Controllerless Networks

Reply

IAP VPN L2 centralized

I have configure this succesfullly but i got 2 IAPS on the cluster and it just work in one of theml, what would i need to do to make it work on the others aps in the cluster??? it just soo odd

 

Also im using a controller which has PEFV license...

Do i need this to make this work? i dont have a controller that doesnt have that license so i cant really test....

 

The config is like this

Configured aruba ipsec pointing to the virutal ip on the firewall that points to the aruba controller

 

Configure in the routing table on iap the internal networks i want to see trhought he vpn

 

I create ont he DHCP a centrlized DHCP with a vlan of my corporate network  that i want to extend on the remote site and split tunnel on

 

On the controller on the vpn service i just added the pool of ip addresses which vlan to the same vlan of the controller ip address.

 

On the IAP vpn role i assigned to the l2tp pool the pooli created in the step before.

Also i added the mac address on the RAP whitelist and also on the Branch whitelist(on this i did allow ALL)

 

After this the first AP i had worked perfectly

I added another ap to the cluster, and if i connect to the SSID that got the corporate vlan configured it doesnt work... and if i reconnect to the first AP it works.... so it doesnt work in one ap but works in the other...

 

Help!

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: IAP VPN L2 centralized

What's not working ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP VPN L2 centralized

What's not working ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP VPN L2 centralized

Hello Victor

I configured vlan 200 which is a vlan on my corporate network

Im on my home right now, andi get ip address from that vlan witht the DHCP server of the corporate network and everything works fine but just from one IAP of the cluseter

If i connect to another IAP which is on my home which is on the same cluster the ssid doesnt work... is like the VPN just worked in one IAP of the cluster but didnt work on the other IAP of the cluster

I got 2 IAPs at home which form one cluster.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: IAP VPN L2 centralized

Have you Configured vlan 200 on the switch and trunk it to the second IAP ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP VPN L2 centralized

Have you Configured vlan 200 on the switch and trunk it to the second IAP ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP VPN L2 centralized

No...

I need to do taht?

Does all the traffic goes trhough that Master IAP?

It doesnt do  separate tunnel for each IAP or something like that?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: IAP VPN L2 centralized

You have to do that because it's layer 2 centralized

But the vpn is only formed by master AP




Thank you


Sent from Mobile
Please excuse the brevity spelling and punctuation.
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: IAP VPN L2 centralized

Now it works after doing that

Thanks victor

 

2 more questions

1-Do i need any license to build a VPN like this L2 Centrlized VPN on controller?

2-Sometimes i get randomly logon role.... i dont know why(on the client) wheni connect to the SSID intead of getting the default iap role... i dont know why this happens... i beliave that if im connected to another SSID and then i connect to that one it happens but im not sure...

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: IAP VPN L2 centralized

I can tell you that i bealive that its when i connect from the other ssid because i can see on the controller that im with the ip address of my local network of my home(the one that just got access to internet but not to the corporate network)

last time i see the mac addresses twice but with 2 different IPS one of my internal network of my hom and the other with the corporate network with logon roles

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: