Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

231

232

233

234

235

236

237

238

239

240

231 | IAP-VPN Deployment Aruba Instant 6.4.0.2-4.1 | User Guide

VPN Local Pool Configuration

The VPN local pool is used to assign an IP Address to the IAP after successful XAUTH VPN.

(host) # ip local pool "rapngpool" <startip> <endip>

Role Assignment for the Authenticated IAPs

Define a role that includes a src-nat rule to allow connections to the RADIUS server and for the Dynamic Radius

Proxy in the IAP to work. This role is assigned to IAPs after successful authentication.

(host) (config) #ip access-list session iaprole

(host) (config-sess-iaprole)#any host <radius-server-ip> any src-nat

(host) (config-sess-iaprole)#any any any permit

(host) (config-sess-iaprole)#!

(host) (config) #user-role iaprole

(host) (config-role) #session-acl iaprole

VPN Profile Configuration

The VPN profile configuration defines the server used to authenticate the IAP (internal or an external server) and the

role assigned to the IAP after successful authentication.

(host) (config) #aaa authentication vpn default-iap

(host) (VPN Authentication Profile "default-iap") #server-group default

(host) (VPN Authentication Profile "default-iap") #default-role iaprole

Branch-ID Allocation

For branches deployed in distributed L3 and distributed L2 mode, the master AP in the branch and the controller

should agree upon a subnet/IP addresses to be used for DHCP services in the branch. The process or protocol used

by the master AP and the controller to determine the subnet/IP addresses used in a branch is called BID allocation.

The BID allocation process is not essential for branches deployed in local or centralized L2 mode. The following are

some of the key functions of the BID allocation process:

l Determines the IP addresses used in a branch for distributed L2 mode

l Determines the subnet used in a branch for distributed L3 mode

l Avoids IP address or subnet overlap (that is, avoids IP conflict)

l Ensures that a branch is allocated the same subnet or range of IP addresses irrespective of which AP in the

branch becomes the master in the IAP cluster

Branch Status Verification

To view the details of the branch information connected to the controller, execute the show iap table command.

Example

This example shows the details of the branches connected to the controller:

(host) #show iap table long

IAP Branch Table

----------------

Name VC MAC Address Status Inner IP Assigned Subnet Assigned Vlan

---- -------------- ------ -------- --------------- -------------

Tokyo-CB:D3:16 6c:f3:7f:cc:42:f8 DOWN 0.0.0.0

Paris-CB:D3:16 6c:f3:7f:cc:3d:04 UP 10.15.207.140 10.15.206.99/29 2

LA 6c:f3:7f:cc:42:25 UP 10.15.207.111 10.15.206.24/29 2

Munich d8:c7:c8:cb:d3:16 DOWN 0.0.0.0

London-c0:e1 6c:f3:7f:c0:e1:b1 UP 10.15.207.120 10.15.206.64/29 2

Instant-CB:D3 6c:f3:7f:cc:42:1e DOWN 0.0.0.0

Delhi 6c:f3:7f:cc:42:ca DOWN 0.0.0.0

Singapore 6c:f3:7f:cc:42:cb UP 10.15.207.122 10.15.206.120/29 2