Controllerless Networks

Reply
Occasional Contributor II
Posts: 16
Registered: ‎03-25-2013

problem with VPN only initiating from VC in IAP cluster%0D%0A

Hi all,

 

I have successfully setup a VPN from my VC within an IAP cluster to my 7240 controller(s) - VRRP - enabled...

 

The problem I have is that should I move away from the VC the VPN tunnel drops, even though the SSID is advertised... The minute I go back to the VC I get connectivity again... I have tried disconnecting the VC from the cluster so that another IAP takes over this role but all that happens is that I can only connect via VPN from the new VC.

 

Does anyone have any idea on how to resolve this? I want to be able to connect through the VPN from any one of the IAPs within the cluster, not just the VC.

 

ta,

 

Ed

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

How  have you configured the client VLAN that you are trying to test from?   Is it local, Centralized L2, Distributed L2, or Distributed L3?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 16
Registered: ‎03-25-2013

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

Hi there,

 

Here is the setup;

 

ip dhcp Central-VLAN93
 server-type Centralized,L2
 server-vlan 93

thanks,

 

Ed

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

When you associate to a non-VC IAP in the cluster, does the client get an IP?   If so, it should come from the remote datacenter in that setup, is that what shows as the DHCP server on the client?     When you say you can't reach the datacenter, can you reach the gateway on your client's L2 network; or is it specific to other other networks?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 16
Registered: ‎03-25-2013

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

If I try to associate against an IAP that is not the VC I don't get an IP address. All I get is a 'limited connection'.

 

If I ping the default gateway of the datacentre network I get a reply when associated with the VC but as soon as i associate with another IAP I lose that connection.

MVP
Posts: 288
Registered: ‎08-27-2012

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

Are the VLANS that the wireless network is supposed to be operating on tagged (trunked) on the switchports that the non VC access points are plugged into?

ACDX #419 | ACMP |
Occasional Contributor II
Posts: 16
Registered: ‎03-25-2013

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

No all of the VC's are untagged on VLAN1.

 

Setup as below;

 

cluster;

IAP >>

IAP (VC) >>     Switch     >>   Firewall  >>>>>>>>>>>>>>>>>> Firewall  >>  Controller Pair (7240 VRRP) >> Corporate LAN (VLAN93)

IAP >>              (untagged)                     (VPN Tunnel - VLAN93)

 

I can upload a better n/w diagram if required but this is a simplistic overview.

 

Ed

Contributor I
Posts: 31
Registered: ‎12-12-2012

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

You need to trunk VLAN 93 between all the IAPs in the cluster. Make sure you configure your wired profile for this tagged VLAN too. Regards Chris
Occasional Contributor II
Posts: 16
Registered: ‎03-25-2013

Re: problem with VPN only initiating from VC in IAP cluster%0D%0A

Cheers Chris,

 

I have tagged/trunked VLAN93 to all the IAPs in the cluster and across switch uplink ports. This has now allowed me roam across the cluster using the VPN...

 

Many thanks for your response.

 

Regards,

 

Ed

Search Airheads
Showing results for 
Search instead for 
Did you mean: