AP Group VLAN for H-REAP

Unanswered Question
Apr 28th, 2009

We were able to successfully implement AP Group VLAN's on our corporate WLC, but was wondering if it's doable for H-REAP AP's?

When an AP's in H-REAP mode, it locally switches user traffic through a local L3 switch / router, and therefore bypasses the WLC.

Anyone know if Group VLAN is supported in conjunction w/ H-REAP?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
huangedmc Tue, 04/28/2009 - 17:29

Could you point me to a link or website that explains how it works?

When we configure the AP Group VLAN, we need to map the SSID to the desired dynamic interfaces.

But since H-REAP AP's don't use those dynamic interfaces, how does the WLC tell the AP's which SVI's & VLAN's to use on the remote/local L3 switches?

huangedmc Wed, 04/29/2009 - 06:48

Thank you for the prompt response and the links.

I apologize for not making it clear...but my question's still not answered.

I know exactly how to configure H-REAP and AP Group VLAN, and how they work.

We have about 1200 AP's running in H-REAP throughout our network.

For the large sites that have their own standalone WLC on the local network, we implement AP Group VLAN's to reduce the size of the broadcast domain.

My question here is for remote sites that don't have a local WLC and are running H-REAP mode, how is AP Group going to work since in H-REAP mode, the AP's don't use the dynamic interfaces that are configured on the WLC.

AP Group depend on the dynamic interface mappings to know which VLAN's or SVI's use the SSID.

etmarcof Tue, 03/16/2010 - 15:18

Hi,

Have you find an answer for your question?

Because i'm dealing with same question. (I have read some docs and config examples)

How and where in H-Reap configuration are Dynamic interfaces configured in WLC for each WLAN that in remote site?

Best Regards

MC

Scott Fella Tue, 03/16/2010 - 16:24

If you configure the WLAN SSID for local switching, then the H-REAP AP will drop the traffic on the local vlan you map the ssid to.  If you do not locally switch the SSID, then the traffic will flow back to the WLC and out the dynamic interface.

tdhb..hiq Tue, 03/16/2010 - 17:32

Hey Scott.

What if I want to drop the traffic on another VLAN rather than the one that the AP uses for its management? I might add that the APs are at a remote site, without a WLC.

What would the interface look like that is associated to the WLAN? Is it a dynamic one?

In my case we want to use VLAN900 for the management and VLAN902 for the locally switched traffic. The remote router will provide the DHCP address for the APs and clients.

Thanks

Scotty

Scott Fella Tue, 03/16/2010 - 17:41

What if I want to drop the traffic on another VLAN rather than the one that the AP uses for its management? I might add that the APs are at a remote site, without a WLC.

Once you configure the LAP ans an H-REAP AP, then you can map the ssid to a local vlan (remote side) as long as the ssid is configured for locally switchted.

What would the interface look like that is associated to the WLAN? Is it a dynamic one?

Locally switched ssid's do not have any dynamic interfaces created since traffic will be terminated locally at the remote site.

In my case we want to use VLAN900 for the management and VLAN902 for the locally switched traffic. The remote router will provide the DHCP address for the APs and clients.

This will work... just remember, the H-REAP LAP will have to connect to a trunk port allowing only VLAN 900 and 902.

Just remember these points:

  1. Need to check local switching in the SSID for SSID's that you will use for H-REAP
  2. If more than one vlan is required, then the H-REAP LAP will connect to a dot1q trunk port only allowing vlans required
  3. You need to map the ssid to the local vlan
tdhb..hiq Tue, 03/16/2010 - 17:54

Hi Scott,

Thanks for the quick response.

I have set the SSID to H-REAP Local Switching

How do I map the ssid to a local vlan?

What do I do with the Interface option, at the moment it is set to the management

The AP is set to H-REAP

I can change the native VLAN

But not the VLAN mappings.

Am I missing something?

Thanks

Scott Fella Tue, 03/16/2010 - 17:58

When you set the native vlan.... did you reset the AP?  You need to hit apply when you set the native vlan also then reboot the AP.

tdhb..hiq Tue, 03/16/2010 - 18:06

I made a bit of an error in the last screen shots. The AP was in the wrong AP group.'

Now it is looking like this and I can edit the VLAN mapping.

I still am confused about the Interface though. Is the standard management on the right one to use? This is the one that the local APs use to register with.

Cheers

Scotty

Scott Fella Tue, 03/16/2010 - 18:11

Looks god...

You need to leave it on the management vlan unless you have to use that ssid in your central location.... H-REAP will not use that interface since they traffic will get dropped of at the remote side.

tdhb..hiq Tue, 03/16/2010 - 18:15

Ok, will give that a go.

Thanks so much for your help. You saved from TAC torture.

After reading hundereds of pages I could not find this info.

Cheers

Scotty

cthrasher Fri, 07/30/2010 - 14:48

Isn't HREAP the most frustrating thing you've had to configure in a long long time? I had to figure this out on my own also. If you are doing HREAP, then you don't need dynamic interfaces. If you are sending all the same SSID's to the HREAP then you don't need AP groups. How is your implementation? the funny thing is, I've set this up and in trying to explain it to my co-worker I suddenly draw blanks, and end up saying stuff that I hope he doesn't get and then I see his eyes gloss over and I know --- I STILL can't explain it! wow, crazy!

dpsharma Mon, 02/28/2011 - 20:40

Hello All,

Can I do HREAP Local switching for a common corporate SSID name (no dynamic interface for this SSID as controller will be at a colocation site with all sites having HREAP) so that traffic gets dropped into local LAN, but use AP Groups for each site for Guest traffic (coming to controller to exit out to internet at colo), map these AP groups to the same Guest SSID name? Guest VLAN ID will be same at all locations, but subnet will be different as circuits are L3 MPLS?

Thanks much in advance.

Scott Fella Tue, 03/01/2011 - 04:52

You can define an ap group for hreap, but they will use the vlan defined in the wlc interface you set the ssid to. So you might still have to map the ssid to local vlan if the vlan id is different. I usually will have to manually map ssid to local vlans especially if you have a few ssids.

Sent from Cisco Technical Support iPhone App

dpsharma Tue, 03/01/2011 - 06:48

Thanks Scott for your prompt advice.

Can you further advise if this is correct approach:

1. WLC5508, aggregated LAG connected to a trunk port on the L3 switch at colo. VLAN ID of 10 (172.30.10.0/24) for management interface.

2. SSID named Corporate, 802.1x/AD, PEAP/MSCHAPv2, via NAP2008 as Radius, available at 6 sites, central authentication and local switching, via local VLAN ID of 20 at each site (subnets are 172.16.20.0/24, 172.17.20.0/24 etc..)

3. SSID named Guest, internal web auth, available at all 6 sites again, central autentication, central switching, so that all Guest traffic comes straight to controller and exits off the WLC trunk port into colo switch to be routed to Internet there.

4. Management VLAN ID of 10 (172.16.10.0/24, 172.17.10.0/24 etc..) at each site set up as native / untagged on the AP switchports setup as trunk ports with VLAN 20 tagged ( allowed vlan 10,20).

5. Locally map in each HREAP, VLAN ID 20 to Corporate SSID. and set native VLAN ID of 10.

6. Do I need to create a different Guest VLAN ID of say 30 ( 172.16.31.0/24, 172.17.30.0/24 etc) at WLC for each location, then create all these dynamic interfaces and create AP groups for each and then associate Guest SSID to these interfaces, so that each site has same Guest SSID name as well, but it will not be locally switched?

Thanks so much again.

Scott Fella Tue, 03/01/2011 - 06:57

What you have is fine. For guest, that will be centrally switched so you don't need to create a local vlan. You just need to have a dynamic interface in which the guest traffic will use when it gets tunneled back to the WLC. Keeping vlan ids consistent is good.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics - Security & Network