cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
428
Views
8
Helpful
7
Replies

Enabling Webauth on 2100 Controller not working!?!?

acomiskey
Level 10
Level 10

I am attempting to configure webauth on a 2100 wlc.

As soon as I enable it and restart the wlc, the SSID is no longer being broadcast and I am unable to connect.

The errors are

Sep 04 11:27:19.124 apf_api.c:12159 APF-1-NOT_ADV_SSID_ON_AP: Not advertising SSID my_wlan on AP 00:0b:85:65:4d:40 due to radio policy.

Sep 04 11:21:10.815 spam_lrad.c:9524 LWAPP-1-MSGTAG048: Not advertising SSID my_wlan on REAP AP00:0b:85:65:4d:40 due to security policy

Please help. thanks.

7 Replies 7

ankbhasi
Cisco Employee
Cisco Employee

Hi Adam,

Can you update which release you are having on your controller and which model of APs and are your APs in REAP/HREAP mode?

Regards,

Ankur

Hi Ankur,

I have 1000 series AP's in REAP mode. Still looking for the release on the wlc.

Version 4.1.171.0

Hi Adam,

What you are seeing is a correct behavior. As you mentioned you have 1000 series AP and it is in REAP mode which means it only supports local switching.

With local switching if WLAN is configured with WEB AUTH or 802.1x WLANs, existing clients are not disassociated, but the REAP APs stops sending beacons when the number of associated clients reaches zero (0). It also sends disassociation messages to new clients associating to 802.1x or web-authentication WLANs.

HTH

Ankur

*Pls rate all helpfull post

Ankur,

Thanks for the help. Unfortunately I'm not quite sure what that all means.

Are you saying I can't do webauth in reap mode?

What is the solution?

Hi Adam,

The problem is for WEB AUTH you have to redirect your request to the controller for authentication but when you have REAP AP it always do local switching so your request will not go to cntroller and will be switches by REAP AP itself.

So solution is HREAP instead of REAP. HREAP is only supported by 1130 and above LWAPP APs. HREAP also support central authentication and local switching which means it can authenticate with controller and then start switching data locally without sending it to controller. But again qhen your controller is unreachable existing client will keep associated but new clients will not join and when all clients will leave AP will stop sending beacons.

I will recommend you to read this HREAP doc which will explain you more

http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig41/c41hreap.htm

HTH

Ankur

*Pls rate all helpfull post

Thank Ankur.

That was very helpful. Looks like I need to be looking at the 1131AG if I want to do web auth over the wan.

This link helped a great deal as well.

http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtmlAIR-LAP1131AG-x-K9

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: