Wireless Access

Reply
Occasional Contributor II

Campus AP through a Remote AP

Hi,

I am testing the design of new remote site topologies for my organisation;

 

We are using a Remote AP to tunnel back to us over the internet, which carries vlan 290 on the wired port profile (vlan 290 terminates on our core). Connected to the RAP's wired port is a managed switch with an IP in the vlan 290 address range.

 

This connectivity is fine.

 

If I connect a Campus AP to vlan 290 (via the switch or directly to the RAP), then it gets an IP from DHCP, finds the controller successfully with ADP and I can ping the controller address all without issue - yet it fails to bring the CAP online.

 

If I connect a Campus AP to a different vlan on the switch (local vlan as it is a L3 switch, with a default route pointing to the vlan 290 gateway address on our core), then the CAP works exactly as expected.

 

Can anyone explain this difference in behaviour?

It appears to be a consistant behaviour with the controller not liking a CAP that is using tunnelled addressing.

Re: Campus AP through a Remote AP

Having a CAP behind a RAP is not a supported configuration. That seems to be related that the CAP tunnel is within the RAP tunnel, so you have tunnel-in-tunnel. I believe to have heard that it might work if the RAP and CAP terminate on different controllers, but that needs to be tested before deployed.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Campus AP through a Remote AP

Thanks, Herman.

 

I had been looking around for any documentation on this, and couldn't find anything to say if it was supported or not. Are you able to provide a link to some documentation, as it would be handy to have if questioned.

Re: Campus AP through a Remote AP

I'm not sure where to find a statement that AP behind RAP is not supported. Probably the Aruba TAC can help you with such a statement.

 

For me, it came up during training where I'm not sure if that was because of a question, or being part of the training content.

 

Also, here a similar question and answer, which adds another reason that it doesn't work which is that the Campus AP should have 1500 byte MTU to the controller to come up. In a RAP (IPSec) tunnel, you lose some bytes for the encapsulation.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: