Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Green

Enabling Webauth on 2100 Controller not working!?!?

I am attempting to configure webauth on a 2100 wlc.

As soon as I enable it and restart the wlc, the SSID is no longer being broadcast and I am unable to connect.

The errors are

Sep 04 11:27:19.124 apf_api.c:12159 APF-1-NOT_ADV_SSID_ON_AP: Not advertising SSID my_wlan on AP 00:0b:85:65:4d:40 due to radio policy.

Sep 04 11:21:10.815 spam_lrad.c:9524 LWAPP-1-MSGTAG048: Not advertising SSID my_wlan on REAP AP00:0b:85:65:4d:40 due to security policy

Please help. thanks.

7 REPLIES
Cisco Employee

Re: Enabling Webauth on 2100 Controller not working!?!?

Hi Adam,

Can you update which release you are having on your controller and which model of APs and are your APs in REAP/HREAP mode?

Regards,

Ankur

Green

Re: Enabling Webauth on 2100 Controller not working!?!?

Hi Ankur,

I have 1000 series AP's in REAP mode. Still looking for the release on the wlc.

Green

Re: Enabling Webauth on 2100 Controller not working!?!?

Version 4.1.171.0

Cisco Employee

Re: Enabling Webauth on 2100 Controller not working!?!?

Hi Adam,

What you are seeing is a correct behavior. As you mentioned you have 1000 series AP and it is in REAP mode which means it only supports local switching.

With local switching if WLAN is configured with WEB AUTH or 802.1x WLANs, existing clients are not disassociated, but the REAP APs stops sending beacons when the number of associated clients reaches zero (0). It also sends disassociation messages to new clients associating to 802.1x or web-authentication WLANs.

HTH

Ankur

*Pls rate all helpfull post

Green

Re: Enabling Webauth on 2100 Controller not working!?!?

Ankur,

Thanks for the help. Unfortunately I'm not quite sure what that all means.

Are you saying I can't do webauth in reap mode?

What is the solution?

Cisco Employee

Re: Enabling Webauth on 2100 Controller not working!?!?

Hi Adam,

The problem is for WEB AUTH you have to redirect your request to the controller for authentication but when you have REAP AP it always do local switching so your request will not go to cntroller and will be switches by REAP AP itself.

So solution is HREAP instead of REAP. HREAP is only supported by 1130 and above LWAPP APs. HREAP also support central authentication and local switching which means it can authenticate with controller and then start switching data locally without sending it to controller. But again qhen your controller is unreachable existing client will keep associated but new clients will not join and when all clients will leave AP will stop sending beacons.

I will recommend you to read this HREAP doc which will explain you more

http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41hreap.htm

HTH

Ankur

*Pls rate all helpfull post

Green

Re: Enabling Webauth on 2100 Controller not working!?!?

Thank Ankur.

That was very helpful. Looks like I need to be looking at the 1131AG if I want to do web auth over the wan.

This link helped a great deal as well.

http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtmlAIR-LAP1131AG-x-K9

161
Views
8
Helpful
7
Replies
CreatePlease to create content