Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
4
Replies

H-REAP for Local Access points for Fault Tolerance?

Tim Butters
Level 1
Level 1

‎01-17-2012 05:19 AM - edited ‎07-03-2021 09:23 PM

Afternoon,

I Work at a site with approximately 23 AP's (mixture) and one 5508 Controller.

Uptime is imperative - I have a 24x7x4hour smartnet contract on the Controller, but even 4 hours is unacceptable. A backup controller will not suffice, as I have learnt multiple things can go wrong with a LWAPP environment, including situations where the controller itself is not at fault (network etc...) and I have already purchased and set up all the redundant features for the 5508 (additional PSU, LAG ports etc...)

What are peoples impressions of using the H-REAP function for local access points? This means the AP's themselves will both authenticate and switch data packets. I see no problem in having this feature active as I can't see myself losing any features:

Authentications will still be proxied through the controller if the AP is in connected mode.

I know this was not really what HREAP was designed for (as i'm not using the AP's over a WAN link), but I see no issues with it being used at a local site for fault tolerance. Can anyone think of a reason?

Thanks

Tim

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎01-17-2012 05:24 AM

You can desing it that way... I have done installs that way in the past, but when using the 210X WLC since it was only 10/100 and the AP's were connected at gigabit.  If you are worried that the WLC will fail and you will loose all your AP's, H-REAP may work for you.  I say, may work, because it also depends on the authentication method you are using.  IF you are doing 802.1x, then you have to think about redundancy for the radius.  Just look at the features of h-reap and what it does and doesn't support.

-Scott
*** Please rate helpful posts ***
0 Helpful

Tim Butters
Level 1
Level 1

‎01-17-2012 05:37 AM

Ive looked through the feature matrix and I can honestly not see a reason not to go down this route. We don't need radius and simply use Pki keys for the moment.

Sent from Cisco Technical Support iPhone App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Tim Butters

‎01-17-2012 05:39 AM

Okay... if your using pre-shared keys, then your okay. 

-Scott
*** Please rate helpful posts ***
0 Helpful

Tim Butters
Level 1
Level 1
In response to Scott Fella

‎01-17-2012 05:50 AM

The main reason for wanting to go to H-REAP is that it pretty much gives all the features of having everything centrally controlled, whilst the AP is still connected - yet will continue to operate IF the controller were to become unavailable for one reason or another.

Even 802.11x authentication can be done - while it is in connected mode it forwards to the controller and if in standalone mode, can be forwarded to a list of AAA servers.

I'd really like to hear from anyone who may have a reason why I shouldn't do this?!

Tim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card