Enabling Webauth on 2100 Controller not working!?!?

Unanswered Question
Sep 4th, 2007

I am attempting to configure webauth on a 2100 wlc.

As soon as I enable it and restart the wlc, the SSID is no longer being broadcast and I am unable to connect.

The errors are

Sep 04 11:27:19.124 apf_api.c:12159 APF-1-NOT_ADV_SSID_ON_AP: Not advertising SSID my_wlan on AP 00:0b:85:65:4d:40 due to radio policy.

Sep 04 11:21:10.815 spam_lrad.c:9524 LWAPP-1-MSGTAG048: Not advertising SSID my_wlan on REAP AP00:0b:85:65:4d:40 due to security policy

Please help. thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
ankbhasi Wed, 09/05/2007 - 01:15

Hi Adam,

Can you update which release you are having on your controller and which model of APs and are your APs in REAP/HREAP mode?



acomiskey Wed, 09/05/2007 - 05:30

Hi Ankur,

I have 1000 series AP's in REAP mode. Still looking for the release on the wlc.

ankbhasi Wed, 09/05/2007 - 22:45

Hi Adam,

What you are seeing is a correct behavior. As you mentioned you have 1000 series AP and it is in REAP mode which means it only supports local switching.

With local switching if WLAN is configured with WEB AUTH or 802.1x WLANs, existing clients are not disassociated, but the REAP APs stops sending beacons when the number of associated clients reaches zero (0). It also sends disassociation messages to new clients associating to 802.1x or web-authentication WLANs.



*Pls rate all helpfull post

acomiskey Thu, 09/06/2007 - 07:02


Thanks for the help. Unfortunately I'm not quite sure what that all means.

Are you saying I can't do webauth in reap mode?

What is the solution?

ankbhasi Thu, 09/06/2007 - 20:33

Hi Adam,

The problem is for WEB AUTH you have to redirect your request to the controller for authentication but when you have REAP AP it always do local switching so your request will not go to cntroller and will be switches by REAP AP itself.

So solution is HREAP instead of REAP. HREAP is only supported by 1130 and above LWAPP APs. HREAP also support central authentication and local switching which means it can authenticate with controller and then start switching data locally without sending it to controller. But again qhen your controller is unreachable existing client will keep associated but new clients will not join and when all clients will leave AP will stop sending beacons.

I will recommend you to read this HREAP doc which will explain you more




*Pls rate all helpfull post


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode