I have a controller running 126.96.36.199 with AP's (3502i) in HREAP mode using local switch and local auth. HP's are also in HREAP groups.
I am have some issues gathering statistics. When HREAP is not used (AP's in local mode) a large amount of information about clients can be gathered on the controller or NCS, IP address, 802.1x username, RSSI, SNR etc. This is extremely useful for troubleshooting. I've noticed when in HREAP mode, at best I can get see a client IP and mac address from the controller, although the IP address is often displayed as 0.0.0.0 when the client has a valid IP address on the device and by checking associations on the AP. Clients are operating fine on the network but all client statistics on the controller are listed as either 0 (bytes sent, recieved etc) or unavailable (SNR, RSSI), while its not displayed on the controller the info can be gathered from the AP's by checking the hreap associations. Why is this info missing from the controller and NCS?
I don't see that issue unless I'm anchoring the WLAN or the users is not Authenticated. I can see the statistics of my clients connected to any of the H-REAP AP's fromt he WLC and WCS. These AP's are not in any H-REAP groups it is configured for central authentication. Try to see if you can test on an AP that isn't part of any h-reap group, have a device associtae and fully authenticate and see if you see any data.
I cant really take the AP's out of the HREAP group at the moment as I need to use local authentication (AP is the authenticator against RADIUS-802.1x). I perfomed a full authentication, got connectivity but this is all I see for client information (2nd image), as you can see the statistics are blank and remain blank. As mentioned if I sun "show capwap reap association" from the AP, the statistics (SNR, RSSI etc) are there.
You are correct about obtaining the info from the AP CLI. I'm guessing that is how it is when using h-reap group. The only way is for you to test with an AP not in any h-reap group.
Sent from my iPhone
I found if I kept the AP in the HREAP group but unselected "H-REAP Local Auth" from the WLAN (see image), it would bring the client statistics through to the controller. In this configuration the controller is the authenticator, which is not desirable in my scenario as I want the AP's to be the authenticators as the RADIUS server's are in the branch office's. Is this a limitation or a bug? Is there anyway of seeing client statistics on the controller when using H-REAP Local Auth?
That makes sence since the AP is doing the auth and no information is going back to the WLC. Its just like anchoring an SSID, you willnot see the client staticstics on the foreing WLC since that WLC isnot handling the real connection.
Some information does go back to the WLC (mac, IP address and some other info), just not the statistics. I dont really understand why as surely those client statistics are seperate to the authentication. This limitation isnt mentioned anywhere, is it something Cisco are likely to improve, can it be requested?
As far as I know, if your FlexConnect APs WLAN is locally switched, traffic does not come back to the WLC so statistics does not come back to the WLC. Centrally switched or local APs can see statistics.
Sent from Cisco Technical Support iPhone App
For our deployment, this problem is being resolved by upgrade our WLC upto 188.8.131.52.
Now we can see RSSI, SNR, bytes/packets counters and in most of cases - ip address.
802.1x username we still not seeing. But anyway, it's better than nothing.