Access Points

Reply
Highlighted
New Contributor
Posts: 1
Registered: ‎04-02-2007

Wireless AP (AP61) connected at remote site across VPN Site to Site tunnel

I have a Aruba 800 controller and AP 61 devices.
I have a remote office with an AP61. I programmed it like the
other and it showed up ok. I shipped it to the remote office.
It got a DHCP address but will not connect back to the master.
The VPN is an IPSEC tunnel. Does anyone have an idea as to what
might be wrong.
The controllers log show nothing because the AP is not connecting or
getting lost.
Occasional Contributor I
Posts: 6
Registered: ‎10-29-2007

Re: Wireless AP (AP61) connected at remote site across VPN Site to Site tunnel


I have a Aruba 800 controller and AP 61 devices.
I have a remote office with an AP61. I programmed it like the
other and it showed up ok. I shipped it to the remote office.
It got a DHCP address but will not connect back to the master.
The VPN is an IPSEC tunnel. Does anyone have an idea as to what
might be wrong.
The controllers log show nothing because the AP is not connecting or
getting lost.




I would make sure to check and insure that the AP is not coming up with default settings. Meaning that when it boots it first does ADP (Aruba Discovery Protocol), (which is ok), when that doesn’t work it falls back to queering aruba-master. The default aruba-master should be changed to the IP of the controller.

Of course if you have a DNS entry for aruba-master then you are good but if you don’t, that’s the reason it’s not talking back to the controller. If you find that the AP is searching for the default DNS name then simply bring up the AP on your home network and configure the “Master Discovery” option under “configuration > wireless > AP installation > Provision.

Let me know if I’m in the ballpark on this one.

Good Luck.
Moderator
Posts: 243
Registered: ‎09-12-2007

Re: Wireless AP (AP61) connected at remote site across VPN Site to Site tunnel

That would be my guess as well. There are 3 ways an AP can find its controller:
1. ADP (broadcast and IP multicast - which probably aren't forwarded from the remote site)
2. DHCP (does the DHCP scope at the remote site include the correct options?)
3. DNS (does the remote site have a sub-domain in DNS? The AP will append the learned domain name from DHCP to "aruba-master" and query for it - so at your corp site you might have aruba-master.corp.com in DNS, but do you also have aruba-master.city1.corp.com?)

As far as I know there shouldn't be anything related to the site-to-site VPN that would block the AP from coming up, as long as it will forward GRE packets.

-Jon
---
Jon Green, ACMX, CISSP
Security Guy
Search Airheads
Showing results for 
Search instead for 
Did you mean: