Solved: Re: One Wireless Profile for Multiple Sites

carldu · ‎12-31-2011

Hello,

I was wondering if someone can help me get my head around what I am trying to do and whether or not it is even possible. The goal is to give our users the ability to go to any of our locations (which are connected via circuits) with a Cisco 7925 phone and have it function. So in essence we want to have a single Network Profile so the user doesn't need to do anything to the phone for it to function if the move between locations. We are using a 5508 Controller w/ 3502 APs.

So at our main location I have an SSID created, which is bound to an interface I created on the controller in our Voice VLAN. This works great, the phones pickup an IP in the block and everything functions as it should. My confusion is how do I create the same SSID / security parameters for each of our other locations, so if they leave our main site with the phone and goto the other location it sees the SSID, associates and then picks up an IP address in the Voice VLAN at the other location? What confuses me is the AP / controller seem to handle all the DHCP requests, so even if I have a ip helper-address on say the routers interface it isn't actually being forwarded from the router, it is coming from whatever interface is bound to the WLAN on the controller. I'm sure I didn't explain this well, I'm not looking for a step by step guide maybe just some pointers as to examples or what I need to study up on to accomplish this. Thank you very much for all your time.

Scott Fella · ‎12-31-2011

What you need to do is configure the remote AP's in h-reap mode. You first need to enable h-reap local switching on the WLAN SSID that you want available at your remote locations. When an ap is in h-reap mode, this gives you the ability to map an SSID to a local vlan at the remote site. So now you don't have to create new WLAN SSIDs, but you reuse the existing wlan's you have now.

Here is a link that explains h-reap

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

carldu · ‎12-31-2011

So one thing I did, and I don't completely understand it yet was modify the WLAN -> Advanced, and checked H-REAP Local Switching. In addition I modified the AP that is in the remote group and changed the AP Mode from Local to H-REAP. I've read a little bit about REAP / H-REAP I guess I need to study it more to understand exactly what is happening there.

Regardless this allowed the phone to pickup an IP address inside of the Normal VLAN at the remote location. I guess my follow up question would be, is there a way to force the WLAN and as a result phone to pull an IP from the Voice VLAN at the remote location?

Scott Fella · ‎12-31-2011

Depending on your encryption you are using for your ip phones. If your doing 802.1x, it might be a good idea to configure h-reap groups. If you are not using 892.1x, then you don't have to worry about it.

There are a lot of older post regarding 792x and h-reap also.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-31-2011

What you need to do is configure the remote AP's in h-reap mode. You first need to enable h-reap local switching on the WLAN SSID that you want available at your remote locations. When an ap is in h-reap mode, this gives you the ability to map an SSID to a local vlan at the remote site. So now you don't have to create new WLAN SSIDs, but you reuse the existing wlan's you have now.

Here is a link that explains h-reap

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

carldu · ‎12-31-2011

Thank you very much for your reply Scott, your explanation actually helped me to understand this a little better. Now the only thing I am missing is how to map the SSID to a different VLAN other than the default at the remote location.

*EDIT* I should have read the article before posting, it appears I simply need to map the SSID to a given VLAN locally on the APs at the location.

Scott Fella · ‎12-31-2011

When you change the ap from local to h-reap mode, the ap will have a new added tab called h-reap. This will allow you to set the native vlan for the ap and set the said to vlan mapping. Take a spare ap if you have one and set it to h-reap. As long as you enable h-reap local switching, you will be able to specify the vlans you want to use for that SSID.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

carldu · ‎12-31-2011

Absolutely fantastic it worked! Thank you very much now that I see it working it makes so much sense. Have a happy New Years!

Scott Fella · ‎12-31-2011

Happy New Year to you too.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-31-2011

One other thing... It will be somewhat like an autonomous AP. So you will need your ip helpers and dhcp setup at the remote locations. If for example you have guest access and want that to go through HQ where the wlc resides, then do not enable h-reap local switching and the traffic will tunnel back to the wlc.

Take a look at the link also. There are limitations I using h-reap and I jut want you to be aware of them.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

migilles · ‎12-31-2011

If this other location is not deemed remote (with a slower WAN link), then you may want to look into utilizing AP groups vs H-REAP.

AP groups would allow you to specify which SSIDs and associated VLANs are enabled per AP group. Then just add the necessary APs (e.g. APs in BLDG-2) to that group (e.g. BLDG-2).

But also depends on where you want the client subnet terminated.

With AP groups or H-REAP central switching the client subnet would terminate at the central location where the WLC is located.

With H-REAP local switching, the client subnet would terminate locally where the AP resides.

Central switching just means all data will be sent back to the WLC, where local switching means that the data will be routed out locally.

To me, AP groups are easier to configure as the config is done at the AP group and then just a matter of putting the AP in that group.

With H-REAP, you have to configure the AP, H-REAP group including adding the AP to the group as well as SSID config if wanting local switching.

See the following for more info.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/emob41dg-wrapper.html

Sent from Cisco Technical Support iPhone App