Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
15
Helpful
10
Replies

Branch Guest Access (HREAP)

Go to solution
Javi Benito
Level 1
Level 1

‎11-28-2011 09:32 AM - edited ‎07-03-2021 09:08 PM

Hi,

I have WLC5500 series in headquarters and several branch offices. I have configured in headquarters a wlan for employees and another wlan for guest users.

In the branch offices I have configured wlan for employees and now I´m trying to configure wlan for guest users in one of this bran offices.

I´ve already created vlan for guest users (vlan 10) in the switches and I´ve assigned a new port from the Cisco ASA in the branch office for this vlan with a DHCP server (10.7.7.0/24).

Then, I have created a dynamic interface in WLC with the same vlan id number than in the remote guest vlan (10) and I have assigned to this dynamic interface an ip address (10.7.7.3) and a dhcp server 10.7.7.1 (guest interface from cisco asa in branch office).

After this, I have created wlan with webauth and HREAP.

When i try to connect one remote computer to this wlan, it´s connect to wlan but the ip address the is assigned to this laptop is from employees network and not from guest network.

Would be possible this configuration ? .Could you assist me to solve this issue?

Thanks im advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-28-2011 09:40 AM

In the h-reap ap, there is a tab for h-reap. In there you specify the native vlan and then you can specify the SSID vlan mapping. The port the ap is connected to needs to be a trunk port also.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-28-2011 09:40 AM

In the h-reap ap, there is a tab for h-reap. In there you specify the native vlan and then you can specify the SSID vlan mapping. The port the ap is connected to needs to be a trunk port also.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Javi Benito
Level 1
Level 1
In response to Scott Fella

‎11-28-2011 09:53 AM

Hello Scott,

I´m going to check it.

Thanks for your help

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Javi Benito

‎11-28-2011 10:00 AM

Javi,

You do not need a dynamic interface on the wlc if you are wanting to place users on the local (remote) subnet. That is where the vlan mapping in the h-reap ap comes into play. It your SSID is not set to local switching, then the traffic is tunneled back to the wlc and then you would need the dynamic interface on the wlc. In order to use a subnet at the remote site, you need h-reap local switching checked on the WLAN SSID advanced tab. This gives you the option of setting the said to vlan mapping.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Go to solution
Javi Benito
Level 1
Level 1
In response to Scott Fella

‎11-28-2011 10:06 AM

Then, In the general Wlan tab where I have to put the interface. Which interface should i configure? management?

Regards,

Javi

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Javi Benito

‎11-28-2011 10:10 AM

If you have AP's in local mode like in your HQ, then you would used that dynamic interface. For h-reap AP's, the SSID mapping is used.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Go to solution
Javi Benito
Level 1
Level 1
In response to Scott Fella

‎11-28-2011 10:21 AM

ahh ok, then if I have not any wlan in local mode in this AP, this option, we could say that is disabled or it´s not used.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Javi Benito

‎11-28-2011 10:32 AM

Correct...

Most of the time you would see AP's in local mode because a company has AP's in the same building as where the WLC is located. This is where you would use the interface on the WLAN SSID tab. Then companies want to cover remote sites without having to purchase more WLCs for each site. These AP's would be configured for h-reap mode. Now depending if you want to tunnel traffic back (h-reap local switching disabled) or drop traffic off at the remote site (h-reap local switching enabled), it your choice. AP's in local mode are connected to an access port while h-reap AP's are on a dot1q trunk.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Go to solution
Javi Benito
Level 1
Level 1
In response to Scott Fella

‎11-28-2011 12:12 PM

Ok, good explanation. I´ll chek it tomorrow.

Thanks for your help

0 Helpful

Go to solution
Javi Benito
Level 1
Level 1

‎11-29-2011 03:41 AM

Perfect!! Works fine!!

Thanks

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Javi Benito

‎11-29-2011 05:31 AM

Javi,

Glad it worked:)

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card