This article describes the roles that an IAP gets when configured as VPN to a controller.
IAP VPN feature is available from IAP code 6.2.0.0-3.2 or higher and controller code 6.2 and higher.
Role #1: Logon Role – outer IPRole #2: Default-vpn-role (allow all acl) – inner IPFor example:(Aruba3600) #show user-table verbose Users----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name Server Vlan Bwm UaStr:ParseDisable/Flag/ShortIndex---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ------ ---- --- ----------------------------------1.1.1.1 00:00:00:00:00:00 d8:c7:c8:c0:8c:08 default-vpn-role 02:06:06 VPN 10.163.132.253 N/A default-iap tunnel Internal 0 (0) OFF/0/010.163.132.253 00:00:00:00:00:00 logon 02:06:06 VPN N/A tunnel 0 (0) OFF/0/0
To verify the user-roles for IAP on the controller, run the following command:(Aruba3600) #show user-table verbose Users----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name Server Vlan Bwm UaStr:ParseDisable/Flag/ShortIndex---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ------ ---- --- ----------------------------------1.1.1.1 00:00:00:00:00:00 d8:c7:c8:c0:8c:08 default-vpn-role 02:06:06 VPN 10.163.132.253 N/A default-iap tunnel Internal 0 (0) OFF/0/010.163.132.253 00:00:00:00:00:00 logon 02:06:06 VPN N/A tunnel 0 (0) OFF/0/0
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.