Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

361

362

363

364

365

366

367

368

369

370

Configuration Steps CLI Commands UI Procedure

1. Configure the primary

host for VPN with the

Public VRRP IP address

of the controller.

(ap)(config)# vpn primary <public VRRP IP of

controller>

See

Configuring an

IPSec Tunnel

2. Configure a routing

profile to tunnel all

10.0.0.0/8 subnet traffic to

controller.

(ap)(config)# routing-profile

(ap)(routing-profile)# route 10.0.0.0 255.0.0.0 <public VRRP IP of

controller>

See

Configuring

Routing

Profiles

3. Configure Enterprise

DNS for split DNS. The

example in the next

column uses a specific

enterprise domain to only

tunnel all DNS queries

matching that domain to

corporate.

(ap)(config)# internal-domains

(ap)(domains)# domain-name corpdomain.com

See

Configuring

Enterprise

Domains

4. Configure centralized L2

and distributed L3 with

VLAN 20 and 30

respectively.

Centralized L2 profile (ap)(config)# ip dhcp l2-dhcp

(ap)(DHCP Profile "l2-dhcp")# server-type

Centralized,L2

(ap)(DHCP Profile "l2-dhcp")# server-vlan 20

Distributed L3 profile

(ap)(config)# ip dhcp l3-dhcp

(ap)(DHCP Profile "l3-dhcp")# server-type

Distributed,L3

(ap)(DHCP Profile "l3-dhcp")# server-vlan 30

(ap)(DHCP Profile "l3-dhcp")# ip-range 10.30.0.0

10.30.255.255

(ap)(DHCP Profile "l3-dhcp")# dns-server

10.1.1.50,10.1.1.30

(ap)(DHCP Profile "l3-dhcp")# domain-name

corpdomain.com

(ap)(DHCP Profile "l3-dhcp")# client-count 200

NOTE: The IP range configuration on each branch will be the

same. Each IAP will derive a smaller subnet based on the client

count scope using the Branch ID (BID) allocated by controller.

See

Configuring a

Centralized

DHCP Scope

and

Configuring

Distributed

DHCP Scopes

5. Create authentication

servers for user

authentication. The

example in the next

column assumes 802.1x

SSID.

(ap)(config)# wlan auth-server server1

(ap)(Auth Server "server1")# ip 10.2.2.1

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

(ap)(Auth Server "server1")# exit

(ap)(config)# wlan auth-server server2

(ap)(Auth Server "server2")# ip 10.2.2.2

(ap)(Auth Server "server2")# port 1812

(ap)(Auth Server "server2")# acctport 1813

(ap)(Auth Server "server2")# key "presharedkey"

See

Configuring an

External Server

for

Authentication

6. Configure wired and

wireless SSIDs using the

authentication servers

and access rules created

Configure wired ports to operate in L2 mode and associate

centralized L2 mode VLAN 20 to the wired port profile.

(ap)(config) # wired-port-profile wired-port

See

Configuring a

Wired Profile

and Wireless

Table 72:

IAP Configuration for Scenario 1 - IPSec: Single Datacenter Deployment with No Redundancy

Aruba Instant 6.4.0.2-4.1 | User Guide IAP-VPN Deployment Scenarios | 365