If a client gets an IP address in a VLAN at a remote site, H-REAP is working (since the subnet doesn't exist at the WLC). If you have more than one SSID, they should generally be bound to VLANS, (ssid to vlan mapping) just like IOS APs. (The deployment will depend on how you want them configured.)
To Trunk or Not to Trunk
H-REAP access points may be connected to 802.1Q trunk links or to untagged access links. When connected to a trunk link, H-REAPs send their LWAPP control and data traffic back to the controller via the native VLAN. Locally switched WLANs may then have their traffic dropped on any available VLANs (native, or otherwise). When set to operate on an access link with no 802.1Q visibility, H-REAPs forward all LWAPP messages and locally switched user data to the single, untagged subnet to which it is connected.
General guidelines for selecting the best switchport mode for H-REAP's
- Use a trunk link if more than one WLAN is configured for local switching, and if traffic on these SSIDs needs to be dropped on different subnets. Both the access point and the upstream switchport need to be configured for 802.1Q trunking. Configuring H-REAPs for 802.1Q trunking is the most common configuration and provides the most flexibility.
- Use an untagged access link when H-REAPs do not have more than one locally switched WLAN or have multiple locally switched WLANs that do not require wired-side separation. Be aware that a trunk link may still be desirable under these conditions if separation between the LWAPP messaging and user data is desired. However, this is neither a configuration requirement, nor a security risk.
Note: H-REAPs by default operate on untagged, access link interfaces
The Hybrid Remote-Edge Access Point
The Hybrid Remote Edge Access Point, or H REAP, is a feature supported by 1040, 1130, 1140, 1240, 1250, 3500, 1260, AP801, AP802 access points and on the Cisco WiSM, Cisco 5500, 4400, 2100, 2500, and Flex 7500 Series Controllers, the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Controller Network Module for Integrated Services Routers. The H REAP feature is supported only in the Cisco Unified Wireless Network controller release version 4.0 or later, the selectable feature of this software allows for the merging of both Split and Local MAC CAPWAP operations for maximum deployment flexibility. Client traffic on H REAPs can either be switched locally at the access point or tunneled back to a controller, which depends on each WLAN configuration. Further, locally switched client traffic on the H REAP can be 802.1Q tagged in order to provide for wired side separation. During a WAN outage, service on all locally switched, locally authenticated WLANs persists.
A. In the REAP mode, all the control and management traffic, which includes the authentication traffic, is tunneled back to the WLC. But all the data traffic is switched locally within the remote office LAN. When connection to the WLC is lost, all the WLANs are terminated except the first WLAN (WLAN1). All the clients that are currently associated to this WLAN are retained. In order to allow the new clients to successfully authenticate and receive service on this WLAN within the downtime, configure the authentication method for this WLAN as either WEP or WPA-PSK so that authentication is done locally at the REAP. For more information about REAP deployment, refer to REAP Deployment Guide at the Branch Office.
In the H-REAP mode, an access point tunnels the control and management traffic, which includes the authentication traffic, back to the WLC. The data traffic from a WLAN is bridged locally in the remote office if the WLAN is configured with H-REAP local switching, or the data traffic is sent back to the WLC. When connection to the WLC is lost, all the WLANs are terminated except the first eight WLANs configured with H-REAP local switching. All the clients that are currently associated to these WLANs are retained. In order to allow the new clients to successfully authenticate and receive service on these WLANs within the downtime, configure the authentication method for this WLAN as either WEP, WPA PSK, or WPA2 PSK so that authentication is done locally at H-REAP.
A. REAP does not support IEEE 802.1Q VLAN tagging. As such, it does not support multiple VLANs. Traffic from all the service set identifiers (SSID) terminates on the same subnet, but H-REAP supports IEEE 802.1Q VLAN tagging. Traffic from each SSID can be segmented to a unique VLAN.
When connectivity to the WLC is lost, that is, in Standalone mode, REAP serves only one WLAN, that is, the First WLAN. All other WLANs are deactivated. In H-REAP, up to 8 WLANs are supported within downtime.
Another major difference is that, in REAP mode, data traffic can only be bridged locally. It cannot be switched back to the central office, but, in H-REAP mode, you have the option to switch the traffic back to the central office. Traffic from WLANs configured with H-REAP local switching is switched locally. Data traffic from other WLANs is switched back to the central office.
3. Q. Can I install Lightweight Access Points (LAPs) at a remote office and install a Cisco Wireless LAN Controller (WLC) at my headquarters? Does the LWAPP/CAPWAP work over a WAN?
A. Yes, you can have the WLCs across the WAN from the APs. LWAPP/CAPWAP works over a WAN when the LAPs are configured in Remote Edge AP (REAP) or Hybrid Remote Edge AP(H-REAP) mode. Either of these modes allows the control of an AP by a remote controller that is connected via a WAN link. Traffic is bridged onto the LAN link locally, which avoids the need to unnecessarily send local traffic over the WAN link. This is precisely one of the greatest advantages of having WLCs in your wireless network.
Not all Lightweight APs support these modes. For example, H-REAP mode is supported only in 1131, 1140,1242, 1250, and AP801 LAPs. REAP mode is supported only in the 1030 AP, but the 1010 and 1020 APs do not support REAP. Before you plan to implement these modes, check to determine if the LAPs support it. Cisco IOS® Software APs (Autonomous APs) that have been converted to LWAPP do not support REAP.
Remote-Edge AP (REAP) with Lightweight APs and Wireless LAN Controllers (WLCs) Configuration Example for more information on REAP.
Configuring Hybrid REAP for more information on H-REAP