Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
7-25
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 7 Cisco Unified Wireless Hybrid REAP
H-REAP Configuration
Step 2
Click Apply.
Note
All WLANs shown in the grey box are centrally switched and may or may not be active, depending on
whether the WLAN is administratively enabled at the WLC. All user traffic associated with a centrally
switched WLAN is tunneled back to the WLC.
whether the WLAN is administratively enabled at the WLC. All user traffic associated with a centrally
switched WLAN is tunneled back to the WLC.
Centrally switched WLANs can be excluded from the H-REAP by using the WLAN override feature to
hide any WLANs that are not required.
hide any WLANs that are not required.
Note
For each locally switched WLAN, there must be a DHCP helper address or local DHCP pool configured
for its associated VLAN.
for its associated VLAN.
WLC Dynamic Interface Configuration for Remote Only WLANs
The sample configurations above assume that a given WLAN is being used at both the main campus and
one or more remote site locations. However, there may be instances where a WLAN needs to be defined
exclusively for use by one or more remote sites, where only H-REAP local switching is used.
one or more remote site locations. However, there may be instances where a WLAN needs to be defined
exclusively for use by one or more remote sites, where only H-REAP local switching is used.
In this scenario, a WLAN is created on the WLC that must be mapped to a local dynamic interface, even
though the WLAN will not be used at the main campus. The default behavior of the WLC is to map a
newly created WLAN to the management interface. Even though the (remote) WLAN will be switched
locally at each site, precautions should be taken at the WLC to map the WLAN to a “dummy”
interface/VLAN. The WLAN should not be left mapped to the WLC management interface. This is to
prevent wireless client traffic from inadvertently accessing the management subnet due to
misconfiguration.
though the WLAN will not be used at the main campus. The default behavior of the WLC is to map a
newly created WLAN to the management interface. Even though the (remote) WLAN will be switched
locally at each site, precautions should be taken at the WLC to map the WLAN to a “dummy”
interface/VLAN. The WLAN should not be left mapped to the WLC management interface. This is to
prevent wireless client traffic from inadvertently accessing the management subnet due to
misconfiguration.
The quickest way to mitigate against this vulnerability is to create a dynamic interface on the WLC that
maps to an isolated VLAN where no DHCP services or logical connectivity exists with the rest of the
Enterprise network. This VLAN could even map to a NAC appliance or firewall as an added precaution.
maps to an isolated VLAN where no DHCP services or logical connectivity exists with the rest of the
Enterprise network. This VLAN could even map to a NAC appliance or firewall as an added precaution.
H-REAP Verification
Verifying the H-REAP AP Addressing
•
If using DHCP to assign an address, verify DHCP server configuration settings, correct subnet,
mask, and default gateway.
mask, and default gateway.
•
Ensure AP DHCP scope is defined for the native VLAN.
•
If AP was configured with a static addresses, ensure AP address, subnet, mask and gateway are
consistent with addressing scheme used within the branch location using the show lwapp ip config
command. See
consistent with addressing scheme used within the branch location using the show lwapp ip config
command. See
for more information.
Verifying the WLC Resolution Configuration
•
If using DHCP Option 43 for WLC resolution, verify that the VCI and VSA string format on the
DHCP server is correct.
DHCP server is correct.