Controllerless Networks

Reply
New Contributor

IAP-225RW and Radius - Enterprise Branch Office

Hello all...

 

We are a largish educational organisation in New South Wales, Australia. We are setting up a number of branch training offices around the Sydney area and one of the requirements is WiFi.

 

We presently run eight 7210 controllers at each of our main sites. Users authenticate via a centralised Radius server. The Radius server is not managed by me.

 

The new brach offices presently are using some older AP135, had them spare from recent upgrades elsewhere, and I have them provisioned on one of our 7210 at head office.

 

I am thinking it would be better to remove the AP135's and replace them with IAP's and have the IAP's use the centralise Radius server for authentication. Then the network traffic would terminate on the  local master IAP and not have to be tunneld to head office. So far so good.

 

Now our centralised Radius server won't accept authentication requests from remote devices unless those devices are authorised on the server before hand.

 

So my question is this, what happens when the master IAP fails and the a second IAP, one the same subnet, takes over as master. Does the IP of the failed IAP get used by the new master?

 

I am by no means an expert on Aruba Wireless and for the most part I lear by trial and error. Yep I have setup and IAP with the credentials to talk to the Radius server and got no joy with authentication.

 

Regards and thansk to all

 

Col Thompson

Sydney Australia

Guru Elite

Re: IAP-225RW and Radius - Enterprise Branch Office

Dynamic Radius Proxy will allow you to set an ip address that will remain constant in a cluster regardless of which AP is the master:

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/IAP-Dynamic-radius-proxy-ip-configuration-and-troubleshooting/ta-p/175248



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: IAP-225RW and Radius - Enterprise Branch Office

Many Thanks Colin...

 

I am still having a little difficulty.

 

The fixed IP address for the VC, check, OK understand.

Details for the Authentication Server, OK Check.

 

But the section in red "DRP-IP configurations" (DRP IP:, DRP Mask:, DRP Vlan:, and DRP Gateway:) I am unsure of what these settings refer to.

 

Could you elababrate please?

 

Col

Sydney Australia

Guru Elite

Re: IAP-225RW and Radius - Enterprise Branch Office

Just enable DRP.  It will take the ip address of the Virtual Controller that you set.  Those other options are if you want it to be on a different subnet (nobody does that).



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: