Reply
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Remote AP

Hello,

has somebody some configuration example for RemoteAP 61 with Split Tunneling?
The Ap is connected via a routed Network to the controller

I Use Release 3.4.1.x

Thank you and best Regards.
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Remote AP

This should do it. It assumes you already have the RAP connected correctly and you have a netdestination called "corp" with the networks you want tunnelled.

ip access-list session remote-split
any any svc-dhcp permit
any alias corp any permit
user any any route src-nat
!
!
user-role remote-ap-split-tunnel
session-acl remote-split
!
!
aaa server-group "PSK"
auth-server Internal
!
aaa profile "Remote-PSK"
authentication-dot1x "default-psk"
initial-role "remote-ap-split-tunnel"
!
wlan virtual-ap "PSK"
aaa-profile "Remote-PSK"

!
wlan ssid-profile "PSK"
essid "psk"
opmode wpa-psk-tkip
wpa-passphrase arubarocks
!
!
wlan virtual-ap "PSK"
vlan 2
ssid-profile "PSK"
forward-mode split-tunnel
aaa-profile "Remote-PSK"

!
!
ap system-profile "remote-split"
session-acl "remote-split"
!
!
ap-group "remote-ap-split-tunnel"
virtual-ap "PSK"
ap-system-profile "remote-split"
!
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Remote AP

Hello,

I had configured it the same Way. My Problem is the local breack out. Traffic trough the Tunnel is working fine, but it is not possible to reach local Devices.

Best Regards
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Remote AP

Hello, today i have tested your pasted Config. But with the Same effect. Tunneled Traffic is working fine but local Traffic does not work. I use Release 3.4.2.1

Thank you and best Regards
Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: Remote AP

You might take a look at the VRD for remote networking, it sounds like your user role might not be set up correctly, if you can post your user role that would help. You can download the VRD from at http://www.arubanetworks.com/pdf/technology/VBN_VRD.pdf.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Remote AP

Hello,
following Configuration i use at the Moment. The IP Address 192.168.20.1 is on the same Subnet like the WLAN User. This IP Adress is configured on Controller and it is reachable. 192.168.20.x Adresses that are lokated on the User Side are not reachable. The AccessPoint are configured with an 10.138.136.0 Subnet and connects the Controler on a 10.255.8.0 Subnet via a Layer3 Infrastruktur.

Best Regards

netdestination corp
network 10.255.8.0 255.255.255.0
host 192.168.20.1

ip access-list session remote-split
any any svc-dhcp permit
any alias corp any permit
user any any route src-nat



user-role remote-ap-split-tunnel
session-acl remote-split
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Remote AP

For information: I test it with AP 60 and AP70.
Guru Elite
Posts: 20,782
Registered: ‎03-29-2007

Post your Role

Mtraettner,

You need to show us the role that the user gets when he successfully authenticates to the SSID. For example if the user gets the employee-split role, please post the sanitized output of "show rights employee-split" and we will see what is going on.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Remote AP

Hello,

i can see the Clients only in Tunnel Mode. Note the Ap is connected over a Layer3 Network. The Vlan of the Wlan User and the Ap is not the same. I had tried it with a Trunk configuration and without on the Wired AP Profile.

Best Regards
Guru Elite
Posts: 20,782
Registered: ‎03-29-2007

Got It.

Okay, since you don't have the "RN" code, you cannot see those users in the user table

First, you need to find out what role that user gets when he is authenticated. Do a "show log user " to see that. Then do a "show rights " to see what ACLs are being applied to that user.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: