Hybrid Reap Guidelines - Cisco SD2008T-NA Configuration Manual

Overview of Hybrid REAP
When a hybrid-REAP access point enters standalone mode, it disassociates all clients that are on
centrally switched WLANs. For 802.1X or web-authentication WLANs, existing clients are not
disassociated, but the hybrid-REAP access point stops sending beacons when the number of associated
clients reaches zero (0). It also sends disassociation messages to new clients associating to 802.1X or
web-authentication WLANs. Controller-dependent activities such as 802.1X authentication, NAC, and
web authentication (guest access) are disabled, and the access point does not send any intrusion detection
system (IDS) reports to the controller. Furthermore, most radio resource management (RRM) features
(such as neighbor discovery; noise, interference, load, and coverage measurements; use of the neighbor
list; and rogue containment and detection) are disabled. However, a hybrid-REAP access point supports
dynamic frequency selection in standalone mode.
If your controller is configured for network access control (NAC), clients can associate only when the
Note
access point is in connected mode. When NAC is enabled, you need to create an unhealthy (or
quarantined) VLAN so that the data traffic of any client that is assigned to this VLAN passes through
the controller, even if the WLAN is configured for local switching. Once a client is assigned to a
quarantined VLAN, all of its data packets are centrally switched. See the
Interfaces" section on page 3-15
The hybrid-REAP access point maintains client connectivity even after entering standalone mode.
However, once the access point re-establishes a connection with the controller, it disassociates all clients,
applies new configuration information from the controller, and reallows client connectivity.

Hybrid REAP Guidelines

Keep these guidelines in mind when using hybrid REAP:
•
•
•
•
•
•
•
Cisco Wireless LAN Controller Configuration Guide
12-4
A hybrid-REAP access point can be deployed with either a static IP address or a DHCP address. In
the case of DHCP, a DHCP server must be available locally and must be able to provide the IP
address for the access point at bootup.
Hybrid REAP supports up to four fragmented packets or a minimum 500-byte maximum
transmission unit (MTU) WAN link.
Roundtrip latency must not exceed 100 milliseconds (ms) between the access point and the
controller, and LWAPP control packets must be prioritized over all other traffic.
The controller can send multicast packets in the form of unicast or multicast packets to the access
point. In hybrid-REAP mode, the access point can receive multicast packets only in unicast form.
Hybrid REAP supports CCKM full authentication but not CCKM fast roaming.
Hybrid REAP supports a 1-1 network address translation (NAT) configuration. It also supports port
address translation (PAT) for all features except true multicast. Multicast is supported across NAT
boundaries when configured using the Unicast option.
VPN, PPTP, Fortress authentication, and Cranite authentication are supported for locally switched
traffic, provided that these security types are accessible locally at the access point.
Chapter 12
for information on creating quarantined VLANs.
Configuring Hybrid REAPWireless Device Access
"Configuring Dynamic
OL-9141-03