Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 207 Access Points

221

222

223

224

225

226

227

228

229

230

226 | VPN Configuration Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide

Supported VPN Protocols

Instant support the following VPN protocols for remote access:

VPNProtocol Description

Dell IPsec IPsec is a protocol suite that secures IP communications by authenticating and encrypting each IP

packet of a communication session.

You can configure an IPsec tunnel to ensure that to ensure that the data flow between the

networks is encrypted. However, you can configure a split-tunnel to encrypt only the corporate

traffic.

When IPsec is configured, ensure that you add the W-IAP MAC addresses to the whitelist

database stored on the controller or an external server. IPsec supports Local, L2, and L3 modes

of IAP-VPN operations.

NOTE: The W-IAPs support IPsec only with Dell Controllers.

Layer-2 (L2)

GRE

Generic Routing Encapsulation (GRE) is a tunnel protocol for encapsulating multicast, broadcast,

and L2 packets between a GRE-capable device and an end-point. W-IAPs support the

configuration of L2 GRE (Ethernet over GRE)tunnel with a Dell Controller to encapsulate the

packets sent and received by the W-IAP.

You can use the GRE configuration for L2 deployments when there is no encryption requirement

between the W-IAP and controller for client traffic.

W-IAPs support two types of GRE configuration:

l Manual GRE—The manual GRE configuration sends unencrypted client traffic with an

additional GRE headerand does not support failover. When manual GRE is configured on the

W-IAP, ensure that the GRE tunnel settings are enabled on the controller.

l Dell GRE—With Dell GRE, no configuration on the controller is required except for adding the

W-IAP MAC addresses to the whitelist database stored on the controller or an external server.

Dell GRE reduces manual configuration when Per-AP tunnel configuration is required and

supports failover between two GRE end-points.

NOTE: W-IAPs support manual and Dell GRE configuration only for L2 mode of operations. Dell

GREconfiguration is supported only on Dell Controllerss.

L2TP The Layer 2 Tunneling Protocol version 3 (L2TPv3) feature allows W-IAP to act as L2TP Access

Concentrator (LAC) and tunnel all wireless clients L2 traffic from AP to L2TP Network Server

(LNS). In a centralized L2 model, the VLAN on the corporate side are extended to remote branch

sites. Wireless clients associated with W-IAP gets the IP address from the DHCP server running

on LNS. For this, AP has to transparently allow DHCP transactions through the L2TPv3 tunnel.

Table 44: VPN Protocols

Configuring a Tunnel from a W-IAP to Dell Networking W-Series

Mobility Controller

W-IAP supports the configuration of tunneling protocols such as Generic Routing Encapsulation (GRE), IPsec,

and L2TPv3. This section describes the procedure for configuring VPN host settings on a W-IAP to enable

communication with a controller in a remote location:

l Configuring an IPSec Tunnel on page 227

l Configuring an L2-GRETunnel on page 228

l Configuring an L2TPv3 Tunnel on page 231