HREAP SSID & vLAN use

Answered Question
Jul 28th, 2010
User Badges:

Hi,

I presently have a small wireless deplyment using 1141 LWAPP against WiSM Controllers. The Controller is configured with a SSID against a Dynamic interface.

For user mobility, the company wish to use a single SSID for movement of staff between offices

New office coming online to use 3502 CAPWAPs configured as HREAP's and local switching mode.

My understanding is that the CAPWAPs require a virtual interface on the controller for CAPWAP>Controller traffic. Does a Dynamic interface for the users at the HREAP site require defining on the controller ? If not, how does an SSID on the controller get mapped to the vLAN on the remote site ?


Thanks

Correct Answer by Kayle Miller about 6 years 8 months ago

David,


     No problem, so reviewing your comments below really all you have to do is the following.


     Once the SSID is set to H-REAP Local Switching, and the AP is set to H-REAP Mode do the following:


     - Under AP Configuration Click the H-REAP tab and enable VLAN Support

     - Set the Native VLAN to 797 and hit Apply


     - Under AP Configuration Click the H-REAP tab Click VLAN Mappings

     - Enter the respective vlans for the SSID's if they are different from shown


     - On the Remote Switch configure the AP port as a Trunk port just like you did with the WLC port (Vlan 797 Native and 301 allowed.)



     The H-REAP Grouping is more important if your using 802.1x or EAP type authentication where a radius server is used; you can create an H-REAP group to put them in if you want even if you don't use this authentication method.  As for how the WLC knows there remote; I don't believe it cares.



You can see the examples in my 3 screen shots attached.


I hope this helps... Please rate useful posts.


Thanks,


Kayle

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kayle Miller Wed, 07/28/2010 - 06:51
User Badges:
  • Silver, 250 points or more

David,


     If I am understanding your question correctly your asking when setting up H-REAP do you have to define a network on the controller; if that is correct please read on.



     This is how I setup the H-REAP configuration at my clients although you can deviate from this it is my preferred method, so below are the assumptions and known things.


     Data Center (where WLC is located):


          SSID: Staff

          AP VLAN: 600  - 10.0.60.x/24

          Local User VLAN is 100  - 10.0.100.x/24

         


     Remote Site


          SSID: Staff 

          AP VLAN: 600  - 10.2.60.x/24   

          Local User VLAN is 200  -  10.2.200.x/24


     What I do is create a dynamic interface on the controller for VLAN 100 so that any ap servicing the SSID Staff would always at the minimum end up with a 10.0.100.x address on VLAN 100 and be able to work. Then at the remote site create a new VLAN 200 with the defined range.


     Now to setup H-REAP you perform the following steps Configure that SSID to support locale switching, then set the AP to H-REAP mode.

Once the AP reboots open that AP config window and select the H-REAP tab. there you will need to enable VLAN Support, then Specify a Native VLAN of 600 and hit apply, then go back into the same spot and select VLANS and you should see you Staff SSID with a VLAN of 100, change that to 200 and hit apply.


So what will happen is if you ahve an AP at a remote site you have set to H-REAP the users will still work as long as the AP can talk to the controller because it is tunneled back to the WLC; but the H-REAP'ed AP's will dump the clients out at the remote site switch on VLAN 200 to access network resources.


   Some people don't create an interface on the WLC in this scenario but I prefer it.


The virtual interface is required for Mobility traffic and guest traffic.


I hope this helps answer your questions. Please rate useful posts.


Thanks,


Kayle

corsair1969 Mon, 08/02/2010 - 17:12
User Badges:

Hi Kayle,


Thanks for your response and apologies for my delayed reply.

Your response appears to be on the correct track, but I just need to clarify how I wish to deploy AP's and SSID's.

Scenario :


Central Site (where WLC is located)

SSID        -     AuthUser

AP VLAN  -    797 - 10.1.2.x/24

Central User vLAN - 301 - 10.1.109.0 /24


WLC switchport configured with Native vLAN 797 and mode Trunk to allow vLAN's 797 & 301 + a further guest vLAN

WLC configured with Dynamic interface for AP Management configured to vLAN 797

WLC configured with Dynamic interface for AuthUser configured to vLAN 301

Central site AP's tunnel all data AP control & User data back to the controller with no local switching


Remote site intended configuration

SSID          - AuthUser (allows user to move between regional sites using the common SSID)

AP vLAN     - 797 - 10.10.198.x /24 (DHCP Option 43 provides Central site WLC IP address)

User vLAN  - 301 - 10.10.211.x /24


As the AP's register with the controller, will this be via the native vLAN 797 ?


I understand the SSID requires configuring to H-REAP Local switching enabled on the Advanced tab of the AP configuration

I understand the AP when registered with the WLC is to have the AP Mode set to  H-REAP on the AP General config tab


Should the WLC be configured with a H-REAP group for these H-REAP's to be placed into and how does the controller know these H-REAP's are at the remote site ?

Does this also mean that a Dynamic interface is not required for the H-REAP remote AP's and also the remote site users, as both vLAN's at both sites are using the same vLAN numbers, 301 & 797 ?


Thanks

Correct Answer
Kayle Miller Tue, 08/03/2010 - 05:55
User Badges:
  • Silver, 250 points or more

David,


     No problem, so reviewing your comments below really all you have to do is the following.


     Once the SSID is set to H-REAP Local Switching, and the AP is set to H-REAP Mode do the following:


     - Under AP Configuration Click the H-REAP tab and enable VLAN Support

     - Set the Native VLAN to 797 and hit Apply


     - Under AP Configuration Click the H-REAP tab Click VLAN Mappings

     - Enter the respective vlans for the SSID's if they are different from shown


     - On the Remote Switch configure the AP port as a Trunk port just like you did with the WLC port (Vlan 797 Native and 301 allowed.)



     The H-REAP Grouping is more important if your using 802.1x or EAP type authentication where a radius server is used; you can create an H-REAP group to put them in if you want even if you don't use this authentication method.  As for how the WLC knows there remote; I don't believe it cares.



You can see the examples in my 3 screen shots attached.


I hope this helps... Please rate useful posts.


Thanks,


Kayle

corsair1969 Wed, 08/25/2010 - 21:12
User Badges:

Hi Kayle,


Thanks for your tech advice. Much appreciated and the information you provided was indeed correct.

Actions

This Discussion