Controller-less WLANs

Restricted corporate access feature on IAP 4.0

by on ‎06-27-2014 02:13 PM

Advantages and Features of Restricted Corporate access 4.0
-----------------------------------------------------------------------------------

1. IAP currently supports corporate access from upstream devices using the master AP as the VPN gateway.
2. In single AP VPN deployments using a shared unmanaged switch, this can be exploited by rogue clients/IAPs to gain corporate access.
3. This feature provides a way to restrict corporate access (through VPN tunnel ) to clients/Slave APs on upstream.
4. The feature works by changing the permit/src-nat rule on uplink ACL (ACL 106) to deny traffic to corporate subnet.
 
rtaImage.png
 
 
 
 
rtaImage (1).png
 
 
 
 
WEBUI Configuration:-
 
rtaImage.jpg
 
 
CLI configuration:-
------------------------

Configuration CLI -->restrict-corp-access
Show CLI > “show summary” includes information about configured restricted management subnets

6c:f3:7f:c3:67:4a (config) # restrict-corp-access
6c:f3:7f:c3:67:4a (config) # end
6c:f3:7f:c3:67:4a# commit apply
committing configuration...
configuration committed.
6c:f3:7f:c3:67:4a#
 
6c:f3:7f:c3:67:4a# show summary | include "Restrict Corporate Access"
Restrict Corporate Access:enable
6c:f3:7f:c3:67:4a#

Debug & Troubleshooting Example:-
--------------------------------------------------
Find below screen shot to debug.

ACL hits on ACL 106 can be used to check functionality.
 
 
 
 
 
 
Packet Dump to collect more information
 
Comments
johnny.rollett@netconsultonline.com

I would really like to understand this feature, but I find this explanation very confusing. Could you elaborate more on the principle please.

I'm not following the explenation either. If this is an Instant AP, how does the GRE tunnel & controller come into play? What am I missing here?

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.