Wireless Access

Reply
MVP
Posts: 113
Registered: ‎01-27-2016

RAP - Backup SSID - DHCP Server

I understand that I can configure a RAP to offer DHCP. I am pretty sure this is only possible if the RAP is connected to a Trunked connection. 
 
Reading the RAP VRD page 162 suggests an unlikely scenario in a hotel. The configuration shows using VLAN 188 for the Bridge VLAN. How would we know the Hotel had a trunk and that VLAN 188 was tagged? You wouldnt :-)
 
I would love to be able to use a RAP with backup SSID and DHCP on a non-trunked network. 
 
Am I missing something?

Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: RAP - Backup SSID - DHCP Server

The AP can have its own internal vlan and DHCP server. The last rule in the user role ACL can be to source Nat the traffic out of the IP address of the RAP. In that case, VLANs on trunks would not matter.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 113
Registered: ‎01-27-2016

Re: RAP - Backup SSID - DHCP Server

I know you can assign the VLAN and DHCP options in the AP system profile. The VLAN however must match the VAP vlan. These VLANs cannot be the same as the native vlan in the AP system profile. Once those requirements are met, then it actives it's DHCP server. With those requirements, doesn't​ it need to be connected to a trunk port? Either the native or the VAP vlan must be tagged.
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: RAP - Backup SSID - DHCP Server

Tell me what you want to accomplish. It is always easier when you tell me what you want to do and then I can tell you if it is possible and how. It is difficult to speak theoretically.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 113
Registered: ‎01-27-2016

Re: RAP - Backup SSID - DHCP Server

I am just studying. No particular use case. Here is what is written in the VRD..

 

"The backup mode is very useful for telecommuter solutions, especially when the RAP is connected to
a network that has a captive portal. When a travelling employee connects the RAP to the wired port of
a hotel network that uses captive portal, the RAP will not be able to connect to the controller. So, the
RAP broadcasts the backup SSID. The user can now connect to the backup SSID and when he opens
a web browser, the captive portal page is displayed. From perspective of the hotel’s captive portal, the
traffic originates from the MAC address and IP address of the RAP because the RAP is configured to
Scr-NAT the user traffic. After the user authenticates to the captive portal, the RAP can establish a
connection the controller. After the connectivity to the controller is established, the RAP disables the
backup SSID, broadcasts the standard SSIDs, and enables the configured wired ports"

 

In addition it says to use the RAP built in DHCP server...

 

"The user role assigned to the authenticated clients of the backup SSID should
source-NAT all user traffic, except DHCP. For example, create a backup-user
role with a policy that uses any any svc-dhcp permit followed by any any any
route src-nat rule. Also, use the internal DCP server of the RAP to provide
DHCP services for users on backup SSID."

 

 

Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Re: RAP - Backup SSID - DHCP Server

Correct.  The Source-NAT rule makes it so that it does not matter what VLANs are trunked to the AP.  User traffic will be source natted out of the RAP's ip address.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 113
Registered: ‎01-27-2016

Re: RAP - Backup SSID - DHCP Server

I thought I had tried without a trunk in the past and it didnt work. I must have had something else wrong. I will give it another shot. 

 

Thanks Colin

Search Airheads
Showing results for 
Search instead for 
Did you mean: