Controller Based WLANs

How can we assign the inner IP address to a Remote AP (RAP) statically?

by on ‎07-09-2014 09:44 AM

This article explains the method to statically assign the inner IP address to a RAP.

 

Usually, a RAP is assigned an inner IP address through the L2TP pool configured under VPN services on the controller. However, there may be a requirement to assign static inner IP addresses to the RAPs for better tracking and ease of use.

In general, during IKE negotiation, the ISAKMPd process queries AUTH module on the controller for the name of the AP-Group to which the RAP will belong to.  In addition to the AP-Group name, AUTH will also respond with the value of the IP-Address column if it is configured. For legacy RAPs, IKE queries local-userdb via AUTH and for RAPs with certificates, IKEd will query the whitelist via AUTH module.

If ISAKMPd receives an IP address value in the response from AUTH, it will use this value as the inner-IP-Address of the IPSEC tunnel.  Otherwise, it will allocate a dynamic IP-address from the local IP-pool.

 

Environment : This article applies to all controller models and APs and versions 5.0 or higher.

 

 

For legacy RAPs:

Through GUI:

  1. Navigate to Configuration> Authentication> Internal Database
  2. Click “Add user
  3. Add the RAP mac address and the inner IP address
  4. Click “Apply

rtaImage.png

 

 

Through CLI:

 

rtaImage (1).png

 

 

For RAP with certificate:

Through GUI:

  1. Navigate to Configuration> AP Installation> RAP Whitelist
  2. Add the RAP mac address and the inner IP address

 

rtaImage (2).png

 

 

Through CLI:

 

rtaImage (3).png

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.