.

Maybe you are looking for

  • Call Standard Text by report replacing the variables with their values

    Hi, I have a requirement to call a standard text from a report. Following is the text present in standard text. &PTXT1-ENAME& will attend for interview on &MEMOACT-PLDAT& at &MEMOACT-PLTIM&. I am doing it by using READ_TEXT. But READ_TEXT reads the e

  • Shortcut keys not working properly in shape tools

    Version: Illustrator CS5.1 System: Mac OS X 10.8.5 Whenever I use a Shape tool for which the up and down arrow keys change its attributes, the up and down arrow keys skip several states. So for example, a star can go from 5 points to 12 points if I t

  • Custom MIME with Verity

    I am attempting to index a directory of BusinessOjbects reports, ext .rep. I set up a custom mime type in IIS 6. The extension is rep. I've used several mime types to index the reports. text/plain, application/x-rpt, application/octet-stream. It look

  • Exclude stills in import window Final Cut Pro X

    I export from a memory card removed from my camera which I use for both still RAW images and videos. Ther are always way more stills than videos and I would like a way to have the import window show only the videos. I use Aperture to import the still

  • Help! Problems when updating content on Connect Pro site

    Hiya, I've been updating web links in existing training packages on our connect pro site but when I got to re-publish and update the existing content, I have issues. Each time I re-publish, different things happen. I either get slide audio but no vis