cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5228
Views
0
Helpful
20
Replies
huangedmc
Participant

AP Group VLAN for H-REAP

We were able to successfully implement AP Group VLAN's on our corporate WLC, but was wondering if it's doable for H-REAP AP's?

When an AP's in H-REAP mode, it locally switches user traffic through a local L3 switch / router, and therefore bypasses the WLC.

Anyone know if Group VLAN is supported in conjunction w/ H-REAP?

20 REPLIES 20

Glad it worked... don't let TAC hear ya:)

-Scott
*** Please rate helpful posts ***

Isn't HREAP the most frustrating thing you've had to configure in a long long time? I had to figure this out on my own also. If you are doing HREAP, then you don't need dynamic interfaces. If you are sending all the same SSID's to the HREAP then you don't need AP groups. How is your implementation? the funny thing is, I've set this up and in trying to explain it to my co-worker I suddenly draw blanks, and end up saying stuff that I hope he doesn't get and then I see his eyes gloss over and I know --- I STILL can't explain it! wow, crazy!

Hello All,

Can I do HREAP Local switching for a common corporate SSID name (no dynamic interface for this SSID as controller will be at a colocation site with all sites having HREAP) so that traffic gets dropped into local LAN, but use AP Groups for each site for Guest traffic (coming to controller to exit out to internet at colo), map these AP groups to the same Guest SSID name? Guest VLAN ID will be same at all locations, but subnet will be different as circuits are L3 MPLS?

Thanks much in advance.

Scott Fella
Hall of Fame Guru

You can define an ap group for hreap, but they will use the vlan defined in the wlc interface you set the ssid to. So you might still have to map the ssid to local vlan if the vlan id is different. I usually will have to manually map ssid to local vlans especially if you have a few ssids.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks Scott for your prompt advice.

Can you further advise if this is correct approach:

1. WLC5508, aggregated LAG connected to a trunk port on the L3 switch at colo. VLAN ID of 10 (172.30.10.0/24) for management interface.

2. SSID named Corporate, 802.1x/AD, PEAP/MSCHAPv2, via NAP2008 as Radius, available at 6 sites, central authentication and local switching, via local VLAN ID of 20 at each site (subnets are 172.16.20.0/24, 172.17.20.0/24 etc..)

3. SSID named Guest, internal web auth, available at all 6 sites again, central autentication, central switching, so that all Guest traffic comes straight to controller and exits off the WLC trunk port into colo switch to be routed to Internet there.

4. Management VLAN ID of 10 (172.16.10.0/24, 172.17.10.0/24 etc..) at each site set up as native / untagged on the AP switchports setup as trunk ports with VLAN 20 tagged ( allowed vlan 10,20).

5. Locally map in each HREAP, VLAN ID 20 to Corporate SSID. and set native VLAN ID of 10.

6. Do I need to create a different Guest VLAN ID of say 30 ( 172.16.31.0/24, 172.17.30.0/24 etc) at WLC for each location, then create all these dynamic interfaces and create AP groups for each and then associate Guest SSID to these interfaces, so that each site has same Guest SSID name as well, but it will not be locally switched?

Thanks so much again.

Scott Fella
Hall of Fame Guru

What you have is fine. For guest, that will be centrally switched so you don't need to create a local vlan. You just need to have a dynamic interface in which the guest traffic will use when it gets tunneled back to the WLC. Keeping vlan ids consistent is good.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Content for Community-Ad