Wireless Access

Reply
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Binding VPN Pool to a role

I currently have 2 VPN IP Pools setup.  One for RAPs and one for VIA users.  Under the default-via role I have the VIA pool bound to the L2TP pool and on the ap-role I have the RAP pool bound to the L2TP pool.  The problem I am having is RAPs keep randomly pulling their IP address from the VIA pool.  Has anyone seen this behavior before?

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: Binding VPN Pool to a role

Do you have CPsec enabled on your controller? 

 

If you do, the RAPs will be assigned the sys-ap-role

If you do not, the RAPs will be assigned the ap-role

 

If you have it enabled, the VRD says you cannot assign a pool to the sys-ap-role.  In this case, make sure the RAP pool is listed first in your listing of L2TP pools; even if you have to delete them to make it first in the list.   If memory serves me right, the RAPs should pick from the top pool in this case until it is depleted.

 

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Binding VPN Pool to a role

CPsec is disabled.

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: Binding VPN Pool to a role

Each layer3 VPN authentication RAP, VIA all have a config that puts them into a default role.  In that default role, that is where you specify the VPN pool that each VPN type gets its ip address from.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Binding VPN Pool to a role

So if i issue "sh user-table verbose" I can see my RAPS showing in a role of "logon" and a role of "ap-role".  I currently have the VPN pool bound to the "ap-role".  Are you saying I need to bind it on the "logon" role?

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: Binding VPN Pool to a role

Create another role.  Make the permissions allow-all for now..  Make the default role for the default-RAP VPN that configuration.  Put the new pool in that role.  If it works, you should make the acls the same as the ap-role.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Binding VPN Pool to a role

I am confused on where to set the default tome for the RAP??

P.S. it was nice meeting you at the MVP event in Vegas.
Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: Binding VPN Pool to a role

Nice Meeting you too...

 

default.PNG



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: Binding VPN Pool to a role

Thanks, Colin do you know off the top of your head where the default role for a RAP/CAP is set at?
Search Airheads
Showing results for 
Search instead for 
Did you mean: