Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP VPN license usage

This thread has been viewed 1 times

  • 1.  IAP VPN license usage

    Posted Jul 10, 2013 11:00 AM

    Hi,

     

    We are developing an IAP wlan solution with vpn ipsec tunnel to a controller.

     

    When an IAP connects to a controller using ipsec vpn, it doesn't spend ap license. However it's spending two user license. Is it a correct behaviour?

     

    Thanks.

    Jose


    (LAB-aruba620) #show iap table

    Branch Key Index Status Inner IP MAC Address Subnet
    ---------- ----- ------ -------- ----------- ------
    08120b490140cce5b29adc23a5b8e931f4719caa2073fa8f2d 0 UP 172.29.254.1 00:0b:86:82:eb:66

    (LAB-aruba620) #show user

    Users
    -----
    IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type
    ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----
    172.29.254.1 00:00:00:00:00:00 00:0b:86:82:eb:66 default-vpn-role 00:05:07 VPN 172.18.6.100 N/A tunnel
    172.18.6.100 00:00:00:00:00:00 logon 00:05:07 VPN N/A tunnel

    User Entries: 2/2

    (LAB-aruba620) #

    (LAB-aruba620) #show license-usage ap

    AP Licenses
    -----------
    Type Number
    ---- ------
    AP Licenses 8
    PEF Licenses 8
    Overall AP License Limit 8

    AP Usage
    --------
    Type Count
    ---- -----
    CAPs 0
    RAPs 0
    Remote-node APs 0
    Tunneled nodes 0
    Total APs 0

    Remaining AP Capacity
    ---------------------
    Type Number
    ---- ------
    CAPs 8
    RAPs 8

     

    (LAB-aruba620) #show license-usage user

    User License Usage
    ------------------
    Name Value
    ---- -----
    License Limit 256
    License Usage 2
    License Available 254
    License Exceeded 0



  • 2.  RE: IAP VPN license usage

    Posted Jul 10, 2013 12:11 PM

     

    That's the correct behaviour its just seeing the IAP as a VPN endpoint (user) , you can't really push any configuration down to the IAP (AP-Groups,SSID's, etc..) so that's why its not using an AP licenses.



  • 3.  RE: IAP VPN license usage

    Posted Jul 10, 2013 01:30 PM
    ..but why does the IAP spend two user license?

    Victor, thanks for your answer.



  • 4.  RE: IAP VPN license usage

    Posted Jul 10, 2013 02:49 PM

     

    These IPs : one belongs to the Controller and one to the IAP ?

    172.29.254.1 
    172.18.6.100



  • 5.  RE: IAP VPN license usage

    Posted Jul 10, 2013 03:31 PM
    Both IPs belong to the IAP
    172.29.254.1 is assigned to the IAP from a iap pool in the controller (as the RAPs)
    172.18.6.100 is the IAP remote IP


  • 6.  RE: IAP VPN license usage

    Posted Jul 13, 2013 11:19 AM
    That makes sense :

    user 1 is the actual IAP using one of the IP addresses of vpn pool (endpoint)
    user 2 - x is any devices using any of the local IPs to the IAP