03-04-2008 11:25 PM - edited 07-03-2021 03:29 PM
Hi.
I've a 4402 controller configured. Ready for use.
I've three 1242AG LWAPP which are able to associate to the WLAN controller.
My issue is, I cannot get an IP via DHCP for clients requiring 802.1x authentication.
For an open SSID with no authentication it seems to work fine.
My questions are.
Should the controller maintain interfaces for the corresponding VLAN/WLANs at the site? I don't have this.
Ifso should they be addressed?
My AP-manager and managment interface are in VLAN that is not even used on the remote site (where the AP's are).
Should the controller ap-manager and management interface exist in the same VLAN (native) as the AP's?
Does anyone have a insight? Ideally I want one SSID which requires user authentication via radius/PEAP on a server remote. DHCP should be ideally served up for this WLAN via a local DHCP server (Windows box) onsite with the AP's (different VLAN).
Cisco's documentation appears to be a little vague in this regard. It appears I only need to ensure the H-REAP page has the VLAN mappings correct for the WLAN's and the native VLAN ticked. No reference is made to creating (or not creating) an interface on the controller.
I suspect given I can get a WLAN working with no authentication its not overly my configuration. I.e. lack of matching interfaces on the controller for the VLANS used onsite (mapped to the WLAN).
This is driving me nuts.....so any help would be greatly appreciated!
Tim
03-05-2008 05:55 AM
Tim,
A few of the things you mention, such as local (to the AP) PEAP authentication (and possibly DHCP for clients) require a 4.2 code train. As for the management and ap-manager addresses, they don't have to be in the same VLAN themselves, nor do they have to be in the same VLAN as the APs, but it is recommended that the ap-manager and management address be in the same VLAN. Cisco is now supporting L3 as the method of choice for LWAPP, so as long as your routing is working, those H-REAP APs should be able to find your controller, which you mention they can. Finally, AFAIK, you DO have to have an L3 presence on the controller for each of your remote VLANs. You can download a guide specific to H-REAP deployments here:
http://www.cisco.com/en/US/products/ps6366/prod_configuration_examples_list.html
Also, make sure the SSID you are configuring is set up for H-REAP (i.e. local switching) instead of central switching. This will affect your DHCP for your remote users. There is a check box to enable this in the WLAN settings. Then make sure that in each AP that is remote and configured for H-REAP that you map that SSID to the appropriate VLAN(s). I hope that helps.
Regards,
Scott
03-05-2008 03:46 PM
Hi scott.
Thanks for the help.
I'm running a 4.2.99 code.
My one driving concern was should I try to ensure the VLANS used at the controller site are the same as the VLANS as the remote site.
The one WLAN that does work, does not have an L3 presence on the controller.
I'll endeavor to try that however. This potentially means my SSID's need to be different if I can not use same interface due to the addressing constraints.
Appreciate your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide