Information About Remote LANs
A Remote LAN (RLAN) is used for authenticating wired clients using the controller. Once the wired client successfully joins the controller, the LAN ports switch the traffic between central or local switching modes. The traffic from wired client is treated as wireless client traffic.
The RLAN in Access Point (AP) sends the authentication request to authenticate the wired client. The authentication of wired client in RLAN is similar to the central authenticated wireless client.
![]() Note |
RLAN is supported in APs that have more than one Ethernet port. |
The supported AP models are:
-
Cisco Catalyst 9105AXW
-
Cisco Catalyst 9105AXIT
-
Cisco Aironet OEAP 1810 series
-
Cisco Aironet 1815T series
-
Cisco Aironet 1810W series
-
Cisco Aironet 1815W
Information About Ethernet (AUX) Port
The second Ethernet port in Cisco Aironet 1850, 2800, and 3800 Series APs is used as a link aggregation (LAG) port, by default. It is possible to use this LAG port as an RLAN port when LAG is disabled.
The following APs use LAG port as an RLAN port:
-
1852E
-
1852I
-
2802E
-
2802I
-
3802E
-
3802I
-
3802P
Limitations for Using AUX port in Cisco 2700 Access Points
-
RLAN supports AUX port and non-native VLAN for this port.
-
Local mode supports wired client traffic on central switch. Whereas, Flexconnect mode does not support central switch.
-
Flexconnect mode supports wired client traffic on local switch and not on central switch.
-
AUX port cannot be used as a trunk port. Even switches or bridges cannot be added behind the port.
-
AUX port does not support dot1x.
Role of Controller
-
The controller acts as an authenticator, and Extensible Authentication Protocol (EAP) over LAN (EAPOL) messages from the wired client reaching the controller through an AP.
-
The controller communicates with the configured Authentication, Authorization, and Accounting (AAA) server.
-
The controller configures the LAN ports for an AP and pushes them to the corresponding AP.
![]() Note |
In RLAN (local mode - local switching mode), if you want to use the AP native VLAN for client IP, the VLAN should be configured as either no vlan or vlan 1 in the RLAN policy profile. For example, if the native VLAN ID is 80, do not use the number 80 in the RLAN policy profile. Also, do not use VLAN name VLANxxxx to configure VLAN in the RLAN policy profile. When a new client is connected to an AP, the client's details are available in the controller initially. However, after the CAPWAP DOWN/UP state, the client details are no longer listed in the controller. |