Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

problem with VPN only initiating from VC in IAP cluster%0D%0A

This thread has been viewed 0 times

  • 1.  problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 08:42 AM

    Hi all,

     

    I have successfully setup a VPN from my VC within an IAP cluster to my 7240 controller(s) - VRRP - enabled...

     

    The problem I have is that should I move away from the VC the VPN tunnel drops, even though the SSID is advertised... The minute I go back to the VC I get connectivity again... I have tried disconnecting the VC from the cluster so that another IAP takes over this role but all that happens is that I can only connect via VPN from the new VC.

     

    Does anyone have any idea on how to resolve this? I want to be able to connect through the VPN from any one of the IAPs within the cluster, not just the VC.

     

    ta,

     

    Ed


    #7240


  • 2.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 09:27 AM

    How  have you configured the client VLAN that you are trying to test from?   Is it local, Centralized L2, Distributed L2, or Distributed L3?



  • 3.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 09:34 AM

    Hi there,

     

    Here is the setup;

     

    ip dhcp Central-VLAN93
     server-type Centralized,L2
     server-vlan 93

    thanks,

     

    Ed



  • 4.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 01:36 PM

    When you associate to a non-VC IAP in the cluster, does the client get an IP?   If so, it should come from the remote datacenter in that setup, is that what shows as the DHCP server on the client?     When you say you can't reach the datacenter, can you reach the gateway on your client's L2 network; or is it specific to other other networks?



  • 5.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 01:50 PM

    If I try to associate against an IAP that is not the VC I don't get an IP address. All I get is a 'limited connection'.

     

    If I ping the default gateway of the datacentre network I get a reply when associated with the VC but as soon as i associate with another IAP I lose that connection.



  • 6.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 03:28 PM

    Are the VLANS that the wireless network is supposed to be operating on tagged (trunked) on the switchports that the non VC access points are plugged into?



  • 7.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Mar 27, 2014 04:38 PM

    No all of the VC's are untagged on VLAN1.

     

    Setup as below;

     

    cluster;

    IAP >>

    IAP (VC) >>     Switch     >>   Firewall  >>>>>>>>>>>>>>>>>> Firewall  >>  Controller Pair (7240 VRRP) >> Corporate LAN (VLAN93)

    IAP >>              (untagged)                     (VPN Tunnel - VLAN93)

     

    I can upload a better n/w diagram if required but this is a simplistic overview.

     

    Ed


    #7240


  • 8.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A
    Best Answer

    Posted Mar 31, 2014 08:19 PM
    You need to trunk VLAN 93 between all the IAPs in the cluster. Make sure you configure your wired profile for this tagged VLAN too. Regards Chris


  • 9.  RE: problem with VPN only initiating from VC in IAP cluster%0D%0A

    Posted Apr 02, 2014 05:38 AM

    Cheers Chris,

     

    I have tagged/trunked VLAN93 to all the IAPs in the cluster and across switch uplink ports. This has now allowed me roam across the cluster using the VPN...

     

    Many thanks for your response.

     

    Regards,

     

    Ed