Resolution

The Cisco 1030 AP tunnels all WLC traffic (control and management traffic) to the WLC via Lightweight AP Protocol (LWAPP). All data traffic stays local to the AP. The 1030 Remote Edge Access Point (REAP) can only reside on a single subnet because it cannot perform IEEE 802.1Q VLAN tagging. As such, traffic on each service set identifier (SSID) terminates on the same subnet on the wired network. So, while wireless traffic may be segmented over the air between SSIDs, user traffic is not separated on the wired side. Access to local network resources is maintained throughout WAN outages.

At times of WAN link outage, all WLANs except the first are decommissioned. Therefore, one need to use WLAN 1 as the primary WLAN and plan security policies accordingly. It is recommended that you use a local authentication/encryption method, such as the Wi-Fi Protected Access (WPA) Pre-Shared Key (WPA-PSK), on this first WLAN.

Note: Wired Equivalent Privacy (WEP) suffices, but this method is not recommended because of known security vulnerabilities.

If you use WPA-PSK (or WEP), properly configured users are still able to gain access to local network resources even when the WAN link is down.

For more frequently asked questions (FAQs) about the WLC, refer to WLC FAQs.

Problem Type

Product information

Products

Wireless LAN Controllers

LAP 1000