Access Points

Reply
Occasional Contributor I
Posts: 9
Registered: ‎05-01-2009

RAP -Local APdifferences

Can anyone tell me the differences with respect to user traffic between a remote AP and a local AP. I advertise the same ssid on both. I have users, using the same laptop, that connect fine in house on a local ap, but are problematic at home on their remoteAP's.

Most issues are resolved with driver updates, but one who user an intel 5100 agn still has problems from home (has problems associating). Any suggestions on this issue would be appreciated.

Someone from tech support told me that remote AP users generate additional traffic but could not specify what it was. Cisco wireless phones work great over both type of AP's but wireless client (wpa2,aes, machine and user authentication using an ais server) have trouble. Are there any timing issues that need to be tweaked.

I am puzzled why the client driver works in the office, but needs an update to work remotely.
Occasional Contributor II
Posts: 11
Registered: ‎06-25-2009

Difference between RAP and AP

Hi ya,

Basically the idea of an RAP is to install it somewhere in the Internet, far away from your controller. You can imagine that has other challanges to secure that connection or link.

Actually that is done by an IPSEC tunnel. Before an RAP can transmit any data,
it need's to establish that IPSEC connection by itself. That has nothing to do with the user traffic what the RAP receives on his Antenna.

The RAP stores the IPSEC Key and some more Controller related Informations (like Controller Master IP etc.) in his flash or whatever. (that is done with the 1st time provisioning) When the RAP is powered up, it get's his IP and GW Address from the remote DHCP Server and starts to establish the IPSEC tunnel to the controller. The RAP send his stored IPSEC Key to the controller, the controller now need to check that Key with that information which is configured in the controller.

After the controller successfully authenticate that RAP the IPSEC tunnel get's up.

Then after (as far the aruba tec's told me) the GRE tunnel between RAP and Controller is established. The Rest work's like a normal AP.

The 802.11 Frames which are received on the RAP Antenna will be tunneled
via GRE and IPSEC and terminated on the controller Loopback or VLAN 1 IP Address.

So, the Difference is that an normal AP does not need and IPSEC Tunnel and Authentication befor it establish the GRE Tunnel. It just using the GRE Tunnel to encapsulate the 802.11 Frames.

When the RAP doesn't come up it can be possible that the RAP Authentication Process has an problem.

Hope that helps a bit.
Occasional Contributor I
Posts: 9
Registered: ‎05-01-2009

AP-RAP Differences

Thanks for the reply. The problem isn't with the RAP, it comes up and connects fine. I advertize 3-SSID's over the RAPs. The users have Cisco wireless phones that connect over them without a problem. They connect to the unsecured captive portal SSID without issue. The SSID that they have a problem with is the one that uses WPA2/AES/ machine auth. In the office, the users connect fine, no issue. AT home, they could not connect until I updated their drivers.

It is a weird problem, no one seems to know the reason for it. I have them all working again but was hoping to gain some insight. Thanks again for replying.
Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Key exchange

Kbrady,

If you didn't update your drivers and you were still have that problem, I would guess that the delay in the key exchange between the client and the radius server at the datacenter would be the suspect. Some clients do not like key exchanges with more than 100 millisecond delays. it is possible that the driver update allowed the client to wait a little longer than that, allowing the key setup and exchange to take place.

Colin
the chief guesser


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-01-2009

key exchange

sounds like a good guess. Is that adjustable anywhere. thanks
Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Adjustable...

Is it Adjustable on the client....? Haven't seen a driver that allows you do that. There are parameters in the 802.1x profile that will allow you to change a few things, but if the client requires a minimum delay, it will not help at all. Upgrading the drivers is always the right call in a 8021.x environment.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: