Wireless Access

Reply
Contributor I

IAP VPN license usage

Hi,

 

We are developing an IAP wlan solution with vpn ipsec tunnel to a controller.

 

When an IAP connects to a controller using ipsec vpn, it doesn't spend ap license. However it's spending two user license. Is it a correct behaviour?

 

Thanks.

Jose


(LAB-aruba620) #show iap table

Branch Key Index Status Inner IP MAC Address Subnet
---------- ----- ------ -------- ----------- ------
08120b490140cce5b29adc23a5b8e931f4719caa2073fa8f2d 0 UP 172.29.254.1 00:0b:86:82:eb:66

(LAB-aruba620) #show user

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----
172.29.254.1 00:00:00:00:00:00 00:0b:86:82:eb:66 default-vpn-role 00:05:07 VPN 172.18.6.100 N/A tunnel
172.18.6.100 00:00:00:00:00:00 logon 00:05:07 VPN N/A tunnel

User Entries: 2/2

(LAB-aruba620) #

(LAB-aruba620) #show license-usage ap

AP Licenses
-----------
Type Number
---- ------
AP Licenses 8
PEF Licenses 8
Overall AP License Limit 8

AP Usage
--------
Type Count
---- -----
CAPs 0
RAPs 0
Remote-node APs 0
Tunneled nodes 0
Total APs 0

Remaining AP Capacity
---------------------
Type Number
---- ------
CAPs 8
RAPs 8

 

(LAB-aruba620) #show license-usage user

User License Usage
------------------
Name Value
---- -----
License Limit 256
License Usage 2
License Available 254
License Exceeded 0

Re: IAP VPN license usage

 

That's the correct behaviour its just seeing the IAP as a VPN endpoint (user) , you can't really push any configuration down to the IAP (AP-Groups,SSID's, etc..) so that's why its not using an AP licenses.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: IAP VPN license usage

..but why does the IAP spend two user license?

Victor, thanks for your answer.

Re: IAP VPN license usage

 

These IPs : one belongs to the Controller and one to the IAP ?

172.29.254.1 
172.18.6.100

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: IAP VPN license usage

Both IPs belong to the IAP
172.29.254.1 is assigned to the IAP from a iap pool in the controller (as the RAPs)
172.18.6.100 is the IAP remote IP

Re: IAP VPN license usage

That makes sense :

user 1 is the actual IAP using one of the IP addresses of vpn pool (endpoint)
user 2 - x is any devices using any of the local IPs to the IAP
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: