I am thinking of pushing out the H-REAP configuration to all my AP's on my local site for redundancy. I have read reems and reems of documentation on the matter but just want to throw a couple of ideas and questions around.
Using PSK (WAP) If I set my HREAP AP's to Locally Authenticated/Locally Switched - Whilst the AP is in connected mode, is roaming maintained by the controller as if the AP was in normal LWAP mode? In other words - whilst the HREAP AP is in connected state, it doesn't actually function any differently than if it was in normal "Local" mode until it's CAPWAP control plane connection drops?
When using a layer 2 encryption method (wpa/tkip psk or wpa2/aes psk), the encryption and ecryption is handled by the AP. 802.1x, however has to have authentication method come back to the wlc if the ap's are in local mode. If using 802.1x and ap's are in h-reap mode, then it is suggested you use h-reap groups. These group of ap's will share the same cckm, radius and ssid's.
Thanks for your reply but you misunderstood my question.
The operation during "local authentication, local switching" (authentication and switching handled by AP) is only valid when in Standalone mode (or when the AP cannot see the controller).
My question is, when the AP CAN see the controller (therefore is in Connected mode), does its operation differ at all (in regards to fast roaming when using WAP2-PSK) from the an AP that isn't in H-REAP mode.
So, to summarise. If the AP is in H-REAP mode and the SSID is Local Auth/Local Switch - when the AP is in connected mode and can see the controller, it's operation does not differ at all from a non-HREAP AP - and fast roaming and other features etc... WILL work with PSK-WAPv2 as normal. This is until the AP goes into Standalone state.
When an h-reap ap is in local auth/local switching, the operation for wpa(2)tkip/aes does not differ, only on 802.1x. Fast roaming is really meant for 802.1x and key caching on the AP so that the device doesn't have to perform a full auth. Pre-shared key is fast enough roaming because it doesn't have to perform all the steps an 802.1x client has to do.