12-31-2011 11:21 AM - edited 07-03-2021 09:18 PM
Hello,
I was wondering if someone can help me get my head around what I am trying to do and whether or not it is even possible. The goal is to give our users the ability to go to any of our locations (which are connected via circuits) with a Cisco 7925 phone and have it function. So in essence we want to have a single Network Profile so the user doesn't need to do anything to the phone for it to function if the move between locations. We are using a 5508 Controller w/ 3502 APs.
So at our main location I have an SSID created, which is bound to an interface I created on the controller in our Voice VLAN. This works great, the phones pickup an IP in the block and everything functions as it should. My confusion is how do I create the same SSID / security parameters for each of our other locations, so if they leave our main site with the phone and goto the other location it sees the SSID, associates and then picks up an IP address in the Voice VLAN at the other location? What confuses me is the AP / controller seem to handle all the DHCP requests, so even if I have a ip helper-address on say the routers interface it isn't actually being forwarded from the router, it is coming from whatever interface is bound to the WLAN on the controller. I'm sure I didn't explain this well, I'm not looking for a step by step guide maybe just some pointers as to examples or what I need to study up on to accomplish this. Thank you very much for all your time.
Solved! Go to Solution.
12-31-2011 12:27 PM
What you need to do is configure the remote AP's in h-reap mode. You first need to enable h-reap local switching on the WLAN SSID that you want available at your remote locations. When an ap is in h-reap mode, this gives you the ability to map an SSID to a local vlan at the remote site. So now you don't have to create new WLAN SSIDs, but you reuse the existing wlan's you have now.
Here is a link that explains h-reap
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
Thanks,
Scott Fella
Sent from my iPhone
12-31-2011 12:24 PM
So one thing I did, and I don't completely understand it yet was modify the WLAN -> Advanced, and checked H-REAP Local Switching. In addition I modified the AP that is in the remote group and changed the AP Mode from Local to H-REAP. I've read a little bit about REAP / H-REAP I guess I need to study it more to understand exactly what is happening there.
Regardless this allowed the phone to pickup an IP address inside of the Normal VLAN at the remote location. I guess my follow up question would be, is there a way to force the WLAN and as a result phone to pull an IP from the Voice VLAN at the remote location?
12-31-2011 12:30 PM
Depending on your encryption you are using for your ip phones. If your doing 802.1x, it might be a good idea to configure h-reap groups. If you are not using 892.1x, then you don't have to worry about it.
There are a lot of older post regarding 792x and h-reap also.
Thanks,
Scott Fella
Sent from my iPhone
12-31-2011 12:27 PM
What you need to do is configure the remote AP's in h-reap mode. You first need to enable h-reap local switching on the WLAN SSID that you want available at your remote locations. When an ap is in h-reap mode, this gives you the ability to map an SSID to a local vlan at the remote site. So now you don't have to create new WLAN SSIDs, but you reuse the existing wlan's you have now.
Here is a link that explains h-reap
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
Thanks,
Scott Fella
Sent from my iPhone
12-31-2011 12:28 PM
Thank you very much for your reply Scott, your explanation actually helped me to understand this a little better. Now the only thing I am missing is how to map the SSID to a different VLAN other than the default at the remote location.
*EDIT* I should have read the article before posting, it appears I simply need to map the SSID to a given VLAN locally on the APs at the location.
12-31-2011 12:33 PM
When you change the ap from local to h-reap mode, the ap will have a new added tab called h-reap. This will allow you to set the native vlan for the ap and set the said to vlan mapping. Take a spare ap if you have one and set it to h-reap. As long as you enable h-reap local switching, you will be able to specify the vlans you want to use for that SSID.
Thanks,
Scott Fella
Sent from my iPhone
12-31-2011 12:35 PM
Absolutely fantastic it worked! Thank you very much now that I see it working it makes so much sense. Have a happy New Years!
12-31-2011 12:42 PM
Happy New Year to you too.
Thanks,
Scott Fella
Sent from my iPhone
12-31-2011 12:51 PM
One other thing... It will be somewhat like an autonomous AP. So you will need your ip helpers and dhcp setup at the remote locations. If for example you have guest access and want that to go through HQ where the wlc resides, then do not enable h-reap local switching and the traffic will tunnel back to the wlc.
Take a look at the link also. There are limitations I using h-reap and I jut want you to be aware of them.
Sent from Cisco Technical Support iPhone App
12-31-2011 01:22 PM
If this other location is not deemed remote (with a slower WAN link), then you may want to look into utilizing AP groups vs H-REAP.
AP groups would allow you to specify which SSIDs and associated VLANs are enabled per AP group. Then just add the necessary APs (e.g. APs in BLDG-2) to that group (e.g. BLDG-2).
But also depends on where you want the client subnet terminated.
With AP groups or H-REAP central switching the client subnet would terminate at the central location where the WLC is located.
With H-REAP local switching, the client subnet would terminate locally where the AP resides.
Central switching just means all data will be sent back to the WLC, where local switching means that the data will be routed out locally.
To me, AP groups are easier to configure as the config is done at the AP group and then just a matter of putting the AP in that group.
With H-REAP, you have to configure the AP, H-REAP group including adding the AP to the group as well as SSID config if wanting local switching.
See the following for more info.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/emob41dg-wrapper.html
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: