cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1015
Views
12
Helpful
8
Replies

register remote AP

Joe.Mathews
Level 1
Level 1

Hello Experts

WLC 5508 and AP in the same location is working great, what config steps are needed to register AP located in remote office with WLC in HQ

The Subnet range in remote office is different but WLC reachability is there.

appreicate feedback

cheers

Joe

8 Replies 8

You can configure AP in H-REAP/FlexConnect mode & terminate brach user traffic at branch switch (local switching) rather all traffic tunnel back to your HQ-WLC.

Below post help you to configure an AP in H-REAP/FlexConnect mode

http://mrncciew.com/2013/03/10/h-reap-modes-of-operation/

HTH

Rasika

**** Pls rate all useful responses ****

Hello Mate

If the AP is already in the Remote office, how do we register the AP with central WLC

the link shared by you is little confusing.

lets say  Central WLC has ssid 'data' if remote AP is registered to central AP then client can connect to SSID 'data'

which ip address will the client in remote office get ? and what happens if the WAN link is down ? How the authentication works and from where the user wil get IP address

cheers

Joe

Hi Joe,

You can get branch AP registered to your WLC in multiple ways (DNS, Broadcast forwarding, DHCP option 43 or static).

If you have AP console access, adding below command on AP console would be easiest way to get it register.

LAP#capwap ap controller ip address

If you have multiple AP, then setting a DNS entry for CISCO-CAPWAP-CONTROLLER.your_domain_name pointing to your WLC management IP would help all AP to find the WLC

Regarding H-REAP question see below

If you configure SSID to "local switching", then any AP configured as H-REAP/FlexConnect will terminate traffic at the switch at your branch (this won't impact any Local mode APs). Client will get the IP you assigned at brach switch for user VLAN (in my example branch users will get IP from vlan 23 which is defined on branch switch where as HQ users will get IP from vlan 12 which is defined on HQ). Still Authentication traffic will comeback to WLC as long as WAN lik is up.

If WAN goes down, then already connected client will remain up, but no new authentications. So users can access any resources within the branch.

HTH

Rasika

**** Pls rate all useful responses ****

Hello Mate

  1. what is the simpliest option to register the remote AP to central controller, one ap in each remote office, static ip address will be configured on AP
  2. Users should get Ip address from local dhcp server in remote office
  3. users to authenticate on ssid if wan links are down

users should get ip address from vlan id 12 in remote office, what config is needed on switchport connected to AP.

static IP address needs to be configured for AP management

1. Next time, when configuring static IP for the AP, configure the High Availability feature (Wireless -> AP -> High Availability tab in GUI) for that AP as well. In this way AP will know where to go to register as long as AP has reachability to WLC (no any other methods required).If you are staging your AP before send it to branch this is a good practice.

If you already send APs to branch & they are yet to register with WLC then you can configure the below command on AP CLI to get this done.

     LAP#capwap ap primary-base

2. Yes, user will get DHCP address from branch DHCP server as long as you configure "ip helper-address x.x.x.x" in VLAN12 SVI of your branch switch. If you configure the DHCP on switch itself then it is not required.

3. What secuirity method used in your SSID, if 802.1x configured, then you need to have secondary authentication server at your branch, to authenticate users if WAN link is down. If you configured local switching/central authentication, then no new client will be authenticated, but still previously authenticated client will work even WAN link fails.

switchport to be configured as trunk port & if you read the given blog post, all required configureation was listed.

HTH

Rasika

*** Pls rate all useful responses ****

Well I lived this some time ago. Let try to help.

1.- The link betwwen your AP and your Switch could be configured as trunk.

interface GigabitEthernet1/0/1

description Access Point FlexConnect Port

switchport trunk encapsulation dot1q

switchport trunk native vlan 30

switchport trunk allowed vlan 30,40

switchport mode trunk

spanning-tree portfast

In this example vlan 30 is my manegement vlan and vlan 40 is for my wireless users.

2.- Yo can create a DHCP pool for you WLAN on your remote switch and select "Local Switching" or if doesn't matter to you  the traffic can rach to WLC.

I know you have a lot of questions, please try to use this link.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

Try with Rasika post surely it will works too.

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

Hello Daniel

Point#2 on your reply is not clear

  • where you point the entry of dhcp server on the AP to use local dhcp server
  • how to authenticate users when wlan link is down on remote AP
  • guest ssid at remote office should get same ip address as HQ, what is the config needed on that?
  • can we control which ssid can be broadcasted on remote AP

Hello Rasika  - Thanks for your reply

Hello Joe.

Here we go.

  • where you point the entry of dhcp server on the AP to use local dhcp server

Your wlan users need to get an ip address I advice have a specific segment for your WLAN user, don't need it, but for me it's a good practice. so you can setup this dhcp on you HQ offices if don't bother you that the traffic back to the WLC. Why can bother you? well if you're thinking use voice over ip or video-conference that could be affect your network performace.

As well you can set up a DHCP server on your branch Office, for example on your Switch.

  • how to authenticate users when wlan link is down on remote AP

Well you need to evalute what's more important security or HA. Let me try to explain.

If you want to use 802.1x as authentication method probably you have an RADIUS server in you HQ Offices if you want to have HA you need another RADIUS Sever on your branch Office with same DB. That could be complicated.

If you  use WPA2 as authentication method the remote AP keep this key and you will be able to keep your connection.

  • guest ssid at remote office should get same ip address as HQ, what is the config needed on that?

It depends of you and what do you need. could be the same but maybe for troubleshooting task that would be a best practice have different segments.

  • can we control which ssid can be broadcasted on remote AP

I'm not sure about his because I never disable the broadcastins but surely if podibble.

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**
Review Cisco Networking for a $25 gift card