Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question about deploying wireless across multiple offices

We are looking to deploy a small scale wireless network within our organzation. We have 10 field offices across the U.S. connected via private WAN cloud along with our HQ office. The plan is to deploy a wireless lan controller at HQ and then deploy APs to the field offices. We want the WLAN traffic to be isolated at each field office (will be on seperate vlan) and routes back through the wireless lan controller back at HQ. Is it possible to do that or do we have to deploy a wireless lan controller at each field office? Would we have to create some sort of tunnel from the field office AP vlan that tunnels back to the centrol controller? Or is it recommended to deploye main central controller at HQ and then deploy smaller lan controllers like the 2500 which link back to the central controller? Just looking for the best way to deploy the wireless.

Occassionally there will be some guests that need wireless access to the internet where employees will need to access LAN resources.

Thanks in advance for any suggestions provided.

  • Getting Started with Wireless
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Question about deploying wireless across multiple offices

Case Solution:


Q. Can I install Lightweight Access Points (LAPs) at a remote office and install a Cisco Wireless LAN Controller (WLC) at my headquarters? Does the LWAPP/CAPWAP work over a WAN?

A. Yes, you can have the WLCs across the WAN from the APs. LWAPP/CAPWAP works over a WAN when the LAPs are configured in Remote Edge AP (REAP) or Hybrid Remote Edge AP(H-REAP) mode. Either of these modes allows the control of an AP by a remote controller that is connected via a WAN link. Traffic is bridged onto the LAN link locally, which avoids the need to unnecessarily send local traffic over the WAN link. This is precisely one of the greatest advantages of having WLCs in your wireless network.

Note: Not all Lightweight APs support these modes. For example, H-REAP mode is supported only in 1131, 1140,1242, 1250, and AP801 LAPs. REAP mode is supported only in the 1030 AP, but the 1010 and 1020 APs do not support REAP. Before you plan to implement these modes, check to determine if the LAPs support it. Cisco IOS® Software APs (Autonomous APs) that have been converted to LWAPP do not support REAP.

Q. How do the REAP and H-REAP modes work?

A. In the REAP mode, all the control and management traffic, which includes the authentication traffic, is tunneled back to the WLC. But all the data traffic is switched locally within the remote office LAN. When connection to the WLC is lost, all the WLANs are terminated except the first WLAN (WLAN1). All the clients that are currently associated to this WLAN are retained. In order to allow the new clients to successfully authenticate and receive service on this WLAN within the downtime, configure the authentication method for this WLAN as either WEP or WPA-PSK so that authentication is done locally at the REAP. For more information about REAP deployment, refer to REAP Deployment Guide at the Branch Office.

In the H-REAP mode, an access point tunnels the control and management traffic, which includes the authentication traffic, back to the WLC. The data traffic from a WLAN is bridged locally in the remote office if the WLAN is configured with H-REAP local switching, or the data traffic is sent back to the WLC. When connection to the WLC is lost, all the WLANs are terminated except the first eight WLANs configured with H-REAP local switching. All the clients that are currently associated to these WLANs are retained. In order to allow the new clients to successfully authenticate and receive service on these WLANs within the downtime, configure the authentication method for this WLAN as either WEP, WPA PSK, or WPA2 PSK so that authentication is done locally at H-REAP.

For more information about H-REAP, refer to H-REAP Design and Deployment Guide.


Q. What is the difference between Remote-Edge AP (REAP) and Hybrid-REAP (H-REAP)?

A. REAP does not support IEEE 802.1Q VLAN tagging. As such, it does not support multiple VLANs. Traffic from all the service set identifiers (SSID) terminates on the same subnet, but H-REAP supports IEEE 802.1Q VLAN tagging. Traffic from each SSID can be segmented to a unique VLAN.

When connectivity to the WLC is lost, that is, in Standalone mode, REAP serves only one WLAN, that is, the First WLAN. All other WLANs are deactivated. In H-REAP, up to 8 WLANs are supported within downtime.

Another major difference is that, in REAP mode, data traffic can only be bridged locally. It cannot be switched back to the central office, but, in H-REAP mode, you have the option to switch the traffic back to the central office. Traffic from WLANs configured with H-REAP local switching is switched locally. Data traffic from other WLANs is switched back to the central office.

Refer to Remote-Edge AP (REAP) with Lightweight APs and Wireless LAN Controllers (WLCs) Configuration Example for more information on REAP.

Refer to Configuring Hybrid REAP for more information on H-REAP.

2 REPLIES
Cisco Employee

Question about deploying wireless across multiple offices

Case Solution:


Q. Can I install Lightweight Access Points (LAPs) at a remote office and install a Cisco Wireless LAN Controller (WLC) at my headquarters? Does the LWAPP/CAPWAP work over a WAN?

A. Yes, you can have the WLCs across the WAN from the APs. LWAPP/CAPWAP works over a WAN when the LAPs are configured in Remote Edge AP (REAP) or Hybrid Remote Edge AP(H-REAP) mode. Either of these modes allows the control of an AP by a remote controller that is connected via a WAN link. Traffic is bridged onto the LAN link locally, which avoids the need to unnecessarily send local traffic over the WAN link. This is precisely one of the greatest advantages of having WLCs in your wireless network.

Note: Not all Lightweight APs support these modes. For example, H-REAP mode is supported only in 1131, 1140,1242, 1250, and AP801 LAPs. REAP mode is supported only in the 1030 AP, but the 1010 and 1020 APs do not support REAP. Before you plan to implement these modes, check to determine if the LAPs support it. Cisco IOS® Software APs (Autonomous APs) that have been converted to LWAPP do not support REAP.

Q. How do the REAP and H-REAP modes work?

A. In the REAP mode, all the control and management traffic, which includes the authentication traffic, is tunneled back to the WLC. But all the data traffic is switched locally within the remote office LAN. When connection to the WLC is lost, all the WLANs are terminated except the first WLAN (WLAN1). All the clients that are currently associated to this WLAN are retained. In order to allow the new clients to successfully authenticate and receive service on this WLAN within the downtime, configure the authentication method for this WLAN as either WEP or WPA-PSK so that authentication is done locally at the REAP. For more information about REAP deployment, refer to REAP Deployment Guide at the Branch Office.

In the H-REAP mode, an access point tunnels the control and management traffic, which includes the authentication traffic, back to the WLC. The data traffic from a WLAN is bridged locally in the remote office if the WLAN is configured with H-REAP local switching, or the data traffic is sent back to the WLC. When connection to the WLC is lost, all the WLANs are terminated except the first eight WLANs configured with H-REAP local switching. All the clients that are currently associated to these WLANs are retained. In order to allow the new clients to successfully authenticate and receive service on these WLANs within the downtime, configure the authentication method for this WLAN as either WEP, WPA PSK, or WPA2 PSK so that authentication is done locally at H-REAP.

For more information about H-REAP, refer to H-REAP Design and Deployment Guide.


Q. What is the difference between Remote-Edge AP (REAP) and Hybrid-REAP (H-REAP)?

A. REAP does not support IEEE 802.1Q VLAN tagging. As such, it does not support multiple VLANs. Traffic from all the service set identifiers (SSID) terminates on the same subnet, but H-REAP supports IEEE 802.1Q VLAN tagging. Traffic from each SSID can be segmented to a unique VLAN.

When connectivity to the WLC is lost, that is, in Standalone mode, REAP serves only one WLAN, that is, the First WLAN. All other WLANs are deactivated. In H-REAP, up to 8 WLANs are supported within downtime.

Another major difference is that, in REAP mode, data traffic can only be bridged locally. It cannot be switched back to the central office, but, in H-REAP mode, you have the option to switch the traffic back to the central office. Traffic from WLANs configured with H-REAP local switching is switched locally. Data traffic from other WLANs is switched back to the central office.

Refer to Remote-Edge AP (REAP) with Lightweight APs and Wireless LAN Controllers (WLCs) Configuration Example for more information on REAP.

Refer to Configuring Hybrid REAP for more information on H-REAP.

New Member

Question about deploying wireless across multiple offices

Thx for the info. This was very helpful.

176
Views
5
Helpful
2
Replies