Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
7-7
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 7 Cisco Unified Wireless Hybrid REAP
Hybrid REAP
Figure 7-6
H-REAP Typology
Branch Guest Access
One of the challenging aspects of using standard REAP APs in the branch is the implementation of guest
access, which is difficult to implement for the following reasons:
access, which is difficult to implement for the following reasons:
•
All WLANs map to the same local VLAN, thereby making it difficult to differentiate and segment
guest users from branch users.
guest users from branch users.
•
All user traffic is switched locally; therefore, guest access traffic must somehow be segmented and
routed back to the central site for access control and authentication, or if local Internet access is
available at the branch, both segmentation and access control must be implemented locally.
routed back to the central site for access control and authentication, or if local Internet access is
available at the branch, both segmentation and access control must be implemented locally.
The H-REAP AP helps overcome some of these challenges with the introduction of concurrent local and
central switching. In an H-REAP topology, an SSID/WLAN designated for guest access can be tunneled
via LWAPP to a central WLC where its corresponding interface/VLAN can be switched directly to an
interface of an access control platform, such as Cisco SSG/ISG or Cisco NAC Appliance. Alternatively,
the centralized WLC itself can perform web authentication for the guest access WLAN. In either case,
the guest user's traffic is segmented (isolated) from other branch office traffic.
central switching. In an H-REAP topology, an SSID/WLAN designated for guest access can be tunneled
via LWAPP to a central WLC where its corresponding interface/VLAN can be switched directly to an
interface of an access control platform, such as Cisco SSG/ISG or Cisco NAC Appliance. Alternatively,
the centralized WLC itself can perform web authentication for the guest access WLAN. In either case,
the guest user's traffic is segmented (isolated) from other branch office traffic.
provides an
example of guest access topology using the H-REAP AP. For more information, see
222553
WCS
Corporate
Servers
Branch
Servers
H-REAP
WLAN 1
WLAN 2
VLAN Local Access WLAN 1
VLAN Local Access WLAN 2
Management VLAN
LWAPP Control
VLAN Local Access WLAN 2
Management VLAN
LWAPP Control
Centralized
WLAN Controller
Branch
Corporate Central
LWAPP
dot1q
Trunk
Trunk
dot1q
Trunk
Trunk