Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-651
171172173174175176177178179180
Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Remote Access Points | 179
Chapter 7
Remote Access Points
The Secure Remote Access Point Service allows AP users, at remote locations, to connect to an Dell controller
over the Internet. Since the Internet is involved, data traffic between the controller and the remote AP is VPN
encapsulated. That is, the traffic between the controller and AP is encrypted. Remote AP operations are
supported on all of Dell’s APs. This chapter discusses the following topics:
“Overview” on page179
“Configuring the Secure Remote Access Point Service” on page180
“Deploying a Branch Office/Home Office Solution” on page189
“Enabling Double Encryption” on page194
“Advanced Configuration Options” on page194
Overview
Remote APs connect to a controller using Extended Authentication and Internet Protocol Security (XAuth/
IPSec). AP control and 802.11 data traffic are carried through this tunnel. Secure Remote Access Point Service
extends the corporate office to the remote site. Remote users can use the same features as corporate office users.
For example, voice over IP (VoIP) applications can be extended to remote sites while the servers and the PBX
remain secure in the corporate office.
Secure Remote Access Point Service can also be used to secure control traffic between an AP and the controller in
a corporate environment. In this case, both the AP and controller are in the company’s private address space.
The remote AP must be configured with the IPSec VPN tunnel termination point. Once the VPN tunnel is
established, the AP bootstraps and becomes operational. The tunnel termination point used by the remote AP
depends upon the AP deployment, as shown in the following scenarios:
Deployment Scenario 1: The remote AP and controller reside in a private network which is used to secure AP-
to-controller communication. (Dell recommends this deployment when AP-to-controller communications on
a private network need to be secured.) In this scenario, the remote AP uses the controller’s IP address on the
private network to establish the IPSec VPN tunnel.
Figure 25 Remote AP with a Private Network
Deployment Scenario 2: The remote AP is on the public network or behind a NAT device and the controller is
on the public network. The remote AP must be configured with the tunnel termination point which must be a
publicly-routable IP address. In this scenario, a routable interface is configured on the controller in the DMZ.
The remote AP uses the controller’s IP address on the public network to establish the IPSec VPN tunnel.
Corporate Network
Intranet
Controller’s
IP Address