cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1127
Views
0
Helpful
12
Replies

H-REAP with multiple WLANs

hadisharifi
Level 1
Level 1

Hi All,

I have been asked to setup wireless and we have purchased WLC 5508 and 1142 APs.

We have several remote sites and a  centralized WLC.  The requirement are to have a common SSID  (Corporate) advertised across all the remote sites and have that SSID locally switched, and have another two SSID Guest and Mobile tunneled back to the central site (WLC).

I want all the wireless (Corporate) clients to use the same subnet as the wired clients at each remote site, the IP assigment will be done by a DHCP server at the central site. The Guest and Mobile users will use a common subnet each across all the site and this will also be handled by the DHCP server at the central site.

I have enabled H-REAP with Centralized  Authentication and Local switching but I'm not sure about the second  part which is to have a common SSID (Corporate) across the remote sites and localy switched whilst having the other two SSIDs tunneled back to the WLC.

Cisco TAC told me to configure dynamic interfaces for each of the remote site but then he said I still wouldn't be able to switch the Corporate traffic localy if I use a different subnet to the wired subnet for the wireless clients.

I hope the above is not very confusing.

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Okay... so if you want Corporate to be local at each remote site you have to do the folowing:

  1. Enable h-reap loacl switching on the SID (which you already did)
  2. Configure the H-REAP AP switchport as a dot1q trunk. Set the native vlan on the trunk the vlan the ap ip address is on and only allow the native vlan and the vlan you want the corporate SSID on.
  3. Go to the H-REAP AP and click on the H-REAP tab. You need to enable vlan support and set your vlan id there for your ap vlan and hit apply.
  4. Go back to the h-reap tab and click on vlan mapping.
  5. Enter your vlan id for the wired vlan you want to map your cororate ssid on.

That is it.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

-Scott
*** Please rate helpful posts ***

View solution in original post

12 Replies 12

Scott Fella
Hall of Fame
Hall of Fame

Okay... so if you want Corporate to be local at each remote site you have to do the folowing:

  1. Enable h-reap loacl switching on the SID (which you already did)
  2. Configure the H-REAP AP switchport as a dot1q trunk. Set the native vlan on the trunk the vlan the ap ip address is on and only allow the native vlan and the vlan you want the corporate SSID on.
  3. Go to the H-REAP AP and click on the H-REAP tab. You need to enable vlan support and set your vlan id there for your ap vlan and hit apply.
  4. Go back to the h-reap tab and click on vlan mapping.
  5. Enter your vlan id for the wired vlan you want to map your cororate ssid on.

That is it.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

-Scott
*** Please rate helpful posts ***

Thanks for your help Scott,

Please confirm if I have understood this correctly.

Example: AP at the remote office is configred with static IP address 10.26.46.100/29 (Vlan 100) and primed.

The Corporate SSID to be switched locally here is using subnet 172.18.114.0/24 (Vlan 2) (the same as wired data subnet). Guest SSID uses 10.0.0.0/24 (Vlan 999) and Mobile uses 10.20.0.0/24 (Vlan 998).

If I configure the AP under the H-REAP tab with vlan support and enter vlan 100 as the native vlan ID, once the AP resets the interface and is back online, I go back and configure VLAN mapping and enter the Corporate SSID VALN 2. Will it work? And from reading the Design doco, I can enter whatever vlan ID here for the Corporate SSID or does it have to match the existing wired VLAN?

Thanks

It has to match the vlan you want at that remote site which is vlan 2. So basically the trunk port will only allow vlan 100 and vlan 2.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Thanks, and on the switch side of the trunk I don't need to allow vlan 999 and 998, only vlan 2 and 100.

Another question, how do the clients in the Corporate SSID get an IP address from the Data subnet of the wired client at the branch office, is it that all the requests are switched locally therefore making the wirless client as the wired ones?

Thanks

You only need to allow vlan 100 & vlan 2.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Just to make sure, vlan 2 & 100 is located at the remote site and vlan 998 & 999 is located centrally where the WLC is at.

-Scott
*** Please rate helpful posts ***

That is correct, and VLAN 998 and 999 will be terminating in DMZ where vlan 2 will be terminating on the internal network.

Okay... just making sure:)  That should do it then.

-Scott
*** Please rate helpful posts ***

A minor issue, the corporate WALN is mapped to the management interface and it uses vlan 100 because that is the mangement VLAN. Now that I have enabled VLAN support and when I go to the VLAN mappings page I only get the corporate SSID with VLAN 100, and the other two WLANs aren't configurable because they aren't switched locally which is fine.

How will the above vlan mapping work for both the APs and Corporate SSID given that the corporate will be using VLAN 2, do I create a new interface and map the Corporate SSID to that VLAN (VLAN 2)? Can it be in the same subnet as the management?

Thanks

It can be on the same subnet if that is what you want.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Hi Scott, thanks for your help.

I didn't have to create another interface, because I was able to map the vlans both for Corporae and the native. When I first enabled vlan support I entered 100 as the native and once on the vlan mapping page the corporate SSID was also showing 100 as its vlan ID and that confused me which I thought I wasn't able to change, but I could change it.

Yes, you want to change that to (vlan) 2.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: