Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
7-4
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 7 Cisco Unified Wireless Hybrid REAP
Hybrid REAP
H-REAP States
An H-REAP WLAN, depending on its configuration and network connectivity, can be classified as being
in one of the following states:
in one of the following states:
•
Authentication-central/switch-central—This state represents a WLAN that uses a centralized
authentication method such as 802.1x, VPN, or web. User traffic is sent to the WLC via LWAPP.
This state is supported only when H-REAP is in Connected mode (see
authentication method such as 802.1x, VPN, or web. User traffic is sent to the WLC via LWAPP.
This state is supported only when H-REAP is in Connected mode (see
). 802.1X is used
in this example, but other mechanisms are equally applicable.
•
Authentication down/switching down—Central switched WLANs (above) no longer beacon or
respond to probe requests when the H-REAP is in standalone mode. Existing clients are
disassociated.
respond to probe requests when the H-REAP is in standalone mode. Existing clients are
disassociated.
•
Authentication-central/switch-local—This state represents a WLAN that uses centralized
authentication, but user traffic is switched locally. This state is supported only when H-REAP is in
Connected mode (see
authentication, but user traffic is switched locally. This state is supported only when H-REAP is in
Connected mode (see
). 802.1X is used in this example, but other mechanisms are equally
applicable.
•
Authentication-down/switch-local—A WLAN that requires central authentication (see above)
rejects new users. Existing authenticated users continue to be switched locally until session timeout
(if configured). The WLAN continues to beacon and respond to probes until there are no more
(existing) users associated to the WLAN. This state occurs as a result of the AP going into
standalone mode. (see
rejects new users. Existing authenticated users continue to be switched locally until session timeout
(if configured). The WLAN continues to beacon and respond to probes until there are no more
(existing) users associated to the WLAN. This state occurs as a result of the AP going into
standalone mode. (see
•
Authentication-local/switch-local—This state represents a WLAN that uses open, static WEP,
shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security
methods supported locally if an H-REAP goes into standalone mode. The WLAN continues to
beacon and respond to probes (see
shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only security
methods supported locally if an H-REAP goes into standalone mode. The WLAN continues to
beacon and respond to probes (see
). Existing users remain connected and new user
associations are accepted. If the AP is in connected mode, authentication information for these
security types is forwarded to the WLC.
security types is forwarded to the WLC.
Figure 7-2
Authentication-Central/Switch-Central WLAN
Centralized
WLAN Controller
Branch
Servers
H-REAP
AAA
WCS
LWAPP
Branch
190696
Corporate Central
User Data
LWAPP User Data
LWAPP User Data
LWAPP Control
802.1x
802.1x