09-04-2007 11:14 AM - edited 07-03-2021 02:34 PM
I am attempting to configure webauth on a 2100 wlc.
As soon as I enable it and restart the wlc, the SSID is no longer being broadcast and I am unable to connect.
The errors are
Sep 04 11:27:19.124 apf_api.c:12159 APF-1-NOT_ADV_SSID_ON_AP: Not advertising SSID my_wlan on AP 00:0b:85:65:4d:40 due to radio policy.
Sep 04 11:21:10.815 spam_lrad.c:9524 LWAPP-1-MSGTAG048: Not advertising SSID my_wlan on REAP AP00:0b:85:65:4d:40 due to security policy
Please help. thanks.
09-05-2007 01:15 AM
Hi Adam,
Can you update which release you are having on your controller and which model of APs and are your APs in REAP/HREAP mode?
Regards,
Ankur
09-05-2007 05:30 AM
Hi Ankur,
I have 1000 series AP's in REAP mode. Still looking for the release on the wlc.
09-05-2007 05:33 AM
Version 4.1.171.0
09-05-2007 10:45 PM
Hi Adam,
What you are seeing is a correct behavior. As you mentioned you have 1000 series AP and it is in REAP mode which means it only supports local switching.
With local switching if WLAN is configured with WEB AUTH or 802.1x WLANs, existing clients are not disassociated, but the REAP APs stops sending beacons when the number of associated clients reaches zero (0). It also sends disassociation messages to new clients associating to 802.1x or web-authentication WLANs.
HTH
Ankur
*Pls rate all helpfull post
09-06-2007 07:02 AM
Ankur,
Thanks for the help. Unfortunately I'm not quite sure what that all means.
Are you saying I can't do webauth in reap mode?
What is the solution?
09-06-2007 08:33 PM
Hi Adam,
The problem is for WEB AUTH you have to redirect your request to the controller for authentication but when you have REAP AP it always do local switching so your request will not go to cntroller and will be switches by REAP AP itself.
So solution is HREAP instead of REAP. HREAP is only supported by 1130 and above LWAPP APs. HREAP also support central authentication and local switching which means it can authenticate with controller and then start switching data locally without sending it to controller. But again qhen your controller is unreachable existing client will keep associated but new clients will not join and when all clients will leave AP will stop sending beacons.
I will recommend you to read this HREAP doc which will explain you more
http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41hreap.htm
HTH
Ankur
*Pls rate all helpfull post
09-07-2007 07:29 AM
Thank Ankur.
That was very helpful. Looks like I need to be looking at the 1131AG if I want to do web auth over the wan.
This link helped a great deal as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide