13-9
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 13 Configuring Hybrid REAPWireless Device Access
Configuring Hybrid REAP
Note When you enable hybrid-REAP local switching, the Learn Client IP Address check box is
enabled by default. However, if the client is configured with Fortress Layer 2 encryption, the
controller cannot learn the client IP address, and the controller periodically drops the client.
Disable this option so that the controller maintains the client connection without waiting to
learn the client IP address. The ability to disable this option is supported only with
hybrid-REAP local switching; it is not supported with hybrid-REAP central switching.
Note For hybrid-REAP access points, the interface mapping at the controller for WLANs
configured for H-REAP Local Switching is inherited at the access point as the default VLAN
tagging. This can be easily changed per SSID, per hybrid-REAP access point.
Non-hybrid-REAP access points tunnel all traffic back to the controller, and VLAN tagging
is dictated by each WLAN’s interface mapping.
c. Click Apply to commit your changes.
d. Click Save Configuration to save your changes.
Step 3 Follow these steps if you also want to create a centrally switched WLAN that is used for guest access.
In our example, this is the third WLAN (guest-central). You might want to tunnel guest traffic to the
controller so you can exercise your corporate data policies for unprotected guest traffic from a central
site.
Note Chapter 10 provides additional information on creating guest user accounts.
a. Follow the substeps in Step 1 to create a new WLAN. In our example, this WLAN is named
“guest-central.”
b. When the WLANs > Edit page appears, modify the configuration parameters for this WLAN. In our
employee WLAN example, you would need to choose None for both Layer 2 Security and Layer 3
Security on the Security > Layer 2 and Security > Layer 3 tabs and check the Web Policy check box
and make sure Authentication is selected on the Layer 3 tab.
Note If you are using an external web server, you must configure a preauthentication access
control list (ACL) on the WLAN for the server and then choose this ACL as the WLAN
preauthentication ACL on the Layer 3 tab. See Chapter 5 for more information on ACLs.
Note Make sure to enable this WLAN by checking the Status check box on the General tab.
c. Click Apply to commit your changes.
d. Click Save Configuration to save your changes.
e. If you want to customize the content and appearance of the login page that guest users will see the
first time they access this WLAN, follow the instructions in Chapter 5.
f. To add a local user to this WLAN, click Security > AAA > Local Net Users.
g. When the Local Net Users page appears, click New. The Local Net Users > New page appears (see
Figure 13-4).
To Next Page
Loading...
Need help?
General
