Cisco Support Community
Community Member

H-REAP AP with Web Passthrough layer 3 security....?

I have a Cisco 5508 Wireless Controller with 5 Cisco 1142 wireless access points.  The controller is installed at a central site which also has two access points present, which are configured in "Local" AP Mode.  The other 3 WAP's are installed at 3 different sites across a WAN.  These 3 WAP's are configured in "H-REAP" AP Mode with local switching enabled.  The 3 WAP's in H-REAP mode are configured to drop the user onto a local VLAN 253.  At each remote site I have a Cisco router serving DHCP for the wireless clients on VLAN253.  This setup all works great, wireless clients can associate to the SSID, are assigned an IP address by the Cisco Router DHCP, and then can browse the network/Internet.

As this is a guest wireless network, I would like to add a "Welcome" page for the wireless users to "Accept" before they can browse the network/Internet.  I understand that the Web Passthrough feature provides this functionality when in normal "Local" AP Mode, but does it also work for WAP's in "H-REAP" AP Mode?  ie, I have got the Web Passthrough feature working for my 2 WAP's which are in "Local" AP Mode, but when I apply the same configuration to the WAP's in "H-REAP" AP Mode it doesn't work.  When the wireless users try to associate their laptop's get stuck trying to get an IP address from DHCP, which never gets served.  When I monitor the DHCP server I see a DISCOVERY come in, and an OFFER go out, but the OFFER never makes it back to the client.  It is like the WLC is not allowing the traffic because it is expecting the user to "Accept" the "Welcome" page.

So my first question is;  does Web Passthrough work when the WAP is in H-REAP mode and the DHCP server is external (not the wireless controller).

Then my second question is;  if it does work, can anyone suggest why it's not working for me?

Thanks in advance.

Everyone's tags (6)
Community Member

Re: H-REAP AP with Web Passthrough layer 3 security....?

I have managed to get this working.

It turns out that it was partially my laptop playing games on me and not properly associating to the SSID's.

CreatePlease to create content