Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Access & H-Reap AP's


I am implementing a guest access solution in my workplace. I am unclear on how h-reap and guest access work together.

The implementation includes a 2 x 5500 wlc's at the central office. 1 of these controllers is dedicated to guest access and is configured as a mobility anchor. Web-auth is used for the guest ssid users. Connected to this controller is a cisco adsl router providing internet access for guest users. This router also provides guest users with dhcp

I have configured 2 ssid's, 'corporate' and 'guest'.The 'corporate' ssid is the wlan used everday by employees. The guest access ssid 'guest' is used for guest access.

At the central site all lwapp's operate in local mode. At the remote sites all lwapp's are configured for h-reap mode.

A guest client at the central site connects to the guest ssid and is able authenticate using web-auth and break out onto the internet from the wlc anchor coltroller/cisco adsl router. All good here.

However at the remote site behaviour is not as expected. Assume that the below 2 clients authenticate against the same h-reap configured access point at the remote office.

Client 1, connects to the 'corporate' ssid. This ssid has been configured for h-reap therefore it is expected that client data is switched locally on this h-reap configured access point. This seems to be the case - all good here.

Client 2, a guest, connects to the 'guest' ssid. The 'guest' ssid is not configured for h-reap local switching therefore I would expect all data to tunnel to the controller and break out to the internet via the mobility anchor wlc/adsl router. However this does not appear to happen. The guest has no internet access. If I then place the access point in local mode (uncheck the h-reap option on the ap) and reboot the ap for changes to take effect, the guest 'ssid' allows the user to access the internet via the mobility anchor wlc/adsl router.

Therefore I want to know if it is possible to use different ssid's on the same h-reap configured access point and expect the guest ssid to tunnel to the controller/mobility anchor/internet whilst the 'corporate' ssid switches data locally.

Any help much appreciated!! Thanks in advance...

CreatePlease to create content