Cisco Support Community
Community Member

H-Reap central Authentication local Switching


I configured hreap local switching with central authentication, but only dhcp does not work in wireless clients. My  DHCP is in headquarter WLC.

Cisco Employee

H-Reap central Authentication local Switching

Hello Nalin,

When you configure H-REAP local switching, the client traffic will be placed on the switch that the AP is connected to. Traffic will not be tunneled to the WLC.

In this scenario, you will need to have a DHCP server at the remote site to provide wireless clients with an IP address -- the client IP will need to be valid for the site.


Community Member

H-Reap central Authentication local Switching

Hi Pat,

please find the config .

Please find the Initial config detail on  remote end L3 Switch.

  • •1-      Layer 3 VLAN need to be created at L3 switch.
  • •2-      Another one more Layer 3 VLAN created for wireless User on SVi  interface.
  • •3-      DHCP IP helper address defined on SVI interface for Wireless users.
  • •4-      Trunkport configured on access Switches  for Access point.

HO end WLC  config .

  • •1-      specified the HREAP in Primary WLC.
  • •2-       HREAP AP is defined in local Switching mode.
  • •3-      SSID configured with WPA2+ 802.1x Authentication in WLC for remote end user.
  • •4-      VLAN interface is defined in WLC for wireless USER.
  • •5-      DHCP Pool is defined in WLC for DHCP IP distribution. 

Problem – I am not able to get IP from DHCP for Remote end wireless user.



Cisco Employee

Re: H-Reap central Authentication local Switching

In your scenario - the requirements are - dhcp server ip will be WLC's management interface ip on management vlan, scope is going to be the local site's vlan-x range, the default gateway/router going to be the site's vlan-x gateway.

The challenges are:

#Guess you're having dhcp proxy enabled on WLC to use wlc's internal dhcp

#For wireless client to get an dhcp ip from WLC you need to configure vlan-x dynamic interface ip on WLC as well. This will make the hreap look central.

#From the Remote site, are you routing back to data centre to reach WLC's management interface ip from its site wired interface vlan-x gateway.

#Does WLC know how to reach vlan-x gateway which is actually at the remote site.

#WLC can't decide vlan/interface for remote hreap wireless client, that's why AAA over-ride is not supported with hreap.

Do not use WLC's internal dhcp server for Remote hreap wireless clients. It may be treated as wired client and WLC doesn't respond to the dhcp request.

#WLC Management interface can be reached over wireless and wired side. Any dhcp request that comes on wired side to management interface will be ignored, unless it is AP. All dhcp request that comes via capwap (centrally switched WLAN) will be honored by WLC.

Solution: Use external dhcp server just like Pat said or Use central switching.


CreatePlease to create content