12-3
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Chapter 12 Configuring Hybrid REAPWireless Device Access
Overview of Hybrid REAP
•
If the access point has been assigned a static IP address, it can discover a controller through any of
the LWAPP discovery process methods except DHCP option 43. If the access point cannot discover
a controller through Layer 3 broadcast or OTAP, Cisco recommends DNS resolution. With DNS, any
access point with a static IP address that knows of a DNS server can find at least one controller.
•
If you want the access point to discover a controller from a remote network where LWAPP discovery
mechanisms are not available, you can use priming. This method enables you to specify (through
the access point CLI) the controller to which the access point is to connect.
Note
Refer to
Chapter 7
or the
Deploying Cisco 440X Series Wireless LAN Controllers
at this URL for more
information on how access points find controllers:
http://www.cisco.com/en/US/products/ps6366/tsd_products_support_series_home.html
When a hybrid-REAP access point can reach the controller (referred to as
connected mode
), the
controller assists in client authentication. When a hybrid-REAP access point cannot access the
controller, the access point enters standalone mode and authenticates clients by itself.
Note
The LEDs on the access point change as the device enters different hybrid-REAP modes. Refer to the
hardware installation guide for your access point for information on LED patterns.
When a client associates to a hybrid-REAP access point, the access point sends all authentication
messages to the controller and either switches the client data packets locally (locally switched) or sends
them to the controller (centrally switched), depending on the WLAN configuration. With respect to
client authentication (open, shared, EAP, web authentication, and NAC) and data packets, the WLAN
can be in any one of the following states depending on the configuration and state of controller
connectivity:
•
central authentication, central switching
—In this state, the controller handles client
authentication, and all client data is tunneled back to the controller. This state is valid only in
connected mode.
•
central authentication, local switching
—In this state, the controller handles client authentication,
and the hybrid-REAP access point switches data packets locally. After the client authenticates
successfully, the controller sends a configuration command with a new payload to instruct the
hybrid-REAP access point to start switching data packets locally. This message is sent per client.
This state is applicable only in connected mode.
•
local authentication, local switching
—In this state, the hybrid-REAP access point handles client
authentication and switches client data packets locally. This state is valid only in standalone mode.
•
authentication down, switching down
—In this state, the WLAN disassociates existing clients and
stops sending beacon and probe responses. This state is valid only in standalone mode.
•
authentication down, local switching
—In this state, the WLAN rejects any new clients trying to
authenticate, but it continues sending beacon and probe responses to keep existing clients alive. This
state is valid only in standalone mode.
When a hybrid-REAP access point enters standalone mode, WLANs that are configured for open,
shared, WPA-PSK, or WPA2-PSK authentication enter the “local authentication, local switching” state
and continue new client authentications. Other WLANs enter either the “authentication down, switching
down” state (if the WLAN was configured for central switching) or the “authentication down, local
switching” state (if the WLAN was configured for local switching).