Cisco Wireless :: Configuring H-REAP Local Switching On The WLAN?
Oct 11, 2011
I'm reading up on H-REAP in the Deploying and troubleshooting Cisco Wireless LAN Controllers book (Chapter 13) and I would like some clarification on the except below.:"Also notice that, as part of the WLAN configuration, no mention was made of choosing and interface for the WLAN. Unless you will have APs in local mode servicing a WLAN configured for local switching in conjunction with H-REAP APs, the controller interface is irrelevant because the controller will not bridge the client traffic on the network.The H-REAP performs that function. Even if you will not be using any local mode APs, you must choose an interface to be associated with your WLAN. In this case, you could use the management interface or create a quarantine VLAN interface, for example if you do not want client traffic to be bridged by the controller if the client traffic is no longer locally switched."Our corporate office has 2 5508 controllers and 150+ APs in local mode. I'm preparing to deploy a couple of H-REAP APs to a remote site to test. Is this saying you have to choose an interface when creating a WLAN, but if the WLAN will only be used by H-REAP APs w/ local switching it does not matter which interface is used when creating the WLAN. If there are APs in local mode using the same WLAN, the interface the WLAN associates with needs to be on the same subnet as the devices connecting the the WLAN?
View 3 Replies
ADVERTISEMENT
Jan 1, 2013
I have Cisco 5508 Wlan Controller Software version 7.2.103.0 and I have Cisco AIR-CAP3602I-E-K9 Lightweight Access Points network and its working fine now I want to configure the Repeater in this network. Because there is one area we cannot layout the cable. How to add the repeater and how to configure the repeater in wlan controller network.
Do i need the change the software of Wlan Controller to support Mesh Network or this version 7.2.103.0 can support the repeater because for 1 access point i dont want to upgrade the version.
View 22 Replies
View Related
Apr 4, 2013
I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.
For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.
View 8 Replies
View Related
Feb 19, 2013
Im trying to configure remote access VPN on ASA5505. I configured it as local CA server, installed digital certificate on remote station and everything looks fine as far as i can see. I'm using cisco VPN client 5.0 on remote station. when i initiate VPN session it fails while trying to connect. Looks like im missing some configuration but i cannot figure out what it is. Currently i have firewall configured to use group authentication and everything works fine. I want to switch it to use certificate authentication, and if possible, confiure firewall to use main mode instead of aggressive mode for better security.
View 4 Replies
View Related
Jun 10, 2012
I need configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.I have attempted to configure rdp access but it does not seem to be working for me. How to modify my current configuration to allow this? I need to allow the following IP addresses to have RDP access to my server: [code] The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. My configuration file and what are the commands i need in order to put this through. Also, if there are any bad/conflicting entries. Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course.Also the bolded lines are the modifications I made but that arent working. [code]
View 8 Replies
View Related
Mar 2, 2013
Is there is is any posibility to run WLC4402 and 104x family in H-REAP mode.
View 8 Replies
View Related
Feb 29, 2012
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies
View Related
Jan 11, 2012
Just trying to figure out how LAP manage clients in a h-reap setup.Have a setup with native vlan on 144 (switch and AP) and ssid tagging in other vlan... Got this on switch:
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Wonder why clients MAC is seen on native vlan (and ofcourse also on taged vlan) ...?
View 4 Replies
View Related
Sep 4, 2012
We have a customer who is evaluating a Cisco Vs. Motorla wirless solution. He says that a Motorola AP can only work in standalone mode for 48 hrs. after it lost communication to the controller. Is there any limitation like this with a 2500 controller and 1140 series access points solution?. Is there any reference to show?
View 3 Replies
View Related
Oct 14, 2012
i have configured cisco LAP1240 in H-Reap Mode for multiple branch offices with Local switching and central authentication. one of the branch's AP does not join the controller in HQ while the others are all ok. i have firewall only in HQ, i did priming first for all APs like let them join the controller and configure controller IP in high availbility, and H-Reap config and assign SSID to map with the branch local vlan. when i faced this issue first time i brought back ap and configure a static IP address for AP than recheck them again but the problem still same. since i have only one firewall in the network and also other branches joined the controller through that firewall and no issues.
View 3 Replies
View Related
Apr 23, 2012
I'm trying to figure out if it is possible to configure in one site a wireless setup that goes like this:
One WLC (5508), multiple LAP's in H-REAP mode.
AP's will be splitted in multiple VLAN's belonging to different departments but with the same SSID.Each VLAN will have it's own DHCP scope. All AP's are located in the same site and I need to know if it is possible to roam between AP's that belong to different departments?
View 3 Replies
View Related
Sep 7, 2011
What is the maximum number of WLANs/SSIDs that can be configured on a H-REAP access point? I have a network with 3502i AP's, centralised WLC's in the data centre running 7.0.116.0, and WCS version 7.0.172.0.
I was successfully running 2 SSID's at a remote site, one SSID was configured for H-REAP local switching, dropping out to the local site VLAN X, and the other SSID was a central switching guest WLAN anchored to a WLC in a DMZ.I configured a third SSID at the local site running H-REAP local switching, and now I cannot see the guest SSID anymore, it does not appear to be broadcasting.Is there a maximum of 2 WLANs/SSIDs when operating in H-REAP mode?
View 5 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Jun 10, 2013
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
View 4 Replies
View Related
Oct 12, 2011
We use LAP 1042's as our main AP's, and we set those in H-REAP (with Local Switching) in order to let them work properly. This is because our WLC is not located in the AP's local network. This is something that, sadly, cannot change, so this has to stay the way it is now.We also use a freeradius server to authenticate users on our wireless network. In our previous situation, before using Cisco appliances, we would just set our web auth page to a certain URL and make sure that the URL was granted access before authentication. We obviously found out that Cisco implemented this by using a Pre-Auth ACL. As a result we've added the IP adres of that web login page to a ACL and added that ACL to the pre-auth for the WLAN that will use Radius Web Auth. The WLAN also has the Radius servers added to the AAA page, so those are in place.
Now comes the problem though. When I connect to the WLAN that will have to use Radius, and try to open a page it will start trying to load the virtual interface (1.1.1.1) and then it will try to redirect to the web-page that I defined in the External Server. Like I stated, I've added the webpage's IP adres (after resolving it) to the pre-Auth ACL, and when I look at the counters I see that go up every time I try to load a page. Yet the browser on the computer gives me a time-out trying to load the external web-server web auth page.
When I disable Web-Auth all-together, I get internet straight away, so the problem obviously is located in the web-auth settings or ACL settings somewhere, but at this point I just don't know where to look anymore.
View 6 Replies
View Related
Dec 21, 2011
We have some remote H-READ APs at a branch office and a 7921 phone which drops calls/loses audio when roaming between APs.We are just using WPA2 without any 802.1x or CCKM/PKC.
Do we absolutely have to set up a radius server/8021.x/EAP to enable fast roaming?We had 2 AP's autonomous with WPA2 before and roaming didn't seem to be an issue. We now have 4 APs over WLC in the same office and the phone calls are very unstable.
View 3 Replies
View Related
Mar 27, 2012
Should I trunk the port to the AP or not. I have a WLC 5508 in the head office and have AP in the remote office. I do not want traffic in the remote office to traverse the wan back to the WLC. I want the users at the remote office to use the local sub net at the remote site.
Should I then trunk the AP port on the switch to the AP as I have multiple ssid's with different sub nets?
View 3 Replies
View Related
Apr 22, 2012
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
View 1 Replies
View Related
Feb 20, 2013
after upgrading to 7.4.100.0 im getting this error message when trying to apply changes on the wlan id."mDNS profiling cannot be enabled with flexconnect local switching"if unselect mDNS snooping under (wlan id/advanced) i can apply the changes, but only temporary.when im looking the next time, the tick box mDNS snooping is enabled again.is this a bug or what?
View 7 Replies
View Related
Nov 23, 2009
I have a tale of woe for you who may be considering Hybrid REAP with local switching.
My client has a varied configuration, but the requirements basically screamed HREAP with local switching. They have 15 sites, had already purchased a single WLC 4404 and they needed between 4 and 24 APs at each of the sites. Each of these locations are connected by a WAN link of good quality, but only a single link so there is no assurance of availability; the client has local resources so it would be useful if wireless stayed working during an outage.
So I setup the WLC for HREAP local switching. I setup AP Groups VLANs, but I noticed it had no effect on the VLAN allocation for HREAP. This was unfortunate, because not every site has the same VLAN configuration - some sites had a L3 switch and others only a L2 switch. But I suffered through this and configured each AP manually with the appropriate VLAN mappings.
The infuriating thing, is now that they have bought a second WLC 4404 (they expect to increase the number of APs beyond 100) all these VLAN mappings are messed up when APs connect to the second WLC. I've been going through them one by one again - it is really unfortunate that the AP Groups VLAN mappings don't apply to HREAP local switching.
I'm going to get back to the next 80 APs - but if some of you have a system for handling the VLAN mappings of a large number of APs.
View 4 Replies
View Related
Sep 1, 2012
i have 5508 WLC and 1242 LAP . i 5508 connects to core switch and LAP connects to access switch, and there is L3 link from core swtich to access switch , so i have to use HREAP to let my WLC to control my APs.in my access switch i set ip helper-address to my WLC in the client vlam, then all the wireless clients cannot get ip address from the WLC.but if i set ip helper-address to another DHCP server , the wireless clients can get ip address .so i dont know why WLC cannot be the DHCP server of the wireless client?
View 3 Replies
View Related
Nov 29, 2012
I need to integrate Cisco ISE and WLC5508 with FlexConnect (local switching) using EAP-TLS security for wireless clients across multiple floors (dynamic VLAN assignments based on floor level). The AP model used is 3602.
- What RADIUS Attribute can be used for dynamic VLAN assignments based on floor level? Is there an option where I can group all LWAPs in same floor for getting certain VLAN from ISE?
- I intend to use WLC software version 7.2 since 7.3 is latest version. Has someone use WLC software version 7.3 without any major bugs/issues pertaining to FlexConnect and EAP-TLS?
- I read some documents saying L3 roaminig is where the associated WLC has changed. However if user move to different subnet but still associated to the same WLC, would this be consider as L3 roaming too?
View 3 Replies
View Related
Jan 14, 2013
We have a 5508 controller in main site.Which has two ports connected to local network.Management VLAN 500 is untagged and mapped to Port 1.All other interfaces are including 501 to 507 are mapped to Port 2.We have a SSID that is mapped to VLAN 501 interface , which successfully can be joined in main site.We connect an AP to remote site ;We have a remote site VLAN 115 which can be reached from main site.We connect an AP to access vlan 115 port on the remote site , we had described option 43 , so AP can successfully finds controller in local mode.
AP gets ip from VLAN 115 , can setup connection / ping controller successfully.There is a wide area connection between remote and main site.No trunk setup , the whole remote site is vlan 115.However when the client is trying to connect the test SSID , client cant get connected nor get ip address.Local switching is disabled.For this setup , client comes to AP as a requested , AP tunnels traffic to controller from vlan 500 , controller lets the client get into wired platform from VLAN 501.
View 25 Replies
View Related
Jan 17, 2012
see the attached diagram to explain the network. I'm trying to do a "port-to-port" layer 2 connection on an ASR that will bi-directionally bridge a physical interface to a sub-interface. I tried using " connect VLAN200 Gig0/1/0 Gig0/0/3.200 interworking ethernet " but I'm not getting traffic through the connection.
I don't think BDI will work because it requires a Layer 3 point. I have to make this Layer 2 switching.
View 5 Replies
View Related
Apr 5, 2013
I have a Cisco router 1941 connected to a switch. I'm configuring the w LAN- AP and i need to have the wireless devices have an ip in the same range of the wired devices.Since i cant use the same ip range on the gig0/1 and the V LAN 1 for the wireless, i wanted to know how to config the giga0/1 connected to the switch to act as a layer 2 port and i keep the ip on the v LAN 1.
View 9 Replies
View Related
Apr 13, 2013
I am trying simulate the next lab on GNS3 but the ping don't work between hosts on the same VLAN.
View 2 Replies
View Related
Jun 1, 2013
Configuring an application using routing mode on cisco ace clients ---asa--3750--cisco ace--- servers behind vip,visa card transaction servers.i am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine,when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.but if the transaction from the servers need to go to the visa card transaction servers ,how can we achieve this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.
View 1 Replies
View Related
May 25, 2012
I currently have a Cisco 891 running with a FTP running on port 21. I currently have the NAT from external IP to and internal IP 192.168.12.6 for port 21. And the firewall allowing that traffic through and client software is working fine. However I need this FTP to be running on port 990 and anytime I change the NAT and the firewall, the external FTP clients connect but then drop when recieving the directory listing.
View 10 Replies
View Related
Feb 21, 2013
I have IP phones connected to 2960 i want to segregate traffic traffic comming from IP phones which has a COS value of 5 and want to allocate a band width of 200 MBPS for those traffic .
Can any one share sample QOS configuration for achiving this in 2960 ?
View 2 Replies
View Related
Mar 24, 2013
to configure this router my main objective is ADSL connection, and wireless network setup.
[code]...
View 8 Replies
View Related
Jun 10, 2013
We think we have configured the ACE and Tacacs properly as we auth, but are not able to enter into configuration mode.
ACE-4710 A4(2.3)
View 1 Replies
View Related
Aug 4, 2012
I'm configuring VSS with two Sup2T but the Sup2T of the standby not coming active
View 6 Replies
View Related
May 22, 2013
I'm looking for some input on configuring vPC on the Nexus 3048.I know that it's supported to use 1G interfaces for the vPC Peer-Link, but using 2x1G for the Peer-Link would make the Peer-Link a bottle-neck if the 10G ports are used in a vPC. What about using 2x10G ports for the Peer-Link and using the remaining 10G ports in one, or potentially two vPCs. Should that work or is it in any way not recommended? The reason I'm asking is that the 10G ports are called "Uplink" ports in the data sheets for the 3048.
We are planning to connect some servers to the 3048s using vPC with each server connected by 4x1G interface (2x1G for each switch), and then we want to connect a Netapp storage system with two controllers using 2x10G each (the controllers are active/passive, so you can think of it as two separate systems). We would connect controller A with vPC 1x10G to each switch, and controller B in the same way with vPC 1x10G to each switch.
View 2 Replies
View Related
