Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

371

372

373

374

375

376

377

378

379

380

373 | IAP-VPN Deployment Scenarios Aruba Instant 6.4.0.2-4.1 | User Guide

Configuration Steps CLI Commands UI Procedure

(ap)(config)# ip dhcp local

(ap)(DHCP profile "local")# server-type Local

(ap)(DHCP profile "local")# server-vlan 20

(ap)(DHCP profile "local")# subnet 172.16.20.1

(ap)(DHCP profile "local")# subnet-mask

255.255.255.0

(ap)(DHCP profile "local")# lease-time 86400

(ap)(DHCP profile "local")# dns-server

10.1.1.30,10.1.1.50

(ap)(DHCP profile "local")# domain-name

arubanetworks.com

NOTE: The IP range configuration on each branch will be the

same. Each IAP will derive a smaller subnet based on the client

count scope using the Branch ID (BID) allocated by controller.

5. Create authentication

servers for user

authentication. The

example in the next

column assumes 802.1x

SSID.

(ap)(config)# wlan auth-server server1

(ap)(Auth Server "server1")# ip 10.2.2.1

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

(ap)(Auth Server "server1")# exit

(ap)(config)# wlan auth-server server2

(ap)(Auth Server "server1")# ip 10.2.2.2

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

See

Configuring an

External Server

for

Authentication

6. Configure wired and

wireless SSIDs using the

authentication servers

and access rules and

enable authentication

survivability.

Configure wired ports to operate in NAT mode and associate VLAN

to the wired port profile.

(ap)(config) # wired-port-profile wired-port

(ap)(wired-port-profile "wired-port")# switchport-

mode access

(ap)(wired-port-profile "wired-port")# allowed-vlan

all

(ap)(wired-port-profile "wired-port")# native-vlan

(ap)(wired-port-profile "wired-port")# no shutdown

(ap)(wired-port-profile "wired-port")# access-rule-

name wired-port

(ap)(wired-port-profile "wired-port")# type employee

(ap)(wired-port-profile "wired-port")# auth-server

server1

(ap)(wired-port-profile "wired-port")# auth-server

server2

(ap)(wired-port-profile "wired-port")# dot1x

(ap)(wired-port-profile "wired-port")# exit

(ap)(config)# enet1-port-profile wired-port

Configure a wireless SSID to operate in L3 mode for employee and

associate distributed L3 mode VLAN 30 to the WLAN SSID profile.

(ap)(config) # wlan ssid-profile wireless-ssid

(ap)(SSID Profile "wireless-ssid")# enable

(ap)(SSID Profile "wireless-ssid")# type employee

See

Configuring a

Wired Profile

and Wireless

Network

Profiles

Table 74:

IAP Configuration for Scenario 3 - IPSec: Multiple Datacenter Deployment