Cisco Support Community
Community Member

H-REAP configuration assistance


I'm trying to wrap my head around the h-reap configuration requirements, but i just cant seem to find the information i need

for my network/design.

I have a central and a remote site connected via an ipsec tunnel.

On the central site, there is a 4402 controller with three ssid's.

The remote site wants to use the same three ssid's, but switched locally.

So, lets say that the three central ssids are setup like this:

SSID: Guest

Interface: guest-network (Vlan 98)


SSID: Internal

Interface: internal-network (vlan 99)


SSID: Voice

Interface: voice-network (vlan 100)


On the remote site, i have a firewall setup with the same kind of networks, and proper dhcp scopes to match.

Guest: Vlan 10

Internal: Vlan 20

Voice: Vlan 30

Access points dhcp scope: Vlan 40

All networks are verified locally (wired).

How can i get my remote wireless clients to authenticate centrally, but use the local network for resource access?

I'll fill in any blanks if required :-)

Any help is appreciated

Everyone's tags (3)

H-REAP configuration assistance


Your remote clients will - by default - authenticate centrally if the AP is connected to the WLC.

You can choose Local switching per WLAN. under WLAN configuartoin (under advanced tab from GUI) you can choose HREAP local switching.

Note: All H REAP security authentication processing (such as backend RADIUS authentication and pairwise master key [PMK] derivation) happens at the controller while the access point is in the connected state. All 802.11 authentication and association processing happens at the H REAP, no matter which mode the access point is in. When in Connected mode, H REAP proxies these associations/authentications to the controller. In Standalone mode, the access point cannot inform the controller of such events.

H REAP functionality varies depending upon its mode of operation (whether an H REAP is in the Connected or Standalone mode), how each WLAN is configured for both data switching (central or local) and wireless security

Reference: H-REAP Design and Deployment Guide.

I recommend that you go through the above link and read the guide which will be very useful for you.



Rating useful replies is more useful than saying "Thank you"
CreatePlease to create content