Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 207 Access Points

241

242

243

244

245

246

247

248

249

250

5. Enabling Dynamic RADIUS Proxy

6. Configuring Enterprise Domains

Defining the VPN host settings

The VPN endpoint on which a master W-IAP terminates its VPN tunnel is considered as the host. A master AP in

a W-IAP network can be configured with a primary and backup host to provide VPN redundancy. You can

define VPN host settings through More>VPN>Controller in the UI.

You can configure the following VPNprofiles for the IAP-VPNoperations. For more information, see

Configuring a Tunnel from a W-IAP to Dell Networking W-Series Mobility Controller on page 226.

l IPSec

l Aruba GRE

l Manual GRE

Configuring Routing Profiles

The routing profile on the W-IAP determines whether the traffic destined to a subnet must be tunneled

through IPSec or bridged locally. If the routing profile is empty, the client traffic will always be bridged locally.

For example, if the routing profile is configured to tunnel 10.0.0.0 /8, traffic destined to 10.0.0.0 /8 will be

forwarded through the IPsec tunnel and the traffic to all other destinations is bridged locally.

You can also configure a routing profile with 0.0.0.0 as gateway to allow both client and IAP traffic to be routed

through a non-tunnel route. If the gateway is in the same subnet as uplink IP address, it is used as a static

gateway entry. A static route can be added on all master and slave W-IAPs for these destinations. The VPN

traffic from the local subnet of W-IAP or the virtual controller IP address in the local subnet is not routed to

tunnel, but will be switched to the relevant VLAN. For example, when a 0.0.0.0/0.0.0.0 routing profile is

defined, to bypass certain IPs, you can add a route to the IP by defining 0.0.0.0 as the destination, thereby

forcing the traffic to be routed through the default gateway of the W-IAP.

You can configure routing profiles through More>VPN>Controller UI. For step-by-step procedural

information on configuring routing profile, see Configuring Routing Profiles on page 237.

The W-IAP network has only one active tunnel even when fast failover enabled. At any given time, traffic can

be tunneled only to one VPN host.

Configuring DHCP Profiles

You can create DHCP profiles to determine the IAP-VPN mode of operation. A W-IAP network can have multiple

DHCP profiles configured for different modes of IAP-VPN. You can configure up to eight DHCP profiles. For

more information on the IAP-VPN modes of operation, see IAP-VPN Forwarding Modes on page 240.

You can create any of the following types of DHCP profiles for the IAP-VPN operations:

l Local

l Local, L2

l Local, L3

l Distributed,L2

l Distributed,L3

l Centralized

For more information on configuring DHCP profiles, see Configuring DHCP Scopes on page 215.

A centralized L2 or distributed L2 VLAN or subnet cannot be used to serve APs in a hierarchical mode of

deployment. Ensure that the physical IP of the APs connecting to the master AP in hierarchical mode of

Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide IAP-VPN Deployment | 243