Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

H-REAP remote site limitiations

H-REAP has been designed (according to Cisco) for small branch deployments, where a WLC may not be justifiable. It does not appear to be designed to handle medium to large deployments (say, 25 to a few 100 APs). Limitiations are as follows:

* AP Groups: No limit specified but I have been able to add 200, which would be sufficient.

* WLANs: Up to 512 allowed which is sufficient.

* H-REAP Groups: Up to 20 groups of 25 APs. A reasonable number but not really enough.

* RADIUS Servers: Up to 17. As we use 2 x per site, that would allow 8 x remote site. Unfortunately not enough.

With manufacturers like Aruba supporting up to 8000 remote APs on their top WLC I would expect these limits to be higher on their flagship WLC. Can anyone suggest how to support a few dozen H-REAP sites with 10 - 75 APs each on the 5508.

New Member

Re: H-REAP remote site limitiations

... or whether increases in these limits is on the road-map for a future release?

New Member

Re: H-REAP remote site limitiations

I've done a 300 plus AP deployment in H-Reap mode, but we used several controllers. We also did central authentication for their locally switched SSID. This does bring in the possibility of an outage in the case of a WAN outage, but for this customer that wasn't a big issue since the majority of the application that would be accessed on the WiFi would be down in the event of a WAN outage, plus they had VPN backup.

I would have liked more H-REAP groups, but we worked around it for small locations.

If you had a bunch of small locations with local auth you would be in trouble, but the other limitaions are minor.

New Member

Re: H-REAP remote site limitiations

Well the biggest limitation I mentioned above was with the RADIUS server limit which obviously is an issue with local RADIUS authentication particularly if you want to allow new 802.1x connections during a WAN outage. Hopefully the controllers will move this way in the future.

CreatePlease to create content