04-28-2014 07:48 AM
I have a master local configuration set up and want to terminate RAPs on one of the locals. All controllers are running 6.3OS.
The user guide states 'the IPSec VPN tunnel can be terminated on a local , with a master
controller located elsewhere in the corporate network. The remote AP must be able to communicate with
the master controller after the IPSec tunnel is established. Make sure that the L2TP IP pool configured on the local
controller (from which the remote AP obtains its address) is reachable in the controller network by the master
Does this mean that I need to configure the L2TP IP pool in a range that is accessible via an interface on the master?
Also, how does this work when provisioning RAP's such as 108 or 109 where I need to enter the master controller address to convert it. I want it to terminate on the local so how would I do that? - via the AP system profile?
Solved! Go to Solution.
04-28-2014 09:07 AM - edited 04-28-2014 09:14 AM
1. In that scenario it is recommended that the master can communciate with the RAPs (for ARM and RF data) . To do so, the master needs to be able to route to the L2TP pool. The easiest approach is to make this a routable network (with the last hop being the local controller). If you cannot, and the master is on one of the same networks as the local, you can add a static route for the L2TP pool to the local.
2. If you are converting an IAP to controller-based RAP, you can point the IAP at any available controller (so long as it is whitelisted), it does not have to the master, it can be your local that is already accessible. It would then function like any other RAP, connect to the provisioned IP that you entered into the conversion field, and pull its LMS to terminate on from the AP System Profile.
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX