Wireless Access

I currently have 2 VPN IP Pools setup.  One for RAPs and one for VIA users.  Under the default-via role I have the VIA pool bound to the L2TP pool and on the ap-role I have the RAP pool bound to the L2TP pool.  The problem I am having is RAPs keep randomly pulling their IP address from the VIA pool.  Has anyone seen this behavior before?

Do you have CPsec enabled on your controller? 

 

If you do, the RAPs will be assigned the sys-ap-role

If you do not, the RAPs will be assigned the ap-role

 

If you have it enabled, the VRD says you cannot assign a pool to the sys-ap-role.  In this case, make sure the RAP pool is listed first in your listing of L2TP pools; even if you have to delete them to make it first in the list.   If memory serves me right, the RAPs should pick from the top pool in this case until it is depleted.

 

 

 

 

CPsec is disabled.

Each layer3 VPN authentication RAP, VIA all have a config that puts them into a default role.  In that default role, that is where you specify the VPN pool that each VPN type gets its ip address from.

So if i issue "sh user-table verbose" I can see my RAPS showing in a role of "logon" and a role of "ap-role".  I currently have the VPN pool bound to the "ap-role".  Are you saying I need to bind it on the "logon" role?

Create another role.  Make the permissions allow-all for now..  Make the default role for the default-RAP VPN that configuration.  Put the new pool in that role.  If it works, you should make the acls the same as the ap-role.

 

I am confused on where to set the default tome for the RAP??

P.S. it was nice meeting you at the MVP event in Vegas.

Nice Meeting you too...

 

Thanks, Colin do you know off the top of your head where the default role for a RAP/CAP is set at?