05-08-2012 07:11 AM
How should I confiure a campus AP to function as a RAP from a branch office? I have many RAP's configured for traveling and home office employees, which all work fine. I want to deploy some Campus AP's for small office, which only require 1-3 AP's. This doesn't justify the cost of local controllers at each site.
I want to have a connection to the remote LAN and want to enable split-tunneling. I have the split-tunnel policy and role configured, but am not sure if I should set the LMS IP of the controller at HQ, since if it sends out a broadcast, it will not reach the remote subnet. How will it locate the controller?
Should I just connect it locally to the controller, provision it as a RAP and it will retain the IP of the controller?
05-08-2012 09:16 AM
I suggest that if you already have a secure tunnel back to HO from the branch you do not need to deploy these as RAPs.
Assuming you have DHCP where the APs will plug in, and that there is routing back to HO where the controller is you should be able to provision these APs normally and point them at the controllers using the LMS feild.
There are a few ways to get this done:
1. Provision the APs at head office, put them into the right group, assign the controller, and then disconnect them and move them. When they boot at the branch office they should be provisioned with the info to find the controller.
2. Using DNS. Setup your DNS server to reply to aruba-master with the IP of your controller. When you APs come up at the remove location they will check for this DNS entry, and if they find it they will try to phone home.
3. You can set a DHCP option on your DHCP server. I believe option 43 should be set to the IP of you controller, and in this way you AP can find the contoller.
Let us know if these methods work for your issue.
ACDX, ACCP, CISSP, CWNA
08-17-2012 02:17 PM - edited 08-17-2012 02:18 PM
I'm trying to do the same thing. I'm bring up the AP locally and then shipping the provisioned AP out to the site, just so I can record the MAC address and label the AP. If you have control of DHCP or DNS at the Brand office, you should be able to use the standard methods for finding the controller.
Question for you, how are you doing the split tunneling? I'm using the same role that is used for the RAPs which has been working. The SSID works in tunnel mode, but every time I change the SSID to split tunneling mode the SSID disappears and the AP goes into WLAN mode. Not sure, what I'm doing wrong.