Controller-less WLANs

What are the roles that IAP gets when configured as IAP-VPN?

by on ‎07-14-2014 08:43 AM

This article describes the roles that an IAP gets when configured as VPN to a controller.

 

IAP VPN feature is available from IAP code 6.2.0.0-3.2 or higher and controller code 6.2 and higher.

 

 

Role #1: Logon Role – outer IP

Role #2: Default-vpn-role (allow all acl) – inner IP

For example:

(Aruba3600) #show user-table verbose 
Users
-----
    IP               MAC            Name              Role              Age(d:h:m Auth  VPN link        AP name  Roaming Essid/Bssid/Phy  Profile      Forward mode  Type  Host Name  Server    Vlan   Bwm UaStr:ParseDisable/Flag/ShortIndex
----------      ------------       ------             ----              ----------  ----  --------        -------  -------  ---------------  -------      ------------  ----  ---------  ------    ----   ---  ----------------------------------
1.1.1.1         00:00:00:00:00:00  d8:c7:c8:c0:8c:08  default-vpn-role  02:06:06    VPN   10.163.132.253  N/A                                default-iap  tunnel                         Internal  0 (0)       OFF/0/0

10.163.132.253  00:00:00:00:00:00                     logon             02:06:06    VPN                   N/A                                             tunnel                                   0 (0)       OFF/0/0

 

To verify the user-roles for IAP on the controller, run the following command:

(Aruba3600) #show user-table verbose 
Users
-----
    IP               MAC            Name              Role              Age(d:h:m Auth  VPN link        AP name  Roaming Essid/Bssid/Phy  Profile      Forward mode  Type  Host Name  Server    Vlan   Bwm UaStr:ParseDisable/Flag/ShortIndex
----------      ------------       ------             ----              ----------  ----  --------        -------  -------  ---------------  -------      ------------  ----  ---------  ------    ----   ---  ----------------------------------
1.1.1.1         00:00:00:00:00:00  d8:c7:c8:c0:8c:08  default-vpn-role  02:06:06    VPN   10.163.132.253  N/A                                default-iap  tunnel                         Internal  0 (0)       OFF/0/0

10.163.132.253  00:00:00:00:00:00                     logon             02:06:06    VPN                   N/A                                             tunnel                                   0 (0)       OFF/0/0

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.